** Also affects: nova (Ubuntu) Importance: Undecided Status: New ** No longer affects: nova (Ubuntu)
** Also affects: nova Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1532688 Title: Testing volume encryption fails Status in OpenStack Compute (nova): New Status in openstack-manuals: New Bug description: Hi I deploy openstack liberty with nfs cinder and barbican key manager. When attaching encrypted volume to instance, in compute host run the command: sudo nova-rootwrap /etc/nova/rootwrap.conf cryptsetup --batch-mode luksFormat --key-file=- --cipher aes-xts-plain64 --key-size 512 /home/openstack/deployment/lib/nova/mnt/014350d8bf61a4224293d8dd521b6438 /volume-ac170625-e126-4f01-b123-55f864125821 After that, it run the command: sudo nova-rootwrap /etc/nova/rootwrap.conf cryptsetup luksOpen --key- file=- /home/openstack/deployment/lib/nova/mnt/014350d8bf61a4224293d8dd521b6438 /volume-ac170625-e126-4f01-b123-55f864125821 volume- ac170625-e126-4f01-b123-55f864125821 The luksOpen does things: original cinder volume file is deleted, and it is a link pointed to the encrypted device. See: https://bugs.launchpad.net/nova/+bug/1511255 compute host is where cryptsetup is run, so it can read data from volume. When run command to test: strings /home/openstack/deployment/lib/nova/mnt/014350d8bf61a4224293d8dd521b6438 /volume-ac170625-e126-4f01-b123-55f864125821 | grep "Hello" Result is: Hello, world (unencrypted /dev/vdb) Hello, world (encrypted /dev/vdc) ----------------------------------- Built: 2016-01-10T11:13:36 00:00 git SHA: 2e180b474baadea9df8d9ae5f73a0cf8e150a417 URL: http://docs.openstack.org/liberty/config-reference/content/section_testing_encryption.html source File: file:/home/jenkins/workspace/openstack-manuals-tox-doc-publishdocs/doc/config-reference/block-storage/section_volume-encryption.xml xml:id: section_testing_encryption To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1532688/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp