[openstack-dev] [cinder][nova]Move encryptors to os-brick

Farr, Kaitlin M. Kaitlin.Farr at jhuapl.edu
Tue Nov 24 17:52:45 UTC 2015


Hi Lisa,

In regards to your comment about the duplication of key management code in Cinder and Nova, there was a long-term plan to replace that code with a shared library when the encryption feature was implemented.  The key manager code has been moved to its own library, Castellan [1].  The plan to replace the key manager code with Castellan has been outlined in a Nova spec [2] and Cinder spec [3].  

1. https://github.com/openstack/castellan
2. https://review.openstack.org/#/c/247561/
3. https://review.openstack.org/#/c/247577/

I hope that helps,

Kaitlin Farr

-----Original Message-----
From: Li, Xiaoyan [mailto:xiaoyan.li at intel.com]
Sent: Monday, November 23, 2015 8:57 PM
To: OpenStack Development Mailing List (not for usage questions); Daniel P. Berrange
Subject: Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick

Hi,

Except creating encrypted volume from images, uploading encrypted volumes to image, as Duncan said there is desire to migrate volumes between encrypted and unencrypted type.
https://review.openstack.org/#/c/248593/

And key magagment codes are duplicated in Cinder and Nova:
https://github.com/openstack/cinder/tree/master/cinder/keymgr
https://github.com/openstack/nova/tree/master/nova/keymgr


Best wishes
Lisa




More information about the OpenStack-dev mailing list