On 23/11/15 03:45 +0000, Li, Xiaoyan wrote:
Hi all, More help about volume encryption is needed.About uploading encrypted volumes to image, there are three options: 1. Glance only keeps non-encrypted images. So when uploading encrypted volumes to image, cinder de-crypts the data and upload. 2. Glance maintain encrypted images. Cinder just upload the encrypted data to image. 3. Just prevent the function to upload encrypted volumes to images.
The subject and content of this email explicitly mentions uploads and therefore I think #1 is probably the best option here. However, it is also possible to create an image and make it point to a cinder location. Then, you could have nova boot from that as if it was booting from a cinder volume. That way, the image won't be sent to Glance and it'll remain encrypted in its volume. Hope I didn't digress from the requirements with that option, which is still valid. Flavio
Option 1 No changes needed in Glance. But it may be not safe. As we decrypt the data, and upload it to images. Option 2 This imports encryption to Glance which needs to manage the encryption metadata. Please add more if you have other suggestions. How do you think which one is preferred. Appreciate for your help. Best wishes Lisa __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-- @flaper87 Flavio Percoco
signature.asc
Description: PGP signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev