[openstack-dev] Configuring dm-crypt inside Host
Benjamin, Bruce P.
Bruce.Benjamin at jhuapl.edu
Thu Jun 27 16:51:33 UTC 2013
Tauqeer,
You need to add the volume encryption code into the repository, since it
hasn't been accepted yet into the
OpenStack master branch. Info is below from Nate Reller on how to set this
up. Also, to answer your other
question, encrypting data in a VM is currently possible, but it needs to be
manually configured within the VM
by the end user.
The code you need to add Volume Encryption can be found using the links
below. You will need to integrate this
code into some repository. Then update your devstack configuration file to
use the location where you merged
the code.
https://review.openstack.org/#/c/30974/ - Cinder changes
https://review.openstack.org/#/c/30976/ - Nova changes that use hard-coded
key
https://review.openstack.org/#/c/30973/ - Nova changes to incorporate key
manager interface (I don't think this
is necessary for running the test from the blueprint)
We suggest creating a new empty repo for Cinder and Nova. Then have the
master branches of those be our code
from the links above. Then configure devstack to use the master branch from
the new repos you created for Cinder
and Nova.
Create the encrypted volumes from the command line. I'm not sure if the
changes in Horizon are there by default
or not.
> Date: Thu, 27 Jun 2013 00:00:19 +0200
> From: Tauqeer Ahmad <tauqeer.ahmad at rwth-aachen.de>
> Subject: [openstack-dev] Configuring dm-crypt inside Host
> Dear members,
> I was trying to configure dm-crypt in my openstack without creating
virtual machines. I read the blueprint
> "VolumeEncryption" but somehow I am unable to configure encryption. I am
also new to openstack so it
> would be really nice of you guys if you can share your knowledge with me
to configure it. If someone has
> already did it then kindly tell me what changes do I need to make in order
to accomplish it.
> And one more thing, it is written in that blueprint that encryption in VM
is not possible. Is that true?
> Waiting for positive reply.
> --
> Tauqeer Ahmad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130627/016d3d83/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4622 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130627/016d3d83/attachment.bin>
More information about the OpenStack-dev
mailing list