yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #44701
[Bug 1532688] Re: Testing volume encryption fails
** Changed in: openstack-manuals
Status: New => Invalid
** Changed in: nova
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1532688
Title:
Testing volume encryption fails
Status in OpenStack Compute (nova):
Invalid
Status in openstack-manuals:
Invalid
Bug description:
Hi
I deploy openstack liberty with nfs cinder and barbican key manager.
When attaching encrypted volume to instance, in compute host run the
command:
sudo nova-rootwrap /etc/nova/rootwrap.conf cryptsetup --batch-mode
luksFormat --key-file=- --cipher aes-xts-plain64 --key-size 512
/home/openstack/deployment/lib/nova/mnt/014350d8bf61a4224293d8dd521b6438
/volume-ac170625-e126-4f01-b123-55f864125821
After that, it run the command:
sudo nova-rootwrap /etc/nova/rootwrap.conf cryptsetup luksOpen --key-
file=-
/home/openstack/deployment/lib/nova/mnt/014350d8bf61a4224293d8dd521b6438
/volume-ac170625-e126-4f01-b123-55f864125821 volume-
ac170625-e126-4f01-b123-55f864125821
The luksOpen does things: original cinder volume file is deleted, and it is a link pointed to the encrypted device.
See: https://bugs.launchpad.net/nova/+bug/1511255
compute host is where cryptsetup is run, so it can read data from
volume.
When run command to test: strings
/home/openstack/deployment/lib/nova/mnt/014350d8bf61a4224293d8dd521b6438
/volume-ac170625-e126-4f01-b123-55f864125821 | grep "Hello"
Result is:
Hello, world (unencrypted /dev/vdb)
Hello, world (encrypted /dev/vdc)
-----------------------------------
Built: 2016-01-10T11:13:36 00:00
git SHA: 2e180b474baadea9df8d9ae5f73a0cf8e150a417
URL: http://docs.openstack.org/liberty/config-reference/content/section_testing_encryption.html
source File: file:/home/jenkins/workspace/openstack-manuals-tox-doc-publishdocs/doc/config-reference/block-storage/section_volume-encryption.xml
xml:id: section_testing_encryption
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1532688/+subscriptions