Improvement about encrypted volume
The BP is raised to summarize the bug fix for encrypted volume in Mitaka.
The work includes:
1. As both Cinder and Nova use encryptors, plan to move nova/volume/
2. To fix following bugs related to encrypted volume:
cinder wrote unencrypted data to encrypted volumes when creating from an image https:/
Booting encrypted volume with whole image fails https:/
Data corrupted in cinder nfs volume with encrypted volume type after detached https:/
Input validation for command encryption-
Upload encrypted volume to image https:/
Blueprint information
- Status:
- Complete
- Approver:
- Sean McGinnis
- Priority:
- High
- Drafter:
- Lisa Li
- Direction:
- Needs approval
- Assignee:
- Eric Harney
- Definition:
- Approved
- Series goal:
- None
- Implementation:
- Implemented
- Milestone target:
- None
- Started by
- Lisa Li
- Completed by
- Eric Harney
Related branches
Related bugs
Sprints
Whiteboard
Note: this is not a complete list of bugs related to this area. But, I believe this set of work is complete in Rocky as of https:/
Added two bugs:
Create encrypted volume from source volume: https:/
Create encrypted volume from snapshot: https:/
Gerrit topic: https:/
Addressed by: https:/
Create encrypted volumes from images
Gerrit topic: https:/
Addressed by: https:/
Add encryptor attach/detach in utils
Gerrit topic: https:/
Gerrit topic: https:/
Gerrit topic: https:/
Addressed by: https:/
Glance: attach volume encryption key id to image
Addressed by: https:/
Create volumes from encrypted images
Addressed by: https:/
qemu_img_info: report 'luks' images as 'raw'
Addressed by: https:/
qemu_img_info: Don't autodetect source format
Addressed by: https:/
Add rel note for create volume from enc. image