Bug 1917598

Summary: [RFE] client-side LUKS encryption built into librbd
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Jason Dillaman <jdillama>
Component: RBDAssignee: Ilya Dryomov <idryomov>
Status: CLOSED ERRATA QA Contact: Harish Munjulur <hmunjulu>
Severity: medium Docs Contact: Ranjini M N <rmandyam>
Priority: high    
Version: 5.0CC: ceph-eng-bugs, hmunjulu, idryomov, kdreyer, rmandyam
Target Milestone: ---Keywords: FutureFeature
Target Release: 5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-16.1.0-486.el8cp Doc Type: Enhancement
Doc Text:
.LUKS encryption inside librbd is supported Layering QEMU LUKS encryption or dm-crypt kernel module on top of librbd suffers a major limitation that a copy-on-write clone image must use the same encryption key as its parent image. With this release, support for LUKS encryption has been incorporated within librbd. The new "rbd encryption format" command can now be used to format an image to a `luks1` or `luks2` encrypted format.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-08-30 08:27:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1954403, 1959686    

Description Jason Dillaman 2021-01-18 21:16:47 UTC 
Description of problem:
Support for LUKS encryption incorporated within librbd. Future plans will add support for thin-provisioned encryption across clones.

Version-Release number of selected component (if applicable):
5.0
Comment 1 RHEL Program Management 2021-01-18 21:16:52 UTC 
Please specify the severity of this bug. Severity is defined here:
https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity.
Comment 2 Ken Dreyer (Red Hat) 2021-01-22 17:26:09 UTC 
Jason, is this all complete in pacific upstream now? Any information for QE to verify this feature?
Comment 3 Jason Dillaman 2021-02-09 18:14:23 UTC 
(In reply to Ken Dreyer (Red Hat) from comment #2)
> Jason, is this all complete in pacific upstream now? Any information for QE
> to verify this feature?

It's been merged and documented upstream for a while now.
Comment 4 Ken Dreyer (Red Hat) 2021-03-03 00:20:02 UTC 
Great, I'm setting Fixed In Version to this week's downstream build.
Comment 7 Harish Munjulur 2021-04-30 05:42:43 UTC 
QA verified.
Comment 12 errata-xmlrpc 2021-08-30 08:27:52 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat Ceph Storage 5.0 bug fix and enhancement), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:3294