1305022 – [RFE][cinder] Support volume encryption on NFS backends

Bug 1305022 - [RFE][cinder] Support volume encryption on NFS backends

Summary: [RFE][cinder] Support volume encryption on NFS backends

Keywords:
Status:	ON_DEV
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-cinder
Sub Component:
Version:	17.0 (Wallaby)
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	Alpha
Target Release:	---
Assignee:	Cinder Bugs List
QA Contact:	Yosi Ben Shimon
Docs Contact:
URL:	https://blueprints.launchpad.net/cind...
Whiteboard:
Depends On:	1406796 1518998 1631239
Blocks:	1273812 1305024 1305044 1433715
TreeView+	depends on / blocked

Reported:	2016-02-05 11:07 UTC by Pablo Iranzo Gómez
Modified:	2023-10-26 20:48 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Clones:	1305024 (view as bug list)
Environment:
Last Closed:
Target Upstream Version:
Embargoed:
Flags:	scohen: needinfo+

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Launchpad	1888680	None	None	None	2020-08-11 13:45:07 UTC
OpenStack gerrit	523958	'None'	MERGED	libvirt: QEMU native LUKS decryption for encrypted volumes	2021-02-03 12:01:22 UTC
OpenStack gerrit	597148	'None'	MERGED	NFS encrypted volume support	2021-02-03 12:01:22 UTC
OpenStack gerrit	749155	None	NEW	Implement copy encrypted image in NFS generic driver	2021-02-03 12:01:22 UTC
Red Hat Bugzilla	1434989	high	CLOSED	block encrypted NFS volume creation	2021-02-22 00:41:40 UTC
Red Hat Issue Tracker	OSP-2342	None	None	None	2021-11-25 12:49:44 UTC
Red Hat Knowledge Base (Solution)	2137751	None	None	None	2016-02-05 11:42:44 UTC

Internal Links: 1434968 1434989

Description Pablo Iranzo Gómez 2016-02-05 11:07:51 UTC

Description of problem:

Hi
We've been testing cinder and nova volume encryption as detailed on the manual at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/6/html-single/Administration_Guide/index.html#volume_advanced_encrypt

But it was not working properly on NFS backend and no information is provided there.

After some investigation it has been found that there's ongoing discussion on this http://osdir.com/ml/openstack-dev/2015-11/msg01907.html.

How reproducible:

Configure OSP cinder/nova encryption  and validate as per http://docs.openstack.org/juno/config-reference/content/section_testing_encryption.html

Actual results:
If backend is NFS, the resulting data is visible, if it's dm volumes, it's encrypted


Expected results:
The data should be encrypted whatever the backend is

Additional info:

Comment 3 Eric Harney 2016-02-05 14:47:30 UTC

This will require some significant work in Nova and Cinder to support, see Dan Berrange's comment on bug 1305024.

Comment 4 Stephen Gordon 2016-06-09 18:48:53 UTC

Bulk update to reflect scope of Red Hat OpenStack Platform 9 and Red Hat OpenStack Platform does not include this issue (No pm_ack+).

Comment 16 Gregory Charot 2022-04-21 16:40:28 UTC

Removing 18 flag - We're still facing some technical issue with NFS encryption, we need to scope the effort to fix them and plan. Considering it as a 18.1 feature.

Note You need to log in before you can comment on or make changes to this bug.