EncryptionInOpenstack
Contents
Encryption in OpenStack
Just some notes and bits 'n' bobs I have gathered on various encryption efforts in various projects. Ultimately this page would like to become a reasonable overview of encryption usage as it develops across OpenStack. Please edit and extend this as desired.
Nova Ephemeral
(The disks Nova creates that live on the compute node)
Summary:
Work is progressing, Barbican keymanager integration has now been accepted and merged.
Link(s) to relevant blueprints:
- https://blueprints.launchpad.net/nova/+spec/encryption-with-barbican Nova key manager with Barbican.
- https://blueprints.launchpad.net/nova/+spec/encryption-with-barbican Barbican key manager.
- https://blueprints.launchpad.net/nova/+spec/encrypt-ephemeral-storage-ecryptfs work to add eCryptfs.
Link(s) to relevant reviews:
- https://review.openstack.org/#/c/40467/ - Adds ephemeral storage encryption for LVM backend, merged.
- https://review.openstack.org/#/c/104001/ - Adds Barbican key manager wrapper
- https://review.openstack.org/#/c/30973/ - adds key manager, merged
Link(s) to IRC/Other discussions:
Cinder
One line summary:
Encryption for cinder volumes was added during Havana, but not integrated into Horizon. This has initial Barbican integration for key management.
Link(s) to relevant blueprints:
Link(s) to relevant reviews:
- https://review.openstack.org/#/c/104339/ - Adds Barbican key manager, merged.
- https://review.openstack.org/#/c/39292/ - Key manager interface. Merged.
- https://review.openstack.org/#/c/71125/ - Adds encrypted volume indicator to horizon, merged.
- https://review.openstack.org/#/c/57715/ - Horizon support for Cinder volume type encryption
- https://review.openstack.org/#/c/72024/ - Update and delete for Cinder volume type encryption
- https://review.openstack.org/#/c/57715/ - Add encryption type update to cinder client
Link(s) to IRC/Other discussions:
Notes:
Swift
One line summary:
Lots of discussions going on and spec work at the moment.
Link(s) to relevant blueprints:
- https://blueprints.launchpad.net/swift/+spec/encrypted-objects
- https://blueprints.launchpad.net/swift/+spec/swift-enc-proxy
Link(s) to relevant reviews:
Link(s) to IRC/Other discussions:
Notes:
Glance
One line summary:
Nothing that I could find.
Link(s) to relevant blueprints:
Link(s) to relevant reviews:
Link(s) to IRC/Other discussions:
Notes:
Glance seems to have no encryption specific stuff. It may get this from swift containers though once Swift's encryption efforts develop.
Other Stuff
- Barbican use in LBaaS from Neutron: https://blueprints.launchpad.net/neutron/+spec/lbaas-ssl-termination