[openstack-dev] Configuring dm-crypt inside Host

Benjamin, Bruce P. Bruce.Benjamin at jhuapl.edu
Thu Jun 27 16:51:33 UTC 2013 

Tauqeer,

You need to add the volume encryption code into the repository, since it
hasn't been accepted yet into the 

OpenStack master branch.  Info is below from Nate Reller on how to set this
up.  Also, to answer your other 

question, encrypting data in a VM is currently possible, but it needs to be
manually configured within the VM 

by the end user.  

 

The code you need to add Volume Encryption can be found using the links
below.  You will need to integrate this 

code into some repository.  Then update your devstack configuration file to
use the location where you merged 

the code.

 

https://review.openstack.org/#/c/30974/ - Cinder changes

https://review.openstack.org/#/c/30976/ - Nova changes that use hard-coded
key

https://review.openstack.org/#/c/30973/ - Nova changes to incorporate key
manager interface (I don't think this 

is necessary for running the test from the blueprint)

 

We suggest creating a new empty repo for Cinder and Nova.  Then have the
master branches of those be our code

from the links above.  Then configure devstack to use the master branch from
the new repos you created for Cinder 

and Nova.

 

Create the encrypted volumes from the command line.  I'm not sure if the
changes in Horizon are there by default 

or not.

  

> Date: Thu, 27 Jun 2013 00:00:19 +0200

> From: Tauqeer Ahmad <tauqeer.ahmad at rwth-aachen.de>

> Subject: [openstack-dev] Configuring dm-crypt inside Host

 

> Dear members,

> I was trying to configure dm-crypt in my openstack without creating
virtual machines. I read the blueprint

> "VolumeEncryption" but somehow I am unable to configure encryption. I am
also new to openstack so it 

> would be really nice of you guys if you can share your knowledge with me
to configure it. If someone has 

> already did it then kindly tell me what changes do I need to make in order
to accomplish it.

> And one more thing, it is written in that blueprint that encryption in VM
is not possible. Is that true?

> Waiting for positive reply.

> --

> Tauqeer Ahmad

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130627/016d3d83/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4622 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130627/016d3d83/attachment.bin>

More information about the OpenStack-dev mailing list