[openstack-dev] [nova] Encrypted Ephemeral Storage
Daniel P. Berrange
berrange at redhat.com
Mon Apr 25 16:36:22 UTC 2016
On Mon, Apr 25, 2016 at 04:28:17PM +0000, Coffman, Joel M. wrote:
> Based on the comments to the RBD encryption change [1], it looks
> like there will be a new direction for ephemeral disk encryption
> (embedding it in QEMU directly). I assume LVM will work the same
> way when the time comes. Will there be a migration path for the
> existing ephemeral disk encryption support for LVM to the new
> model?
>
> [1] https://review.openstack.org/#/c/239798/
>
> Yes, as I understand it, the long-term goal is to provide encryption
> support directly in QEMU and have a unified interface for LVM, RBD,
> and file-based backends. I do not yet know what the potential
> migration path will look like.
The forthcoming QEMU 2.6 release will include native support for the
LUKS data format. There is a test suite with QEMU to prove that this
is interoperable with the kernel dm-crypt/cryptsetup tools. So there
will be no data migration required. Nova will merely need to change
the way it configures to point QEMU directly to the encrypted LVM
volume, instead of creating a dm-crypt volume wrapper. QEMU will
then directly decrypt the LVM volume.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the OpenStack-dev
mailing list