Storage: Encryption of ephemeral storage (first steps only)
This blueprint is an incremental feature to [https:/
When virtual machines (VMs) are launched, ephemeral storage is created to support a large single volume. It is created locally on the same platform as the machine hosting the VM, for both the guest operating system files and additional storage space can also be added for other purposes. These volumes are currently not being encrypted, and this makes the platforms hosting VMs high value targets because an attacker can break into the platform and read the data for many different VMs. This feature makes it harder for an attacker to read VM disks, since it encrypts each one with a unique key that is not stored locally. Also, if the physical storage medium were stolen, remounted, and accessed from a different machine, this blueprint fully addresses this vulnerability also.
The aim of this blueprint is to provide encryption of the VM's data before it is written to disk. The idea is similar to how self-encrypting drives work. Our goal is to present the VM a normal block storage device, but we will encrypt the bytes in the virtualization host before writing them to the disk. For more information, see the referenced specification.
Blueprint information
- Status:
- Complete
- Approver:
- Russell Bryant
- Priority:
- Low
- Drafter:
- APL Development team for OpenStack
- Direction:
- Approved
- Assignee:
- APL Development team for OpenStack
- Definition:
- Approved
- Series goal:
- Accepted for icehouse
- Implementation:
-
Implemented
- Milestone target:
-
2014.1
- Started by
- Joel Coffman
- Completed by
- John Garbutt
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Adds ephemeral storage encryption
Addressed by: https:/
This patch adds ephemeral storage encryption for LVM back-end instances. Encryption is implemented by passing all data written to and read from the logical volumes through a dm-crypt layer. Most instance operations such as pause/continue, suspend/resume,
Gerrit topic: https:/
Addressed by: https:/
Add key manager implementation with static key
Addressed by: https:/
Synchronize the key manager interface with Cinder
Addressed by: https:/
Replaces call to lvs with blockdev.
Addressed by: https:/
Adds dmcrypt utility module
Addressed by: https:/
Patch adds dmcrypt module.
Addressed by: https:/
Adds ephemeral_key_uuid field to instance
Gerrit topic: https:/
Addressed by: https:/
Add support for libvirt secret management
Addressed by: https:/
Adds ephemeral storage encryption for Raw back-end images
Abandoned:
==========
https:/
https:/
Merged in Havana:
================
https:/
https:/
https:/
Merged in Icehouse:
================
https:/
https:/
https:/
Waiting for review:
==============
https:/
https:/
https:/
This blueprint was too big in the first place, probably just delay the un-merged things, and mark this complete --johnthetubaguy
Apologies, this missed the deadline for Feature Freeze. Marking this one as Implemented, so please open a new blueprint for the remaining patches. Please rebase patches as soon as Juno opens, and we will try to get this in during that period. --johnthetubaguy (5th March 2014)
Given objections during the review, will need to look at the design of this integration with libvirt more carefully. The sticking point seems to be waiting for barbican. --johnthetubaguy
Work Items
Work items:
Initial work: DONE
wire up with libvirt: POSTPONED
