[openstack-dev] [Nova] FFE Request: Encrypt Cinder volumes

Russell Bryant rbryant at redhat.com
Fri Sep 6 21:47:00 UTC 2013


On 09/06/2013 04:14 PM, Benjamin, Bruce P. wrote:
> We request that volume encryption [1] be granted an exception to the
> feature freeze for Havana-3.  Volume encryption [2] provides a usable
> layer of protection to user data as it is transmitted through a network
> and when it is stored on disk. The main patch [2] has been under review
> since the end of May and had received two +2s in mid-August. 
> Subsequently, support was requested for booting from encrypted volumes
> and integrating a working key manager [3][4] as a stipulation for
> acceptance, and both these requests have been satisfied within the past
> week. The risk of disruption to deployments from this exception is
> minimal because the volume encryption feature is unused by default. 
> Note that the corresponding Cinder support for this feature has already
> been approved, so acceptance into Nova will keep this code from becoming
> abandoned.   Thank you for your consideration.
> 
>  
> 
> The APL Development Team
> 
>  
> 
> [1] https://blueprints.launchpad.net/nova/+spec/encrypt-cinder-volumes
> 
> [2] https://review.openstack.org/#/c/30976/
> 
> [3] https://review.openstack.org/#/c/45103/
> 
> [4] https://review.openstack.org/#/c/45123/ 

Thanks for all of your hard work on this!  It sounds to me like the code
was ready to go aside from the issues you mentioned above, which have
now been addressed.

I think the feature provides a lot of value and has fairly low risk if
we get it merged ASAP, since it's off by default.  The main risk is
around the possibility of security vulnerabilities.  Hopefully good
review (both from a code and security perspective) can mitigate that
risk.  This feature has been in the works for a while and has very good
documentation on the blueprint, so I take it that it has been vetted by
a number of people already.  It would be good to get ACKs on this point
in this thread.

I would be good with the exception for this, assuming that:

1) Those from nova-core that have reviewed the code are still happy with
it and would do a final review to get it merged.

2) There is general consensus that the simple config based key manager
(single key) does provide some amount of useful security.  I believe it
does, just want to make sure we're in agreement on it.  Obviously we
want to improve this in the future.

Again, thank you very much for all of your work on this (both technical
and non-technical)!

-- 
Russell Bryant



More information about the OpenStack-dev mailing list