Bug 1805666 - [Workaround] Allow native LUKSv1 decryption to be disabled
Summary: [Workaround] Allow native LUKSv1 decryption to be disabled
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-nova
Version: 17.0 (Wallaby)
Hardware: x86_64
OS: Linux
Target Milestone: Upstream M3
: 17.0
Assignee: Lee Yarwood
QA Contact: nova-maint
Depends On:
Blocks: 1824116 1824119 1824121
TreeView+ depends on / blocked
Reported: 2020-02-21 10:48 UTC by Lee Yarwood
Modified: 2021-09-30 16:35 UTC (History)
10 users (show)

Fixed In Version: openstack-nova-23.0.3-0.20210908140341.e39bbdc.el9ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1824116 (view as bug list)
Last Closed:
Target Upstream Version: Ussuri

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
OpenStack gerrit 708030 0 None MERGED workarounds: Add option to disable native LUKSv1 decryption by QEMU 2021-01-19 15:55:58 UTC
OpenStack gerrit 708031 0 None MERGED rbd: Use showmapped to find the root RBD device during disconnect_volume 2021-01-19 15:55:58 UTC
OpenStack gerrit 708035 0 None ABANDONED nova: Add confiurable to disable native LUKSv1 decryption 2021-01-19 15:55:58 UTC

Description Lee Yarwood 2020-02-21 10:48:55 UTC
Description of problem:

Since https://review.opendev.org/#/c/632507/ in stable/stein LUKSv1 volume are natively decrypted by QEMU. Performance issues have recently been identified within the libgcrypt library used by QEMU when natively decrypting LUKSv1 disks. As a result it would be useful to allow operators to switch back to the original dm-crypt based os-brick encryptor approach when decrypting these volumes.

Note You need to log in before you can comment on or make changes to this bug.