1917598 – [RFE] client-side LUKS encryption built into librbd

Bug 1917598 - [RFE] client-side LUKS encryption built into librbd

Summary: [RFE] client-side LUKS encryption built into librbd

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	RBD
Sub Component:
Version:	5.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	medium
Target Milestone:	---
Target Release:	5.0
Assignee:	Ilya Dryomov
QA Contact:	Harish Munjulur
Docs Contact:	Ranjini M N
URL:
Whiteboard:
Depends On:
Blocks:	1954403 1959686
TreeView+	depends on / blocked

Reported:	2021-01-18 21:16 UTC by Jason Dillaman
Modified:	2021-08-30 08:28 UTC (History)
CC List:	5 users (show)
Fixed In Version:	ceph-16.1.0-486.el8cp
Doc Type:	Enhancement
Doc Text:	.LUKS encryption inside librbd is supported Layering QEMU LUKS encryption or dm-crypt kernel module on top of librbd suffers a major limitation that a copy-on-write clone image must use the same encryption key as its parent image. With this release, support for LUKS encryption has been incorporated within librbd. The new "rbd encryption format" command can now be used to format an image to a `luks1` or `luks2` encrypted format.
Clone Of:
Environment:
Last Closed:	2021-08-30 08:27:52 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHCEPH-1221	0	None	None	None	2021-08-30 00:17:31 UTC
Red Hat Product Errata	RHBA-2021:3294	0	None	None	None	2021-08-30 08:28:07 UTC

Description Jason Dillaman 2021-01-18 21:16:47 UTC

Description of problem:
Support for LUKS encryption incorporated within librbd. Future plans will add support for thin-provisioned encryption across clones.

Version-Release number of selected component (if applicable):
5.0

Comment 1 RHEL Program Management 2021-01-18 21:16:52 UTC

Please specify the severity of this bug. Severity is defined here:
https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity.

Comment 2 Ken Dreyer (Red Hat) 2021-01-22 17:26:09 UTC

Jason, is this all complete in pacific upstream now? Any information for QE to verify this feature?

Comment 3 Jason Dillaman 2021-02-09 18:14:23 UTC

(In reply to Ken Dreyer (Red Hat) from comment #2)
> Jason, is this all complete in pacific upstream now? Any information for QE
> to verify this feature?

It's been merged and documented upstream for a while now.

Comment 4 Ken Dreyer (Red Hat) 2021-03-03 00:20:02 UTC

Great, I'm setting Fixed In Version to this week's downstream build.

Comment 7 Harish Munjulur 2021-04-30 05:42:43 UTC

QA verified.

Comment 12 errata-xmlrpc 2021-08-30 08:27:52 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat Ceph Storage 5.0 bug fix and enhancement), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:3294

Note You need to log in before you can comment on or make changes to this bug.