Red Hat Bugzilla – Bug 1302261
[RFE][cinder] Encrypted volume improvement
Last modified: 2017-12-04 23:14:49 EST
Description of problem:
Cinder and Nova support encryption of volumes as we're documenting it, but when an image or volume unencrypted is copied to an encrypted one to use boot encryption, the resulting instance is started, but remains at boot screen as it complains about non bootable disk.
Apparently this happens because the copy is made without doing any conversion.
Upstream this is being explained at https://blueprints.launchpad.net/cinder/+spec/improve-encrypted-volume
Note: the Launchpad in the $subject is currently in "Not Started" status,
which means we can't backport it by definition.
*** Bug 1262122 has been marked as a duplicate of this bug. ***
Moving this to OSP-11.
There is basic LUKS Nova based encryption still in place. This is one of several bugs to sort out in the Cinder-Encryption Epic which will get a better tracker bug. After reviewing open issues around this topic, we have a list of items that needed to be sorted.
The specific blueprint for this RFE was to fix several issues with existing support and that blueprint has been a collector for issues. At least 2 of those patch sets are still in review upstream (retyping encrypted volume fix and nfs fixes).
The 2 open RH cases are requesting backports of that fix for OSP6 and OSP7. We will need to follow up on these the full collection of fixes is in place. At this point we need to confirm those requests are still valid.
Right now I would call this Cinder LUKS encryption bug fixes and not an RFE, more follow up needed. I think once the patches in the given blueprint land we should use those to bring this bug to closure. We need to re-check the customer cases and ensure anything else is captured in the OSP-11 Epic.
Hi, could you update the status of the BZ please
Please follow RBD volume encryption on bug 1230405.
I'm going to close this one out based on the original upstream issue being tracked landed in newton.