Bug 1805666 - [Workaround] Allow native LUKSv1 decryption to be disabled
Summary: [Workaround] Allow native LUKSv1 decryption to be disabled
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-nova
Version: 17.0 (Wallaby)
Hardware: x86_64
OS: Linux
urgent
urgent
Target Milestone: Upstream M3
: 17.0
Assignee: Lee Yarwood
QA Contact: James Parker
URL:
Whiteboard:
Depends On:
Blocks: 1824116 1824119 1824121
TreeView+ depends on / blocked
 
Reported: 2020-02-21 10:48 UTC by Lee Yarwood
Modified: 2022-09-21 12:10 UTC (History)
10 users (show)

Fixed In Version: openstack-nova-23.0.3-0.20210908140341.e39bbdc.el9ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1824116 (view as bug list)
Environment:
Last Closed: 2022-09-21 12:09:13 UTC
Target Upstream Version: Ussuri
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 708030 0 None MERGED workarounds: Add option to disable native LUKSv1 decryption by QEMU 2021-01-19 15:55:58 UTC
OpenStack gerrit 708031 0 None MERGED rbd: Use showmapped to find the root RBD device during disconnect_volume 2021-01-19 15:55:58 UTC
OpenStack gerrit 708035 0 None ABANDONED nova: Add confiurable to disable native LUKSv1 decryption 2021-01-19 15:55:58 UTC
Red Hat Issue Tracker OSP-10068 0 None None None 2022-04-13 20:10:18 UTC
Red Hat Product Errata RHEA-2022:6543 0 None None None 2022-09-21 12:10:59 UTC

Description Lee Yarwood 2020-02-21 10:48:55 UTC
Description of problem:

Since https://review.opendev.org/#/c/632507/ in stable/stein LUKSv1 volume are natively decrypted by QEMU. Performance issues have recently been identified within the libgcrypt library used by QEMU when natively decrypting LUKSv1 disks. As a result it would be useful to allow operators to switch back to the original dm-crypt based os-brick encryptor approach when decrypting these volumes.

Comment 15 errata-xmlrpc 2022-09-21 12:09:13 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Release of components for Red Hat OpenStack Platform 17.0 (Wallaby)), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2022:6543


Note You need to log in before you can comment on or make changes to this bug.