This bug has been migrated to another issue tracking site. It has been closed here and may no longer be being monitored.

If you would like to get updates for this issue, or to participate in it, you may do so at Red Hat Issue Tracker .
Bug 1305022 - [RFE][cinder] Support volume encryption on NFS backends
Summary: [RFE][cinder] Support volume encryption on NFS backends
Keywords:
Status: CLOSED MIGRATED
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-cinder
Version: 17.0 (Wallaby)
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: Alpha
: ---
Assignee: Cinder Bugs List
QA Contact: Yosi Ben Shimon
URL: https://blueprints.launchpad.net/cind...
Whiteboard:
Depends On: 1406796 1518998 1631239
Blocks: 1273812 1305024 1305044 1433715
TreeView+ depends on / blocked
 
Reported: 2016-02-05 11:07 UTC by Pablo Iranzo Gómez
Modified: 2024-12-06 14:56 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
: 1305024 (view as bug list)
Environment:
Last Closed: 2024-12-06 14:56:50 UTC
Target Upstream Version:
Embargoed:
scohen: needinfo+

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Launchpad 1888680 0 None None None 2020-08-11 13:45:07 UTC
OpenStack gerrit 523958 0 'None' MERGED libvirt: QEMU native LUKS decryption for encrypted volumes 2021-02-03 12:01:22 UTC
OpenStack gerrit 597148 0 'None' MERGED NFS encrypted volume support 2021-02-03 12:01:22 UTC
OpenStack gerrit 749155 0 None NEW Implement copy encrypted image in NFS generic driver 2021-02-03 12:01:22 UTC
Red Hat Bugzilla 1434989 0 high CLOSED block encrypted NFS volume creation 2021-02-22 00:41:40 UTC
Red Hat Issue Tracker OSP-2342 0 None None None 2021-11-25 12:49:44 UTC
Red Hat Issue Tracker   OSPRH-6243 0 None None None 2024-12-06 14:56:49 UTC
Red Hat Knowledge Base (Solution) 2137751 0 None None None 2016-02-05 11:42:44 UTC

Internal Links: 1434968 1434989

Description Pablo Iranzo Gómez 2016-02-05 11:07:51 UTC 
Description of problem:

Hi
We've been testing cinder and nova volume encryption as detailed on the manual at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/6/html-single/Administration_Guide/index.html#volume_advanced_encrypt

But it was not working properly on NFS backend and no information is provided there.

After some investigation it has been found that there's ongoing discussion on this http://osdir.com/ml/openstack-dev/2015-11/msg01907.html.

How reproducible:

Configure OSP cinder/nova encryption  and validate as per http://docs.openstack.org/juno/config-reference/content/section_testing_encryption.html

Actual results:
If backend is NFS, the resulting data is visible, if it's dm volumes, it's encrypted


Expected results:
The data should be encrypted whatever the backend is

Additional info:
Comment 3 Eric Harney 2016-02-05 14:47:30 UTC 
This will require some significant work in Nova and Cinder to support, see Dan Berrange's comment on bug 1305024.
Comment 4 Stephen Gordon 2016-06-09 18:48:53 UTC 
Bulk update to reflect scope of Red Hat OpenStack Platform 9 and Red Hat OpenStack Platform does not include this issue (No pm_ack+).
Comment 16 Gregory Charot 2022-04-21 16:40:28 UTC 
Removing 18 flag - We're still facing some technical issue with NFS encryption, we need to scope the effort to fix them and plan. Considering it as a 18.1 feature.
Note You need to log in before you can comment on or make changes to this bug.