[Openstack-operators] [nova] Do we have users of CryptsetupEncryptor and if so why?

Lee Yarwood lyarwood at redhat.com
Mon Nov 7 17:42:02 UTC 2016

Hello all,

The following bug was recently discovered where encrypted volumes
created prior to Newton use a slightly mangled passphrase :

The passphrase used to encrypt or decrypt volumes was mangled prior to Newton

This is currently being resolved for LUKS based volumes in the following
change with the incorrect passphrase being removed and replaced :

encryptors: Workaround mangled passphrases

Unfortunately we can't do the same for volumes using the plain format
provided by the CryptsetupEncryptor class. While the above change does
include a workaround it would be better if we could deprecate this
format and encryptor for new volumes ASAP and move everyone to LUKS etc.

Before deprecating CryptsetupEncryptor I wanted to ask this list if we
have any active users of this encryptor and if so why is it being used?
Is there a specific use case where plain is better than LUKS and thus
needs to stay around?

Thanks in advance,

Lee Yarwood
Senior Software Engineer
Red Hat

PGP : A5D1 9385 88CB 7E5F BE64  6618 BCA6 6E33 F672 2D76

More information about the OpenStack-operators mailing list