Reviewed: https://review.openstack.org/544238 Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=7ceccee056cb8f50cb5efebd5156cfc56d8e4af7 Submitter: Zuul Branch: master
commit 7ceccee056cb8f50cb5efebd5156cfc56d8e4af7 Author: Lee Yarwood <lyarw...@redhat.com> Date: Wed Feb 14 10:19:24 2018 +0000 libvirt: Block swapping to an encrypted volume when using QEMU to decrypt The original check in Ibfa64f18bbd2fb70db7791330ed1a64fe61c1355 only blocked swap volume _from_ an encrypted LUKS volume while using native QEMU decryption. This change expands that check to also block swap volume when swapping _to_ an encrypted LUKS volume while using native QEMU decryption, regardless of the original volume being encrypted. Change-Id: I258127fdcd011ccec721d5ff62eb7f128f130336 Closes-bug: #1749418 ** Changed in: nova Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1749418 Title: swap volume not blocked between an unencrypted and encrypted volume while using QEMU to natively decrypt Status in OpenStack Compute (nova): Fix Released Status in OpenStack Compute (nova) queens series: Confirmed Bug description: Description =========== The original check [1] introduced in Queens only handles cases where we are swapping from an encrypted LUKS volume and does not handle swapping from an unencrypted volume into an encrypted LUKS volume. This still needs to be blocked pending additional QEMU/libvirt wiring to allow data to be rebased into an encrypted LUKS disk while using QEMU to natively read and write to the disk. [1] https://review.openstack.org/#/c/523958/18/nova/virt/libvirt/driver.py@1487 Steps to reproduce ================== Swap between an unencrypted volume to a LUKS encrypted volume in >=Queens with the native QEMU decryption requirements met (QEMU >=2.6 and Libvirt >=2.2.0 ). Expected result =============== This is blocked by n-cpu with a NotImplementedError raised. Actual result ============= This is allowed but ultimately fails due to Libvirt being unable to rebase into the encrypted disk. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1749418/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp