[openstack-dev] [cinder][glance]Upload encrypted volumes to images

Duncan Thomas duncan.thomas at gmail.com
Mon Nov 23 07:39:14 UTC 2015


(1) is what we were working towards. To my mind, it is the right option.

(2) Means that you have an encryption key shared between volumes, same as
backups currently. It also means you can't share images, which is very
limiting.

(3) Makes BFV basically useless with encrypted volumes. Given there are
plenty of people who'd like to use BFV and need encrypted volumes, we'd
basically be pushing those people off to a backend that manages encryption
itself, which none of the free/libre backends do currently AFAIK.

On 23 November 2015 at 05:45, Li, Xiaoyan <xiaoyan.li at intel.com> wrote:

> Hi all,
> More help about volume encryption is needed.
>
> About uploading encrypted volumes to image, there are three options:
> 1. Glance only keeps non-encrypted images. So when uploading encrypted
> volumes to image, cinder de-crypts the data and upload.
> 2. Glance maintain encrypted images. Cinder just upload the encrypted data
> to image.
> 3. Just prevent the function to upload encrypted volumes to images.
>
> Option 1 No changes needed in Glance. But it may be not safe. As we
> decrypt the data, and upload it to images.
> Option 2 This imports encryption to Glance which needs to manage the
> encryption metadata.
>
> Please add more if you have other suggestions. How do you think which one
> is preferred.
> Appreciate for your help.
>
> Best wishes
> Lisa
>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



-- 
-- 
Duncan Thomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20151123/9c46efcc/attachment.html>


More information about the OpenStack-dev mailing list