[Openstack-operators] [nova] Do we have users of CryptsetupEncryptor and if so why?
Lee Yarwood
lyarwood at redhat.com
Mon Nov 7 17:42:02 UTC 2016
Hello all,
The following bug was recently discovered where encrypted volumes
created prior to Newton use a slightly mangled passphrase :
The passphrase used to encrypt or decrypt volumes was mangled prior to Newton
https://launchpad.net/bugs/1633518
This is currently being resolved for LUKS based volumes in the following
change with the incorrect passphrase being removed and replaced :
encryptors: Workaround mangled passphrases
https://review.openstack.org/#/c/386670/
Unfortunately we can't do the same for volumes using the plain format
provided by the CryptsetupEncryptor class. While the above change does
include a workaround it would be better if we could deprecate this
format and encryptor for new volumes ASAP and move everyone to LUKS etc.
Before deprecating CryptsetupEncryptor I wanted to ask this list if we
have any active users of this encryptor and if so why is it being used?
Is there a specific use case where plain is better than LUKS and thus
needs to stay around?
Thanks in advance,
Lee
--
Lee Yarwood
Senior Software Engineer
Red Hat
PGP : A5D1 9385 88CB 7E5F BE64 6618 BCA6 6E33 F672 2D76
More information about the OpenStack-operators
mailing list