Indeed, it works only for iSCSI Cinder backends. I believe there are at least two ways in which volume encryption for Ceph could be achieved: - by implementing encryption at librbd level (user space) - rewriting Ceph's Cinder plugin, to attach RBD images not through libvirt/librbd but for accessing Ceph use native Linux kernel RBD driver and stack LUKS atop of RBD (device-mapper way)
Regards, Adam On Thu, Jul 30, 2015 at 8:02 AM, Li, Xiaoyan <xiaoyan...@intel.com> wrote: > Hi all, > > I created an encryption type, and create a volume in Ceph with the volume > type. > >> cinder encryption-type-create > > But failed to attach it to a VM. The error message shows that no > device_path in connection_info. > > ^[[01;31m2015-07-30 05:55:57.117 TRACE oslo_messaging.rpc.dispatcher > ^[[01;35m^[[00m self.symlink_path = > connection_info['data']['device_path']^M > ^[[01;31m2015-07-30 05:55:57.117 TRACE oslo_messaging.rpc.dispatcher > ^[[01;35m^[[00mKeyError: 'device_path' > > Two questions: > 1. Is it not supported to create volume in Ceph with encrypted volume type? > 2. If yes, should we prohibit to create a Ceph volume with encrypted > volume type. > > Best wishes > Lisa > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- Adam Heczko Security Engineer @ Mirantis Inc.
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev