Open Stack

On 23/11/15 03:45 +0000, Li, Xiaoyan wrote:
>Hi all,
>More help about volume encryption is needed.
>
>About uploading encrypted volumes to image, there are three options:
>1. Glance only keeps non-encrypted images. So when uploading encrypted volumes to image, cinder de-crypts the data and upload.
>2. Glance maintain encrypted images. Cinder just upload the encrypted data to image.
>3. Just prevent the function to upload encrypted volumes to images.


The subject and content of this email explicitly mentions uploads and
therefore I think #1 is probably the best option here. However, it is
also possible to create an image and make it point to a cinder
location. Then, you could have nova boot from that as if it was
booting from a cinder volume. That way, the image won't be sent to
Glance and it'll remain encrypted in its volume.

Hope I didn't digress from the requirements with that option, which is
still valid.

Flavio

>
>Option 1 No changes needed in Glance. But it may be not safe. As we decrypt the data, and upload it to images.
>Option 2 This imports encryption to Glance which needs to manage the encryption metadata.
>
>Please add more if you have other suggestions. How do you think which one is preferred.
>Appreciate for your help.
>
>Best wishes
>Lisa
>
>
>
>__________________________________________________________________________
>OpenStack Development Mailing List (not for usage questions)
>Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-- 
@flaper87
Flavio Percoco
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20151123/ed72cb3d/attachment-0001.pgp>