yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1532688] Re: Testing volume encryption fails

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Nguyen Truong Son <1532688@xxxxxxxxxxxxxxxxxx>
Date: Fri, 15 Jan 2016 01:12:58 -0000
Reply-to: Bug 1532688 <1532688@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: openstack-manuals
       Status: New => Invalid

** Changed in: nova
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1532688

Title:
  Testing volume encryption fails

Status in OpenStack Compute (nova):
  Invalid
Status in openstack-manuals:
  Invalid

Bug description:
  Hi

  I deploy openstack liberty with nfs cinder and barbican key manager.
  When attaching encrypted volume to instance, in compute host run the
  command:

  sudo nova-rootwrap /etc/nova/rootwrap.conf cryptsetup --batch-mode
  luksFormat --key-file=- --cipher aes-xts-plain64 --key-size 512
  /home/openstack/deployment/lib/nova/mnt/014350d8bf61a4224293d8dd521b6438
  /volume-ac170625-e126-4f01-b123-55f864125821

  After that, it run the command:

  sudo nova-rootwrap /etc/nova/rootwrap.conf cryptsetup luksOpen --key-
  file=-
  /home/openstack/deployment/lib/nova/mnt/014350d8bf61a4224293d8dd521b6438
  /volume-ac170625-e126-4f01-b123-55f864125821 volume-
  ac170625-e126-4f01-b123-55f864125821

  The luksOpen does things: original cinder volume file is deleted, and it is a link pointed to the encrypted device.
  See: https://bugs.launchpad.net/nova/+bug/1511255

  compute host is where cryptsetup is run, so it can read data from
  volume.

  When run command to test: strings
  /home/openstack/deployment/lib/nova/mnt/014350d8bf61a4224293d8dd521b6438
  /volume-ac170625-e126-4f01-b123-55f864125821 | grep "Hello"

  Result is:

  Hello, world (unencrypted /dev/vdb)
  Hello, world (encrypted /dev/vdc)

  -----------------------------------
  Built: 2016-01-10T11:13:36 00:00
  git SHA: 2e180b474baadea9df8d9ae5f73a0cf8e150a417
  URL: http://docs.openstack.org/liberty/config-reference/content/section_testing_encryption.html
  source File: file:/home/jenkins/workspace/openstack-manuals-tox-doc-publishdocs/doc/config-reference/block-storage/section_volume-encryption.xml
  xml:id: section_testing_encryption

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1532688/+subscriptions