[openstack-dev] [nova][cinder][glance][osc][sdk] Image Encryption for OpenStack (proposal)

hao wang sxmatch1986 at gmail.com
Fri Sep 28 01:50:51 UTC 2018


+1 to Julia's suggestion, Cinder should also have a spec to discuss
the detail about how to implement the creation of volume from an
encrypted image.
Julia Kreger <juliaashleykreger at gmail.com> 于2018年9月28日周五 上午9:39写道:
>
> Greetings!
>
> I suspect the avenue of at least three different specs is likely going
> to be the best path forward and likely what will be required for each
> project to fully understand how/what/why. From my point of view, I'm
> quite interested in this from a Nova point of view because that is the
> initial user interaction point for majority of activities. I'm also
> wondering if this is virt driver specific, or if it can be applied to
> multiple virt drivers in the nova tree, since each virt driver has
> varying constraints. So maybe the best path forward is something nova
> centric to start?
>
> -Julia
>
> On Thu, Sep 27, 2018 at 10:36 AM Markus Hentsch
> <markus.hentsch at secustack.com> wrote:
> >
> > Dear OpenStack developers,
> >
> > we would like to propose the introduction of an encrypted image format
> > in OpenStack. We already created a basic implementation involving Nova,
> > Cinder, OSC and Glance, which we'd like to contribute.
> >
> > We originally created a full spec document but since the official
> > cross-project contribution workflow in OpenStack is a thing of the past,
> > we have no single repository to upload it to. Thus, the Glance team
> > advised us to post this on the mailing list [1].
> >
> > Ironically, Glance is the least affected project since the image
> > transformation processes affected are taking place elsewhere (Nova and
> > Cinder mostly).
> >
> > Below you'll find the most important parts of our spec that describe our
> > proposal - which our current implementation is based on. We'd love to
> > hear your feedback on the topic and would like to encourage all affected
> > projects to join the discussion.
> >
> > Subsequently, we'd like to receive further instructions on how we may
> > contribute to all of the affected projects in the most effective and
> > collaborative way possible. The Glance team suggested starting with a
> > complete spec in the glance-specs repository, followed by individual
> > specs/blueprints for the remaining projects [1]. Would that be alright
> > for the other teams?
> >
> > [1]
> > http://eavesdrop.openstack.org/meetings/glance/2018/glance.2018-09-27-14.00.log.html
> >
> > Best regards,
> > Markus Hentsch
> >
> [trim]
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



More information about the OpenStack-dev mailing list