Bug 1302261 - [RFE][cinder] Encrypted volume improvement
Summary: [RFE][cinder] Encrypted volume improvement
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-cinder
Version: 6.0 (Juno)
Hardware: Unspecified
OS: Unspecified
Target Milestone: Upstream M1
: 11.0 (Ocata)
Assignee: Eric Harney
QA Contact: nlevinki
URL: https://blueprints.launchpad.net/cind...
Whiteboard: upstream_milestone_none upstream_defi...
: 1262122 (view as bug list)
Depends On:
Blocks: 1285089 1336839 1361252
TreeView+ depends on / blocked
Reported: 2016-01-27 10:33 UTC by Pablo Iranzo Gómez
Modified: 2022-03-13 14:12 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Last Closed: 2017-01-03 16:37:38 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Launchpad 1482464 0 None None None 2016-02-02 14:18:17 UTC
Red Hat Issue Tracker OSP-13536 0 None None None 2022-03-13 14:12:42 UTC
Red Hat Knowledge Base (Solution) 2137751 0 None None None 2016-01-27 10:34:43 UTC

Description Pablo Iranzo Gómez 2016-01-27 10:33:31 UTC
Description of problem:

Cinder and Nova support encryption of volumes as we're documenting it, but when an image or volume unencrypted is copied to an encrypted one to use boot encryption, the resulting instance is started, but remains at boot screen as it complains about non bootable disk.

Apparently this happens because the copy is made without doing any conversion.

Upstream this is being explained at https://blueprints.launchpad.net/cinder/+spec/improve-encrypted-volume


Comment 3 Sergey Gotliv 2016-01-29 14:53:37 UTC
Note: the Launchpad in the $subject is currently in "Not Started" status, 
which means we can't backport it by definition.

Comment 7 Neil Levine 2016-03-22 16:21:33 UTC
*** Bug 1262122 has been marked as a duplicate of this bug. ***

Comment 9 Paul Grist 2016-08-26 20:31:45 UTC
Moving this to OSP-11.

There is basic LUKS Nova based encryption still in place.  This is one of several bugs to sort out in the Cinder-Encryption Epic which will get a better tracker bug. After reviewing open issues around this topic, we have a list of items that needed to be sorted.

The specific blueprint for this RFE was to fix several issues with existing support and that blueprint has been a collector for issues. At least 2 of those patch sets are still in review upstream (retyping encrypted volume fix and nfs fixes).  

The 2 open RH cases are requesting backports of that fix for OSP6 and OSP7. We will need to follow up on these the full collection of fixes is in place. At this point we need to confirm those requests are still valid.

Right now I would call this Cinder LUKS encryption bug fixes and not an RFE, more follow up needed. I think once the patches in the given blueprint land we should use those to bring this bug to closure. We need to re-check the customer cases and ensure anything else is captured in the OSP-11 Epic.

Comment 11 Edu Alcaniz 2016-09-16 06:47:53 UTC
Hi, could you update the status of the BZ please

Comment 17 Paul Grist 2017-01-03 16:37:38 UTC
Please follow RBD volume encryption on bug 1230405.

I'm going to close this one out based on the original upstream issue being tracked landed in newton.

Note You need to log in before you can comment on or make changes to this bug.