I've been looking into using encrypted ephemeral storage with LVM. With the [ephemeral_storage_encryption] and [keymgr] sections to nova.conf, I get an LVM volume with "-dmcrypt" is appended to the volume name, but otherwise see no difference; I can still grep for text inside the volume.
Upon reading the source, I don't see "cryptsetup luksFormat" being called anywhere (nova/libvirt/storage/*). I was expecting a new encrypted LVM volume when a new instance was created. Are my expectations misplaced? How is this feature envisioned to work? Thanks, -Chris
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev