[nova][ops] seeking input about local/ephemeral disk encryption feature naming
melwittt at gmail.com
Wed Jul 13 23:16:58 UTC 2022
A potential issue regarding naming has come up during review of the
ephemeral storage encryption feature  patch series  and we're
looking for input before moving forward with any naming/terminology
changes across the specs and the entire patch series.
The concern that has been raised is around use of the term "ephemeral"
for the name of this feature including traits, extra specs, and image
For context, the objective of this feature is to provide users with the
ability to specify that all local disks for the instance be encrypted.
This includes the root disk and any other local disks.
The initial concern is around use of the word "ephemeral" for the root disk.
My general interpretation of the word "ephemeral" for storage in nova
has been that it means attached storage that only persists for the
lifetime of the instance and is destroyed if and when the instance is
destroyed. This is in contrast to attached cinder volumes which can
persist after instance deletion.
But should "ephemeral" ever be used to describe a root disk? Is it
incorrect and/or ambiguous to refer to it as such?
This is part of what is being discussed in .
During discussion, I also realized there is a separate gap in the above
interpretation of "ephemeral" in nova. When cinder volumes are attached
to an instance, their persistence after the instance is deleted depends
on whether the 'delete_on_termination' attribute is set to true in the
request payload when the instance is created  or when attaching a
volume to the instance  or updating a volume attached to the instance
This means that in the currently proposed patches, if a user specifies
hw:ephemeral_encryption in the extra_specs, for example, and they also
have a volume with delete_on_termination=True attached, only the root
disk will be encrypted via the extra spec -- the volume would not be
encrypted. Encryption of the volume has to be requested in cinder.
Could this mislead a user into thinking both the root disk and cinder
volume are encrypted when only the root disk is?
Because of the above issues, we are considering whether we should change
the terminology used in this feature at this stage. Some ideas include
"local encryption", "local disk encryption", "disk encryption". IMHO
"disk_encryption" is ambiguous in its own way because an attached cinder
volume also has a disk.
Changing the naming will be a non-trivial amount of work, so we wanted
to get additional input before going ahead with such a change.
Another thing noted in a comment on another patch in the series  is
that the os-traits for this feature have already been merged . If we
decide to change the naming, should we go ahead and use these traits
as-is and have them not match the naming in nova or should we deprecate
them and add new traits that match the new name and use those?
I hope this makes sense and your input would be much appreciated.
More information about the openstack-discuss