cinder wrote unencrypted data to encrypted volumes when creating from an image
Bug #1482464 reported by
Lisa Li
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Fix Released
|
High
|
Lisa Li | ||
Kilo |
Fix Released
|
Undecided
|
Lisa Li | ||
Liberty |
Fix Released
|
Undecided
|
Unassigned | ||
os-brick |
Fix Released
|
Undecided
|
Lisa Li |
Bug Description
Currently when cinder creates a encrypted volume from an image, it just reads the original data, and then writes it to the volume.
No encryption here.
As a result, when Nova boots from the volume, it thinks the data is encrypted and then accesses the data through encryption driver.
As a result, it fails to boot.
The work is decided to two parts:
1. Prevent creating encryption volumes through cinder create --image-id
Later,
2. Add the function to read encrypted data from image, encrypted it and then write to encrypted volume.
Related branches
Changed in cinder: | |
importance: | Undecided → High |
Changed in cinder: | |
milestone: | none → liberty-3 |
status: | Fix Committed → Fix Released |
Changed in cinder: | |
milestone: | liberty-3 → 7.0.0 |
Changed in cinder: | |
milestone: | 7.0.0 → ongoing |
status: | Fix Released → Confirmed |
Changed in cinder: | |
status: | Confirmed → In Progress |
Changed in cinder: | |
status: | Triaged → In Progress |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/210219
Review: https:/