[Openstack-operators] [nova] Do we have users of CryptsetupEncryptor and if so why?
Lee Yarwood
lyarwood at redhat.com
Tue Nov 8 14:15:47 UTC 2016
On 07-11-16 17:42:02, Lee Yarwood wrote:
> Hello all,
>
> The following bug was recently discovered where encrypted volumes
> created prior to Newton use a slightly mangled passphrase :
>
> The passphrase used to encrypt or decrypt volumes was mangled prior to Newton
> https://launchpad.net/bugs/1633518
>
> This is currently being resolved for LUKS based volumes in the following
> change with the incorrect passphrase being removed and replaced :
>
> encryptors: Workaround mangled passphrases
> https://review.openstack.org/#/c/386670/
>
> Unfortunately we can't do the same for volumes using the plain format
> provided by the CryptsetupEncryptor class. While the above change does
> include a workaround it would be better if we could deprecate this
> format and encryptor for new volumes ASAP and move everyone to LUKS etc.
>
> Before deprecating CryptsetupEncryptor I wanted to ask this list if we
> have any active users of this encryptor and if so why is it being used?
> Is there a specific use case where plain is better than LUKS and thus
> needs to stay around?
>
> Thanks in advance,
>
> Lee
CC'ing openstack-dev for some additional feedback.
--
Lee Yarwood
Senior Software Engineer
Red Hat
PGP : A5D1 9385 88CB 7E5F BE64 6618 BCA6 6E33 F672 2D76
More information about the OpenStack-operators
mailing list