Hi all, I'm investigating the options for configuring Cinder with encrypted volumes and have a few questions.
The Cinder environment is currently running Kilo which will be upgraded to something between M-O later this year. The Kilo release supports the fixed_key setting. I see fixed_key is still supported, but has been abstracted into Castellan. Question: If I configure Kilo with a fixed key, will existing volumes still be able to work with that same fixed key in an M, N, O release? Next, fixed_key is discouraged because of it being a single key for all tenants. My understanding is that Barbican provides a way for each tenant to generate their own key. Question: If I deploy with fixed_key (either now or in a later release), can I move from a master key to Barbican without bricking all existing volumes? Are there any other issues to be aware of? I've done a bunch of Googling and searching on bugs.launchpad.net and am pretty satisfied with the current state of support. My intention is to provide users with simple native encrypted volume support - not so much supporting uploaded volumes, bootable volumes, etc. But what I want to make sure of is that I'm not in a position where in order to upgrade, a bunch of volumes become irrecoverable. Thanks, Joe
_______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
