Bug 1305022 - [RFE][cinder] Support volume encryption on NFS backends
Summary: [RFE][cinder] Support volume encryption on NFS backends
Status: ON_DEV
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-cinder
Version: 17.0 (Wallaby)
Hardware: Unspecified
OS: Unspecified
Target Milestone: Upstream M1
: ---
Assignee: Sofia Enriquez
QA Contact: Tzach Shefi
URL: https://blueprints.launchpad.net/cind...
Depends On: 1406796 1518998 1631239
Blocks: 1273812 1305024 1305044 1433715
TreeView+ depends on / blocked
Reported: 2016-02-05 11:07 UTC by Pablo Iranzo Gómez
Modified: 2021-11-25 12:49 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
: 1305024 (view as bug list)
Last Closed:
Target Upstream Version:
scohen: needinfo+

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Launchpad 1888680 0 None None None 2020-08-11 13:45:07 UTC
OpenStack gerrit 523958 0 'None' MERGED libvirt: QEMU native LUKS decryption for encrypted volumes 2021-02-03 12:01:22 UTC
OpenStack gerrit 597148 0 'None' MERGED NFS encrypted volume support 2021-02-03 12:01:22 UTC
OpenStack gerrit 749155 0 None NEW Implement copy encrypted image in NFS generic driver 2021-02-03 12:01:22 UTC
Red Hat Bugzilla 1434989 0 high CLOSED block encrypted NFS volume creation 2021-02-22 00:41:40 UTC
Red Hat Issue Tracker OSP-2342 0 None None None 2021-11-25 12:49:44 UTC
Red Hat Issue Tracker OSP-2343 0 None None None 2021-11-25 12:49:48 UTC
Red Hat Knowledge Base (Solution) 2137751 0 None None None 2016-02-05 11:42:44 UTC

Internal Links: 1434968 1434989

Description Pablo Iranzo Gómez 2016-02-05 11:07:51 UTC
Description of problem:

We've been testing cinder and nova volume encryption as detailed on the manual at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/6/html-single/Administration_Guide/index.html#volume_advanced_encrypt

But it was not working properly on NFS backend and no information is provided there.

After some investigation it has been found that there's ongoing discussion on this http://osdir.com/ml/openstack-dev/2015-11/msg01907.html.

How reproducible:

Configure OSP cinder/nova encryption  and validate as per http://docs.openstack.org/juno/config-reference/content/section_testing_encryption.html

Actual results:
If backend is NFS, the resulting data is visible, if it's dm volumes, it's encrypted

Expected results:
The data should be encrypted whatever the backend is

Additional info:

Comment 3 Eric Harney 2016-02-05 14:47:30 UTC
This will require some significant work in Nova and Cinder to support, see Dan Berrange's comment on bug 1305024.

Comment 4 Stephen Gordon 2016-06-09 18:48:53 UTC
Bulk update to reflect scope of Red Hat OpenStack Platform 9 and Red Hat OpenStack Platform does not include this issue (No pm_ack+).

Note You need to log in before you can comment on or make changes to this bug.