[openstack-dev] [nova][cinder][glance][osc][sdk] Image Encryption for OpenStack (proposal)

Julia Kreger juliaashleykreger at gmail.com
Fri Sep 28 01:38:44 UTC 2018


I suspect the avenue of at least three different specs is likely going
to be the best path forward and likely what will be required for each
project to fully understand how/what/why. From my point of view, I'm
quite interested in this from a Nova point of view because that is the
initial user interaction point for majority of activities. I'm also
wondering if this is virt driver specific, or if it can be applied to
multiple virt drivers in the nova tree, since each virt driver has
varying constraints. So maybe the best path forward is something nova
centric to start?


On Thu, Sep 27, 2018 at 10:36 AM Markus Hentsch
<markus.hentsch at secustack.com> wrote:
> Dear OpenStack developers,
> we would like to propose the introduction of an encrypted image format
> in OpenStack. We already created a basic implementation involving Nova,
> Cinder, OSC and Glance, which we'd like to contribute.
> We originally created a full spec document but since the official
> cross-project contribution workflow in OpenStack is a thing of the past,
> we have no single repository to upload it to. Thus, the Glance team
> advised us to post this on the mailing list [1].
> Ironically, Glance is the least affected project since the image
> transformation processes affected are taking place elsewhere (Nova and
> Cinder mostly).
> Below you'll find the most important parts of our spec that describe our
> proposal - which our current implementation is based on. We'd love to
> hear your feedback on the topic and would like to encourage all affected
> projects to join the discussion.
> Subsequently, we'd like to receive further instructions on how we may
> contribute to all of the affected projects in the most effective and
> collaborative way possible. The Glance team suggested starting with a
> complete spec in the glance-specs repository, followed by individual
> specs/blueprints for the remaining projects [1]. Would that be alright
> for the other teams?
> [1]
> http://eavesdrop.openstack.org/meetings/glance/2018/glance.2018-09-27-14.00.log.html
> Best regards,
> Markus Hentsch

More information about the OpenStack-dev mailing list