Bug 1302261 - [RFE][cinder] Encrypted volume improvement
[RFE][cinder] Encrypted volume improvement
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-cinder (Show other bugs)
6.0 (Juno)
Unspecified Unspecified
high Severity high
: Upstream M1
: 11.0 (Ocata)
Assigned To: Eric Harney
upstream_milestone_none upstream_defi...
: FutureFeature
: 1262122 (view as bug list)
Depends On:
Blocks: 1336839 1361252 1285089
  Show dependency treegraph
Reported: 2016-01-27 05:33 EST by Pablo Iranzo Gómez
Modified: 2017-12-04 23:14 EST (History)
12 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2017-01-03 11:37:38 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Launchpad 1482464 None None None 2016-02-02 09:18 EST
Red Hat Knowledge Base (Solution) 2137751 None None None 2016-01-27 05:34 EST

  None (edit)
Description Pablo Iranzo Gómez 2016-01-27 05:33:31 EST
Description of problem:

Cinder and Nova support encryption of volumes as we're documenting it, but when an image or volume unencrypted is copied to an encrypted one to use boot encryption, the resulting instance is started, but remains at boot screen as it complains about non bootable disk.

Apparently this happens because the copy is made without doing any conversion.

Upstream this is being explained at https://blueprints.launchpad.net/cinder/+spec/improve-encrypted-volume

Comment 3 Sergey Gotliv 2016-01-29 09:53:37 EST
Note: the Launchpad in the $subject is currently in "Not Started" status, 
which means we can't backport it by definition.
Comment 7 Neil Levine 2016-03-22 12:21:33 EDT
*** Bug 1262122 has been marked as a duplicate of this bug. ***
Comment 9 Paul Grist 2016-08-26 16:31:45 EDT
Moving this to OSP-11.

There is basic LUKS Nova based encryption still in place.  This is one of several bugs to sort out in the Cinder-Encryption Epic which will get a better tracker bug. After reviewing open issues around this topic, we have a list of items that needed to be sorted.

The specific blueprint for this RFE was to fix several issues with existing support and that blueprint has been a collector for issues. At least 2 of those patch sets are still in review upstream (retyping encrypted volume fix and nfs fixes).  

The 2 open RH cases are requesting backports of that fix for OSP6 and OSP7. We will need to follow up on these the full collection of fixes is in place. At this point we need to confirm those requests are still valid.

Right now I would call this Cinder LUKS encryption bug fixes and not an RFE, more follow up needed. I think once the patches in the given blueprint land we should use those to bring this bug to closure. We need to re-check the customer cases and ensure anything else is captured in the OSP-11 Epic.
Comment 11 Edu Alcaniz 2016-09-16 02:47:53 EDT
Hi, could you update the status of the BZ please
Comment 17 Paul Grist 2017-01-03 11:37:38 EST
Please follow RBD volume encryption on bug 1230405.

I'm going to close this one out based on the original upstream issue being tracked landed in newton.

Note You need to log in before you can comment on or make changes to this bug.