[Yahoo-eng-team] [Bug 1749418] Re: swap volume not blocked between an unencrypted and encrypted volume while using QEMU to natively decrypt

OpenStack Infra Mon, 09 Apr 2018 11:31:33 -0700

Reviewed:  https://review.openstack.org/544238
Committed: 
https://git.openstack.org/cgit/openstack/nova/commit/?id=7ceccee056cb8f50cb5efebd5156cfc56d8e4af7
Submitter: Zuul
Branch:    master


commit 7ceccee056cb8f50cb5efebd5156cfc56d8e4af7
Author: Lee Yarwood <lyarw...@redhat.com>
Date:   Wed Feb 14 10:19:24 2018 +0000

    libvirt: Block swapping to an encrypted volume when using QEMU to decrypt
    
    The original check in Ibfa64f18bbd2fb70db7791330ed1a64fe61c1355 only
    blocked swap volume _from_ an encrypted LUKS volume while using native
    QEMU decryption. This change expands that check to also block swap
    volume when swapping _to_ an encrypted LUKS volume while using native
    QEMU decryption, regardless of the original volume being encrypted.
    
    Change-Id: I258127fdcd011ccec721d5ff62eb7f128f130336
    Closes-bug: #1749418


** Changed in: nova
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1749418

Title:
  swap volume not blocked between an unencrypted and encrypted volume
  while using QEMU to natively decrypt

Status in OpenStack Compute (nova):
  Fix Released
Status in OpenStack Compute (nova) queens series:
  Confirmed

Bug description:
  Description
  ===========
  The original check [1] introduced in Queens only handles cases where we are 
swapping from an encrypted LUKS volume and does not handle swapping from an 
unencrypted volume into an encrypted LUKS volume. This still needs to be 
blocked pending additional QEMU/libvirt wiring to allow data to be rebased into 
an encrypted LUKS disk while using QEMU to natively read and write to the disk.

  [1]
  https://review.openstack.org/#/c/523958/18/nova/virt/libvirt/driver.py@1487

  Steps to reproduce
  ==================
  Swap between an unencrypted volume to a LUKS encrypted volume in >=Queens 
with the native QEMU decryption requirements met (QEMU >=2.6 and Libvirt 
>=2.2.0 ).

  Expected result
  ===============
  This is blocked by n-cpu with a NotImplementedError raised.

  Actual result
  =============
  This is allowed but ultimately fails due to Libvirt being unable to rebase 
into the encrypted disk.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1749418/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1749418] Re: swap volume not blocked between an unencrypted and encrypted volume while using QEMU to natively decrypt

Reply via email to