Bug 1434989

Summary: block encrypted NFS volume creation
Product: Red Hat OpenStack Reporter: Eric Harney <eharney>
Component: openstack-cinderAssignee: Eric Harney <eharney>
Status: CLOSED CURRENTRELEASE QA Contact: Tzach Shefi <tshefi>
Severity: high Docs Contact:
Priority: high    
Version: 10.0 (Newton)CC: abishop, cschwede, jjoyce, pablo.iranzo, srevivo
Target Milestone: z7Keywords: TestOnly, Triaged, ZStream
Target Release: 10.0 (Newton)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-cinder-9.1.4-3.el7ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1454380 (view as bug list) Environment:
Last Closed: 2017-12-08 22:04:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1454380    

Description Eric Harney 2017-03-22 20:40:57 UTC 
Volume encryption does not yet work with the Cinder NFS driver.

However, Cinder will create volumes that appear to be encrypted.

This was fixed in the RBD driver here: https://review.openstack.org/#/c/386185/

We should apply a similar fix for the NFS driver.
Comment 2 Lon Hohberger 2017-11-28 19:19:50 UTC 
According to our records, this should be resolved by openstack-cinder-9.1.4-12.el7ost.  This build is available now.
Comment 3 Tzach Shefi 2017-12-05 11:16:37 UTC 
Verified on : 
openstack-cinder-9.1.4-12.el7ost.noarch

On a Cinder NFS backed system:

[stack@undercloud-0 ~]$ cinder service-list
+------------------+-----------------------+------+---------+-------+----------------------------+-----------------+
| Binary           | Host                  | Zone | Status  | State | Updated_at                 | Disabled Reason |
+------------------+-----------------------+------+---------+-------+----------------------------+-----------------+
| cinder-scheduler | hostgroup             | nova | enabled | up    | 2017-12-05T10:58:34.000000 | -               |
| cinder-volume    | hostgroup@tripleo_nfs | nova | enabled | up    | 2017-12-05T10:58:34.000000 | -               |
+------------------+-----------------------+------+---------+-------+----------------------------+-----------------+


Creating an encrypted nfs backed volume: 
$ cinder create --display-name 'encrNFSvol' --volume-type LUKS 1

Fails as expected:
$ cinder list
+--------------------------------------+--------+------------+------+-------------+----------+-------------+
| ID                                   | Status | Name       | Size | Volume Type | Bootable | Attached to |
+--------------------------------------+--------+------------+------+-------------+----------+-------------+
| 02fb7b52-41b0-4106-a326-bc096e06f9ff | error  | encrNFSvol | 1    | LUKS        | false    |             |
+--------------------------------------+--------+------------+------+-------------+----------+-------------+


Cinder volume log's trace back raises expected error: 


2017-12-05 11:12:16.918 530208 ERROR cinder.volume.manager     raise exception.VolumeDriverException(message=message)
2017-12-05 11:12:16.918 530208 ERROR cinder.volume.manager VolumeDriverException: Volume driver reported an error: Encryption is not yet supported.
2017-12-05 11:12:16.918 530208 ERROR cinder.volume.manager