[openstack-dev] [Cinder] encryption is not supported in ceph volume

Matt Riedemann mriedem at linux.vnet.ibm.com
Mon Aug 3 17:13:13 UTC 2015



On 7/30/2015 1:02 AM, Li, Xiaoyan wrote:
> Hi all,
>
> I created an encryption type, and create a volume in Ceph with the volume type.
>>> cinder encryption-type-create
>
> But failed to attach it to a VM. The error message shows that no device_path in connection_info.
>
> ^[[01;31m2015-07-30 05:55:57.117 TRACE oslo_messaging.rpc.dispatcher ^[[01;35m^[[00m    self.symlink_path = connection_info['data']['device_path']^M
> ^[[01;31m2015-07-30 05:55:57.117 TRACE oslo_messaging.rpc.dispatcher ^[[01;35m^[[00mKeyError: 'device_path'
>
> Two questions:
> 1. Is it not supported to create volume in Ceph with encrypted volume type?
> 2. If yes, should we prohibit to create a Ceph volume with encrypted volume type.
>
> Best wishes
> Lisa
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>

This is a known issue and was pointed out in the mailing list earlier 
[1].  A change was made to make that fail fast and obvious now rather 
than let users think they had encrypted rbd volumes.

The KeyError in nova should have a better exception raised with this 
change [2].

nagyz is working on adding the encryption support for rbd to nova here [3].

[1] http://lists.openstack.org/pipermail/openstack-dev/2015-July/068457.html
[2] https://review.openstack.org/#/c/193830/
[3] https://review.openstack.org/#/c/206576/

-- 

Thanks,

Matt Riedemann




More information about the OpenStack-dev mailing list