Cinder

multiattach should not be supported when using volume encryption

Bug #1770689 reported by Eric Harney
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Cinder
Fix Released
High
Eric Harney

Bug Description

We don't have any reason to believe that the LUKS layer we use for volume encryption will work safely in a multi-attach scenario.

We should not allow multi-attach for encrypted volumes.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (master)

Fix proposed to branch: master
Review: https://review.openstack.org/567890

Changed in cinder:
assignee: nobody → Eric Harney (eharney)
status: New → In Progress
Eric Harney (eharney)
Changed in cinder:
importance: Undecided → High
tags: added: multiattach
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (master)

Reviewed: https://review.openstack.org/567890
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=18327971ca7231807294a6b1dbf3d80c23cb6796
Submitter: Zuul
Branch: master

commit 18327971ca7231807294a6b1dbf3d80c23cb6796
Author: Eric Harney <email address hidden>
Date: Fri May 11 11:56:27 2018 -0400

    Disallow multiattach for encrypted volumes

    We can't assume that the LUKS layer used for
    volume encryption functions in a way that will
    safely work with multiattach.

    Closes-Bug: #1770689

    Change-Id: I613b48a9e89270b2f0266bffc5aeeefad37ce8fb

Changed in cinder:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.openstack.org/569269

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (stable/queens)

Reviewed: https://review.openstack.org/569269
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=d8d9e1cce7e0fc0170b7b195ecc4ee09e10b0774
Submitter: Zuul
Branch: stable/queens

commit d8d9e1cce7e0fc0170b7b195ecc4ee09e10b0774
Author: Eric Harney <email address hidden>
Date: Fri May 11 11:56:27 2018 -0400

    Disallow multiattach for encrypted volumes

    We can't assume that the LUKS layer used for
    volume encryption functions in a way that will
    safely work with multiattach.

    Closes-Bug: #1770689

    Change-Id: I613b48a9e89270b2f0266bffc5aeeefad37ce8fb
    (cherry picked from commit 18327971ca7231807294a6b1dbf3d80c23cb6796)

tags: added: in-stable-queens
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/cinder 12.0.2

This issue was fixed in the openstack/cinder 12.0.2 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to cinder (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/572184

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/cinder 13.0.0.0b2

This issue was fixed in the openstack/cinder 13.0.0.0b2 development milestone.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to cinder (master)

Reviewed: https://review.openstack.org/572184
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=29e1861a484f5d344f8011e4fae3c7c86849854d
Submitter: Zuul
Branch: master

commit 29e1861a484f5d344f8011e4fae3c7c86849854d
Author: Matt Riedemann <email address hidden>
Date: Mon Jun 4 14:49:08 2018 -0400

    Add note about multiattach not supporting encryption to docs

    Per change I613b48a9e89270b2f0266bffc5aeeefad37ce8fb encryption
    is not supported with multiattach-capable volumes.

    Change-Id: Ife204c380a9d3d12938a907dee6d93d01aaec0ce
    Related-Bug: #1770689

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.