Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1285089 - [RFE] Boot instance from encrypted volume [iSCSI]
[RFE] Boot instance from encrypted volume [iSCSI]
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-cinder (Show other bugs)
7.0 (Kilo)
Unspecified Unspecified
high Severity high
: Upstream M2
: 12.0 (Pike)
Assigned To: Eric Harney
Avi Avraham
: FutureFeature, Triaged
: 1262121 (view as bug list)
Depends On: 1302261 1406802 1487920
Blocks: 1389435 1389441 1442136 1230402 1262120 1471627
  Show dependency treegraph
 
Reported: 2015-11-24 16:05 EST by Jeremy
Modified: 2018-02-05 14:02 EST (History)
29 users (show)

See Also:
Fixed In Version: openstack-cinder-11.0.0-0.20170611191457.3dacd2a.el7ost
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
: 1471627 (view as bug list)
Environment:
Last Closed: 2017-12-13 15:37:32 EST
Type: Feature Request
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
scohen: needinfo+

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 2137751 None None None 2016-01-27 05:34 EST
OpenStack gerrit 247372 None None None 2016-04-25 08:51 EDT
Red Hat Product Errata RHEA-2017:3462 normal SHIPPED_LIVE Red Hat OpenStack Platform 12.0 Enhancement Advisory 2018-02-15 20:43:25 EST

  None (edit)
Comment 3 Lee Yarwood 2015-12-04 11:14:33 EST 
(In reply to Jeremy from comment #0)
> Description of problem: Can not boot instance from encrypted volume
> 
> Version-Release number of selected component (if applicable):
> 
> instance : uuid=99ea08e5-97b8-4b30-9dd3-abe0f6cbcce4
> volume-80fdf401-f069-4ee5-8686-3f4e00cb375f

Can we confirm how the customer is creating the image, volume and instance here?

I think the issue is that Cinder is copying the image data into the volume unencrypted causing Nova to re-encrypt the volume prior to use. 

This is covered in the following Nova bug and recently associated Cinder spec :

Booting encrypted volume with whole image fails
https://bugs.launchpad.net/nova/+bug/1465656

Convert encrypted data to encrypted volumes with encrypted image
https://blueprints.launchpad.net/cinder/+spec/encrypt-volume-with-image
Comment 4 Lee Yarwood 2015-12-04 11:32:29 EST 
The ability for users to even create encrypted volumes from images is now being blocked by cinder-api with the following changes :

master - Prevent creating encrypted volume with image
https://review.openstack.org/#/c/210219/

stable/kilo - Prevent creating encrypted volume with image
https://review.openstack.org/#/c/217365/
Comment 6 Lee Yarwood 2015-12-22 04:59:12 EST 
I'm closing this out as CANTFIX as the fault here is with Cinder and not Nova. I suggest that we create a Cinder RFE to follow the progress of the encryption improvements in M :

Improvement about encrypted volume
https://blueprints.launchpad.net/cinder/+spec/improve-encrypted-volume
Comment 12 Lee Yarwood 2016-05-09 05:55:10 EDT 
*** Bug 1262121 has been marked as a duplicate of this bug. ***
Comment 21 Sean Cohen 2016-12-05 11:15:05 EST 
*** Bug 1230402 has been marked as a duplicate of this bug. ***
Comment 32 Avi Avraham 2017-11-13 05:16:26 EST 
verified 
Package installed 
openstack-tripleo-heat-templates-7.0.3-0.20171024200825.el7ost.noarch
openstack-cinder-11.0.0-0.20170611191457.3dacd2a.el7ost

successfully create an encrypted volume from image,
boot instance from encrypted volume and ssh login to the instance.
Comment 35 errata-xmlrpc 2017-12-13 15:37:32 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:3462
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.