Bug 1795271 - [Docs][OSP 16] Deprecate the current LVM based ephemeral disk encryption implementation
Summary: [Docs][OSP 16] Deprecate the current LVM based ephemeral disk encryption impl...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-nova
Version: 16.0 (Train)
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
: 16.0 (Train on RHEL 8.1)
Assignee: Roger Heslop
QA Contact: RHOS Documentation Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-01-27 15:29 UTC by Lee Yarwood
Modified: 2020-12-21 19:36 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Deprecated Functionality
Doc Text:
In Red Hat OpenStack Platform 16.0, ephemeral disk encryption is deprecated. Bug fixes and support will be provided through the end of the 16.0 life cycle but no new feature enhancements will be made.
Clone Of:
Environment:
Last Closed: 2020-08-12 20:34:06 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Lee Yarwood 2020-01-27 15:29:02 UTC 
Description of problem:

https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/15/html-single/security_and_hardening_guide/index#ephemeral_disk_encryption

The current ephemeral disk encryption implementation is limited to LVM, using a single encryption key per instance and using the `plain` cryptsetup encryption format. All of these should be highlighted.

The following RFE is looking at address these by expanding support across all ephemeral backends, using a key (passphrase) per disk and using the more flexible LUKS encryption format.


[RFE] LUKS encryption of all Nova ephemeral disk backends (local (RAW), QCOW2, rbd and LVM)
https://bugzilla.redhat.com/show_bug.cgi?id=1301026
Comment 2 Lee Yarwood 2020-01-31 15:34:34 UTC 
During triage the compute team agreed that the easier approach here is to simply deprecate the current implementation.
Comment 6 Roger Heslop 2020-08-12 20:34:06 UTC 
This feature is added to release notes as deprecated.
Note You need to log in before you can comment on or make changes to this bug.