Bug 1305022 - [RFE][cinder] Support volume encryption on NFS backends
Summary: [RFE][cinder] Support volume encryption on NFS backends
Keywords:
Status: ON_DEV
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-cinder
Version: 17.0 (Wallaby)
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: Upstream M1
: ---
Assignee: Sofia Enriquez
QA Contact: Avi Avraham
URL: https://blueprints.launchpad.net/cind...
Whiteboard:
Depends On: 1406796 1518998 1631239
Blocks: 1273812 1305024 1305044 1433715
TreeView+ depends on / blocked
 
Reported: 2016-02-05 11:07 UTC by Pablo Iranzo Gómez
Modified: 2020-09-07 16:06 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
: 1305024 (view as bug list)
Environment:
Last Closed:
Target Upstream Version:
scohen: needinfo+


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Launchpad 1888680 None None None 2020-08-11 13:45:07 UTC
OpenStack gerrit 523958 'None' MERGED libvirt: QEMU native LUKS decryption for encrypted volumes 2020-10-14 15:41:36 UTC
OpenStack gerrit 597148 'None' MERGED NFS encrypted volume support 2020-10-14 15:41:36 UTC
OpenStack gerrit 749155 None NEW Implement copy encrypt image in NFS generic driver 2020-10-14 15:41:25 UTC
Red Hat Bugzilla 1434989 high CLOSED block encrypted NFS volume creation 2020-10-14 00:28:05 UTC
Red Hat Knowledge Base (Solution) 2137751 None None None 2016-02-05 11:42:44 UTC

Internal Links: 1434968 1434989

Description Pablo Iranzo Gómez 2016-02-05 11:07:51 UTC
Description of problem:

Hi
We've been testing cinder and nova volume encryption as detailed on the manual at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/6/html-single/Administration_Guide/index.html#volume_advanced_encrypt

But it was not working properly on NFS backend and no information is provided there.

After some investigation it has been found that there's ongoing discussion on this http://osdir.com/ml/openstack-dev/2015-11/msg01907.html.

How reproducible:

Configure OSP cinder/nova encryption  and validate as per http://docs.openstack.org/juno/config-reference/content/section_testing_encryption.html

Actual results:
If backend is NFS, the resulting data is visible, if it's dm volumes, it's encrypted


Expected results:
The data should be encrypted whatever the backend is

Additional info:

Comment 3 Eric Harney 2016-02-05 14:47:30 UTC
This will require some significant work in Nova and Cinder to support, see Dan Berrange's comment on bug 1305024.

Comment 4 Stephen Gordon 2016-06-09 18:48:53 UTC
Bulk update to reflect scope of Red Hat OpenStack Platform 9 and Red Hat OpenStack Platform does not include this issue (No pm_ack+).


Note You need to log in before you can comment on or make changes to this bug.