Bug 1434989 - block encrypted NFS volume creation
Summary: block encrypted NFS volume creation
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-cinder
Version: 10.0 (Newton)
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: z7
: 10.0 (Newton)
Assignee: Eric Harney
QA Contact: Tzach Shefi
URL:
Whiteboard:
Depends On:
Blocks: 1454380
TreeView+ depends on / blocked
 
Reported: 2017-03-22 20:40 UTC by Eric Harney
Modified: 2017-12-08 22:04 UTC (History)
5 users (show)

Fixed In Version: openstack-cinder-9.1.4-3.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1454380 (view as bug list)
Environment:
Last Closed: 2017-12-08 22:04:06 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Launchpad 1675469 None None None 2017-03-23 16:21:25 UTC
OpenStack gerrit 449205 'None' MERGED RemoteFS: prevent creation of encrypted volumes 2020-11-12 15:46:35 UTC
Red Hat Bugzilla 1305022 medium ON_DEV [RFE][cinder] Support volume encryption on NFS backends 2020-10-14 00:28:05 UTC

Internal Links: 1305022

Description Eric Harney 2017-03-22 20:40:57 UTC
Volume encryption does not yet work with the Cinder NFS driver.

However, Cinder will create volumes that appear to be encrypted.

This was fixed in the RBD driver here: https://review.openstack.org/#/c/386185/

We should apply a similar fix for the NFS driver.

Comment 2 Lon Hohberger 2017-11-28 19:19:50 UTC
According to our records, this should be resolved by openstack-cinder-9.1.4-12.el7ost.  This build is available now.

Comment 3 Tzach Shefi 2017-12-05 11:16:37 UTC
Verified on : 
openstack-cinder-9.1.4-12.el7ost.noarch

On a Cinder NFS backed system:

[stack@undercloud-0 ~]$ cinder service-list
+------------------+-----------------------+------+---------+-------+----------------------------+-----------------+
| Binary           | Host                  | Zone | Status  | State | Updated_at                 | Disabled Reason |
+------------------+-----------------------+------+---------+-------+----------------------------+-----------------+
| cinder-scheduler | hostgroup             | nova | enabled | up    | 2017-12-05T10:58:34.000000 | -               |
| cinder-volume    | hostgroup@tripleo_nfs | nova | enabled | up    | 2017-12-05T10:58:34.000000 | -               |
+------------------+-----------------------+------+---------+-------+----------------------------+-----------------+


Creating an encrypted nfs backed volume: 
$ cinder create --display-name 'encrNFSvol' --volume-type LUKS 1

Fails as expected:
$ cinder list
+--------------------------------------+--------+------------+------+-------------+----------+-------------+
| ID                                   | Status | Name       | Size | Volume Type | Bootable | Attached to |
+--------------------------------------+--------+------------+------+-------------+----------+-------------+
| 02fb7b52-41b0-4106-a326-bc096e06f9ff | error  | encrNFSvol | 1    | LUKS        | false    |             |
+--------------------------------------+--------+------------+------+-------------+----------+-------------+


Cinder volume log's trace back raises expected error: 


2017-12-05 11:12:16.918 530208 ERROR cinder.volume.manager     raise exception.VolumeDriverException(message=message)
2017-12-05 11:12:16.918 530208 ERROR cinder.volume.manager VolumeDriverException: Volume driver reported an error: Encryption is not yet supported.
2017-12-05 11:12:16.918 530208 ERROR cinder.volume.manager


Note You need to log in before you can comment on or make changes to this bug.