[openstack-dev] [Nova] FFE Request: Encrypt Cinder volumes

Bhandaru, Malini K malini.k.bhandaru at intel.com
Fri Sep 6 23:39:14 UTC 2013 

Thank you Russell for the special consideration.
+1

 The positive vote is for multiple reasons, the JHU team took care of:
1) boot from encrypted volume
2) have laid the foundation for securing volumes with keys served from a strong key manager
3) blueprint and diligently addressing concerns
4) feature by default off.

Regards
malini

-----Original Message-----
From: Russell Bryant [mailto:rbryant at redhat.com] 
Sent: Friday, September 06, 2013 2:47 PM
To: openstack-dev at lists.openstack.org
Subject: Re: [openstack-dev] [Nova] FFE Request: Encrypt Cinder volumes

On 09/06/2013 04:14 PM, Benjamin, Bruce P. wrote:
> We request that volume encryption [1] be granted an exception to the 
> feature freeze for Havana-3.  Volume encryption [2] provides a usable 
> layer of protection to user data as it is transmitted through a 
> network and when it is stored on disk. The main patch [2] has been 
> under review since the end of May and had received two +2s in mid-August.
> Subsequently, support was requested for booting from encrypted volumes 
> and integrating a working key manager [3][4] as a stipulation for 
> acceptance, and both these requests have been satisfied within the 
> past week. The risk of disruption to deployments from this exception 
> is minimal because the volume encryption feature is unused by default.
> Note that the corresponding Cinder support for this feature has 
> already been approved, so acceptance into Nova will keep this code from becoming
> abandoned.   Thank you for your consideration.
> 
>  
> 
> The APL Development Team
> 
>  
> 
> [1] https://blueprints.launchpad.net/nova/+spec/encrypt-cinder-volumes
> 
> [2] https://review.openstack.org/#/c/30976/
> 
> [3] https://review.openstack.org/#/c/45103/
> 
> [4] https://review.openstack.org/#/c/45123/

Thanks for all of your hard work on this!  It sounds to me like the code was ready to go aside from the issues you mentioned above, which have now been addressed.

I think the feature provides a lot of value and has fairly low risk if we get it merged ASAP, since it's off by default.  The main risk is around the possibility of security vulnerabilities.  Hopefully good review (both from a code and security perspective) can mitigate that risk.  This feature has been in the works for a while and has very good documentation on the blueprint, so I take it that it has been vetted by a number of people already.  It would be good to get ACKs on this point in this thread.

I would be good with the exception for this, assuming that:

1) Those from nova-core that have reviewed the code are still happy with it and would do a final review to get it merged.

2) There is general consensus that the simple config based key manager (single key) does provide some amount of useful security.  I believe it does, just want to make sure we're in agreement on it.  Obviously we want to improve this in the future.

Again, thank you very much for all of your work on this (both technical and non-technical)!

--
Russell Bryant

_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

More information about the OpenStack-dev mailing list