[Openstack-operators] [nova] Do we have users of CryptsetupEncryptor and if so why?

Lee Yarwood lyarwood at redhat.com
Mon Nov 7 17:42:02 UTC 2016


Hello all,

The following bug was recently discovered where encrypted volumes
created prior to Newton use a slightly mangled passphrase :

The passphrase used to encrypt or decrypt volumes was mangled prior to Newton
https://launchpad.net/bugs/1633518

This is currently being resolved for LUKS based volumes in the following
change with the incorrect passphrase being removed and replaced :

encryptors: Workaround mangled passphrases
https://review.openstack.org/#/c/386670/

Unfortunately we can't do the same for volumes using the plain format
provided by the CryptsetupEncryptor class. While the above change does
include a workaround it would be better if we could deprecate this
format and encryptor for new volumes ASAP and move everyone to LUKS etc.

Before deprecating CryptsetupEncryptor I wanted to ask this list if we
have any active users of this encryptor and if so why is it being used?
Is there a specific use case where plain is better than LUKS and thus
needs to stay around?

Thanks in advance,

Lee
-- 
Lee Yarwood
Senior Software Engineer
Red Hat

PGP : A5D1 9385 88CB 7E5F BE64  6618 BCA6 6E33 F672 2D76



More information about the OpenStack-operators mailing list