Has anyone tried using encrypted ephemeral storage for nova?
I setup nova to use LVM as it's backend and added the
[ephemeral_storage_encryption] and [keymgr] sections to nova.conf. Upon
booting a new instance, the instance volume is named as if it's encrypted
("-dmcrypt" is appended to the volume name), but it is not encrypted. No
errors in the logs.
Looking at the source code, I don't see "cryptsetup luksFormat" being
called anywhere.
Is this feature half-baked, or am I misunderstanding how it's supposed to
work?
I'm running Kilo.
Thanks,
-Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20160407/18c2526c/attachment.html>