OpenStack Compute (nova)

libvirt: support ephemeral disk encryption

Registered by sean mooney

This spec introduces the libvirt driver implementation of the flavour and
image defined ephemeral encryption feature

Blueprint information

Status:
Not started
Approver:
sean mooney
Priority:
Undefined
Drafter:
Lee Yarwood
Direction:
Approved
Assignee:
melanie witt
Definition:
Approved
Series goal:
Accepted for antelope
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

[20211123 bauzas] Spec was merged yesterday https://review.opendev.org/c/openstack/nova-specs/+/810868

[20220225 bauzas] Implementation hit by FeatureFreeze, please repropose the blueprint/spec for the Zed release.

Implementation patches : https://review.opendev.org/q/topic:specs%252Fyoga%252Fapproved%252Fephemeral-encryption-libvirt

[20220614 bauzas] Spec was approved for the Zed cycle https://review.opendev.org/c/openstack/nova-specs/+/836075

[20221115 bauzas] Spec got approved for Antelope https://review.opendev.org/c/openstack/nova-specs/+/864147

Gerrit topic: https://review.opendev.org/#/q/topic:specs/yoga/approved/ephemeral-encryption-libvirt

Addressed by: https://review.opendev.org/c/openstack/nova/+/826755
    imagebackend: Add support to libvirt_info for LUKS based encryption

Addressed by: https://review.opendev.org/c/openstack/nova/+/826756
    imagebackend: Cache the key manager when disk is encrypted

Addressed by: https://review.opendev.org/c/openstack/nova/+/772273
    libvirt: Introduce support for qcow2 with LUKS

Addressed by: https://review.opendev.org/c/openstack/nova/+/826754
    libvirt: Configure and teardown ephemeral encryption secrets

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

Nearby

This blueprint contains Public information 
Everyone can see this information.
Edit subscription

Subscribers

No subscribers.