Switch to os-brick encryptor provider implementations
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Compute (nova) |
Fix Released
|
Wishlist
|
Lee Yarwood | ||
Bug Description
Description
===========
Nova and os-brick both currently provide encryptor implementations after these were copied into os-brick by the following change :
Copy encryptors from Nova to os-brick
https:/
As these are now at risk of becoming out of sync with Nova due to bug#1639221, bug#1633518 & bug#1639293 we should really re-sync everything with os-brick and remove the implementations from Nova.
Steps to reproduce
==================
Attach an encrypted volume to an instance.
Expected result
===============
encryptor implementations supplied by os-brick.
Actual result
=============
encryptor implementations supplied by Nova.
Environment
===========
1. Exact version of OpenStack you are running. See the following
Ocata master
2. Which hypervisor did you use?
libvirt appears to be the only virt-driver using these implementations at present.
2. Which storage type did you use?
N/A
3. Which networking type did you use?
N/A
Logs & Configs
==============
N/A
| Changed in nova: | |
| assignee: | nobody → Lee Yarwood (lyarwood) |
| Lee Yarwood (lyarwood) wrote | #1 |
| Changed in nova: | |
| status: | New → In Progress |
| Sean McGinnis (sean-mcginnis) wrote | #2 |
| Changed in os-brick: | |
| status: | New → Incomplete |
| no longer affects: | os-brick |
| Changed in nova: | |
| importance: | Undecided → Wishlist |
| Sean Dague (sdague) wrote | #3 |
| Changed in nova: | |
| status: | In Progress → New |
| assignee: | Lee Yarwood (lyarwood) → nobody |
| Matt Riedemann (mriedem) wrote | #5 |
| Changed in nova: | |
| milestone: | none → pike-2 |
| status: | New → Fix Released |
| assignee: | nobody → Lee Yarwood (lyarwood) |
Documenting the additional fixes that have landed in os-brick since the original copy. Note that the original copy itself refactored a few things so re-syncing is going to be FUN!
# cd os-brick
# git rev-parse HEAD
fb0b7e3e3ef32d4
# git log os_brick/
commit 9daa20e78e0a3bb
Author: lisali <email address hidden>
Date: Tue Aug 16 15:37:35 2016 +0800
Add missing %s in print message
This is to add some missing %s in print message.
Change-Id: I7ac9b9ee8874d9
commit 14df0c7721d0a8a
Author: yuyafei <email address hidden>
Date: Sat Jul 9 10:17:48 2016 +0800
Remove unused LOG to keep code clean
TrivialFix
Change-Id: I2dde2430011a77
commit 9d2bb5e15de92c7
Author: lisali <email address hidden>
Date: Wed Jul 6 13:48:20 2016 +0800
Fix multipath iSCSI encrypted volume attach failure
This is to copy fix of bug 1439869 from Nova to os-brick.
Currently iSCSI volume attachment fails if iscsi_use_multipath is
set to True. This is because the encryptor requests cryptsetup
to create the symlink to the LUKS device with the same name of
the device-mapper multipath device. To avoid the name collision,
this patch adds the 'crypt-' prefix to the symlink.
Change-Id: Ia001204df9b14f
Closes-Bug: #1439869
commit 05827810ca931da
Author: LisaLi <email address hidden>
Date: Thu Nov 19 08:55:36 2015 +0000
Copy encryptors from Nova to os-brick
Currently, when creating an encrypted volume from an image, Cinder
writes raw data to the encrypted volume. When Cinder uploads an
encrypted volume to an image, it writes encrypted data to the image.
As a result, Nova cannot use these images or volumes.
To fix above problem, cinder needs to add encryptor attach/detach
layers.
As both Nova and Cinder needs to use the module, the fix is to
move it to os-brick.
It copies encryptors from Nova to os-brick, and keep all interfaces
unchanged except initialization.
Change-Id: I8044183ad02110
Implements: blueprint improve-
Related-bug: #1482464
Related-bug: #1465656