Uploading an encrypted LVM volume to Glance as qcow2 fails
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Uploading as a raw image works, but uploading as qcow2 fails because qemu-img convert does not have a passphrase passed in to read the source volume and convert it to encrypted qcow2.
Not sure if we should do this conversion, or reject this scenario.
$ cinder upload-to-image --container-format bare --disk-format raw 23236a93-
Sep 19 14:44:37 centos7vm1.
Sep 19 14:44:37 centos7vm1.
Sep 19 14:44:37 centos7vm1.
Sep 19 14:44:37 centos7vm1.
> Not sure if we should do this conversion, or reject this scenario.
My thought is that short-term, reject the conversion. I can see people wanting this ability (to save storage space/cost), but that puts pressure on the c-vol nodes do to the conversion for upload and download (and I don't know whether for most images, the extra time in conversion would be greater or less than the transfer time difference between raw and qcow2). There's also the issue of whether nova can handle an encrypted qcow2. So I'm thinking we can improve the user experience now but wait for clear demand before implementing the conversion. Unless it's super simple to implement. But then I'm still worried about the extra CPU time--I don't think we want to add a config option to allow/disallow this, like we did with the hardware compression accelerator spec. So I'm no help at all here.