[openstack-dev] [Nova] FFE Request: Encrypt Cinder volumes

Joe Gordon joe.gordon0 at gmail.com
Fri Sep 6 22:34:06 UTC 2013


On Fri, Sep 6, 2013 at 2:47 PM, Russell Bryant <rbryant at redhat.com> wrote:

> On 09/06/2013 04:14 PM, Benjamin, Bruce P. wrote:
> > We request that volume encryption [1] be granted an exception to the
> > feature freeze for Havana-3.  Volume encryption [2] provides a usable
> > layer of protection to user data as it is transmitted through a network
> > and when it is stored on disk. The main patch [2] has been under review
> > since the end of May and had received two +2s in mid-August.
> > Subsequently, support was requested for booting from encrypted volumes
> > and integrating a working key manager [3][4] as a stipulation for
> > acceptance, and both these requests have been satisfied within the past
> > week. The risk of disruption to deployments from this exception is
> > minimal because the volume encryption feature is unused by default.
> > Note that the corresponding Cinder support for this feature has already
> > been approved, so acceptance into Nova will keep this code from becoming
> > abandoned.   Thank you for your consideration.
> >
> >
> >
> > The APL Development Team
> >
> >
> >
> > [1] https://blueprints.launchpad.net/nova/+spec/encrypt-cinder-volumes
> >
> > [2] https://review.openstack.org/#/c/30976/
> >
> > [3] https://review.openstack.org/#/c/45103/
> >
> > [4] https://review.openstack.org/#/c/45123/
>
> Thanks for all of your hard work on this!  It sounds to me like the code
> was ready to go aside from the issues you mentioned above, which have
> now been addressed.
>
> I think the feature provides a lot of value and has fairly low risk if
> we get it merged ASAP, since it's off by default.  The main risk is
> around the possibility of security vulnerabilities.  Hopefully good
> review (both from a code and security perspective) can mitigate that
> risk.  This feature has been in the works for a while and has very good
> documentation on the blueprint, so I take it that it has been vetted by
> a number of people already.  It would be good to get ACKs on this point
> in this thread.
>
> I would be good with the exception for this, assuming that:
>
> 1) Those from nova-core that have reviewed the code are still happy with
> it and would do a final review to get it merged.
>

I am happy with what I have seen so far.


>
> 2) There is general consensus that the simple config based key manager
> (single key) does provide some amount of useful security.  I believe it
> does, just want to make sure we're in agreement on it.  Obviously we
> want to improve this in the future.
>
>
I think the config based key manager helps for volumes (move trust away
from the volume server), but not very much for ephemeral storage assuming
ephemeral is local, just like the config file.


> Again, thank you very much for all of your work on this (both technical
> and non-technical)!
>
> --
> Russell Bryant
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130906/9b139c37/attachment.html>


More information about the OpenStack-dev mailing list