Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick

2015-12-07 Thread Coffman, Joel M.
On 12/2/15, 4:01 PM, "Ben Swartzlander" wrote: >On 11/30/2015 09:04 AM, Coffman, Joel M. wrote: >> >> >> On 11/25/15, 11:33 AM, "Ben Swartzlander" > > wrote: >> >> On 11/24/2015 03:27 PM, Nathan Reller wrote: >> >>

Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick

2015-12-07 Thread Li, Xiaoyan
> -Original Message- > From: Ben Swartzlander [mailto:b...@swartzlander.org] > Sent: Friday, December 4, 2015 2:45 AM > To: OpenStack Development Mailing List (not for usage questions) > Subject: Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick > > O

Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick

2015-12-03 Thread Duncan Thomas
On 3 December 2015 at 11:14, Li, Xiaoyan wrote: > Just to clear the data operations cinder needs to touch plaintext data are: > 1) Create volume from glance image > 2) Create glance image from volume > 3) Retype encrypted volumes. That is to change a volume from

Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick

2015-12-03 Thread Li, Xiaoyan
Thank you, Ben. I agree with you, and just to clear the cinder operations which needs to decrypt volumes in following. On Dec 3, 2015 05:01, Ben Swartzlander wrote: > On 11/30/2015 09:04 AM, Coffman, Joel M. wrote: >> >> >> On 11/25/15, 11:33 AM, "Ben Swartzlander" >

Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick

2015-12-03 Thread Li, Xiaoyan
From: Coffman, Joel M. [mailto:joel.coff...@jhuapl.edu] Sent: Thursday, December 3, 2015 2:07 AM To: openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick From: "duncan.tho...@gmail.com<mailto:duncan.tho...@gmail.com>" <dunc

Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick

2015-12-03 Thread Ben Swartzlander
On 12/03/2015 07:40 AM, Duncan Thomas wrote: On 3 December 2015 at 11:14, Li, Xiaoyan > wrote: Just to clear the data operations cinder needs to touch plaintext data are: 1) Create volume from glance image 2) Create glance

Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick

2015-12-02 Thread Coffman, Joel M.
lt;mailto:openstack-dev@lists.openstack.org>> Date: Monday, November 30, 2015 at 9:13 AM To: "openstack-dev@lists.openstack.org<mailto:openstack-dev@lists.openstack.org>" <openstack-dev@lists.openstack.org<mailto:openstack-dev@lists.openstack.org>> Subject: Re: [op

Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick

2015-12-02 Thread Ben Swartzlander
On 11/30/2015 09:04 AM, Coffman, Joel M. wrote: On 11/25/15, 11:33 AM, "Ben Swartzlander" > wrote: On 11/24/2015 03:27 PM, Nathan Reller wrote: the cinder admin and the nova admin are ALWAYS the same people There

Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick

2015-11-30 Thread Coffman, Joel M.
On 11/25/15, 11:33 AM, "Ben Swartzlander" > wrote: On 11/24/2015 03:27 PM, Nathan Reller wrote: the cinder admin and the nova admin are ALWAYS the same people There is interest in hybrid clouds where the Nova and Cinder services are managed

Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick

2015-11-30 Thread Duncan Thomas
On 30 November 2015 at 16:04, Coffman, Joel M. wrote: > On 11/25/15, 11:33 AM, "Ben Swartzlander" wrote: > > On 11/24/2015 03:27 PM, Nathan Reller wrote: > > Trying to design a system where we expect nova to do data encryption but > not cinder

Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick

2015-11-25 Thread Ben Swartzlander
On 11/24/2015 03:27 PM, Nathan Reller wrote: the cinder admin and the nova admin are ALWAYS the same people There is interest in hybrid clouds where the Nova and Cinder services are managed by different providers. The customer would place higher trust in Nova because you must trust the compute

[openstack-dev] [cinder][nova]Move encryptors to os-brick

2015-11-24 Thread Nathan Reller
> the cinder admin and the nova admin are ALWAYS the same people There is interest in hybrid clouds where the Nova and Cinder services are managed by different providers. The customer would place higher trust in Nova because you must trust the compute service, and the customer would place less

Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick

2015-11-24 Thread Ben Swartzlander
On 11/23/2015 06:03 AM, Daniel P. Berrange wrote: On Fri, Nov 20, 2015 at 02:44:17PM -0500, Ben Swartzlander wrote: On 11/20/2015 01:19 PM, Daniel P. Berrange wrote: On Fri, Nov 20, 2015 at 02:45:15PM +0200, Duncan Thomas wrote: Brick does not have to take over the decisions in order to be a

Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick

2015-11-24 Thread Farr, Kaitlin M.
- From: Li, Xiaoyan [mailto:xiaoyan.li at intel.com] Sent: Monday, November 23, 2015 8:57 PM To: OpenStack Development Mailing List (not for usage questions); Daniel P. Berrange Subject: Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick Hi, Except creating encrypted volume from

Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick

2015-11-23 Thread Daniel P. Berrange
On Fri, Nov 20, 2015 at 02:44:17PM -0500, Ben Swartzlander wrote: > On 11/20/2015 01:19 PM, Daniel P. Berrange wrote: > >On Fri, Nov 20, 2015 at 02:45:15PM +0200, Duncan Thomas wrote: > >>Brick does not have to take over the decisions in order to be a useful > >>repository for the code. The

Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick

2015-11-23 Thread Daniel P. Berrange
On Fri, Nov 20, 2015 at 11:34:29AM -0800, Walter A. Boring IV wrote: > On 11/20/2015 10:19 AM, Daniel P. Berrange wrote: > >On Fri, Nov 20, 2015 at 02:45:15PM +0200, Duncan Thomas wrote: > >>Brick does not have to take over the decisions in order to be a useful > >>repository for the code. The

Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick

2015-11-23 Thread Duncan Thomas
Hi Daniel Much of this got discussed before. Encrypted images uploaded to glance aren't shareable, and there is definitely a desire by many users to keep the usual glance functionality while having encryption at rest in cinder for e.g. regulatory purposes. There is also some desire to be able

Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick

2015-11-23 Thread Li, Xiaoyan
questions) Subject: Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick Hi Daniel Much of this got discussed before. Encrypted images uploaded to glance aren't shareable, and there is definitely a desire by many users to keep the usual glance functionality while having encryption at rest

Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick

2015-11-23 Thread Li, Xiaoyan
List (not for usage questions); Daniel P. Berrange Subject: Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick Hi, Except creating encrypted volume from images, uploading encrypted volumes to image, as Duncan said there is desire to migrate volumes between encrypted and unencrypted

Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick

2015-11-20 Thread Daniel P. Berrange
On Fri, Nov 20, 2015 at 03:22:04AM +, Li, Xiaoyan wrote: > Hi all, > > To fix bug [1][2] in Cinder, Cinder needs to use nova/volume/encryptors[3] > to attach/detach encrypted volumes. > > To decrease the code duplication, I raised a BP[4] to move encryptors to > os-brick[5]. > > Once it is

Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick

2015-11-20 Thread Duncan Thomas
Brick does not have to take over the decisions in order to be a useful repository for the code. The motivation for this work is to avoid having the dm setup code copied wholesale into cinder, where it becomes difficult to keep in sync with the code in nova. Cinder needs a copy of this code since

Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick

2015-11-20 Thread Daniel P. Berrange
On Fri, Nov 20, 2015 at 02:45:15PM +0200, Duncan Thomas wrote: > Brick does not have to take over the decisions in order to be a useful > repository for the code. The motivation for this work is to avoid having > the dm setup code copied wholesale into cinder, where it becomes difficult > to keep

Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick

2015-11-20 Thread Walter A. Boring IV
On 11/20/2015 10:19 AM, Daniel P. Berrange wrote: On Fri, Nov 20, 2015 at 02:45:15PM +0200, Duncan Thomas wrote: Brick does not have to take over the decisions in order to be a useful repository for the code. The motivation for this work is to avoid having the dm setup code copied wholesale

Re: [openstack-dev] [cinder][nova]Move encryptors to os-brick

2015-11-20 Thread Ben Swartzlander
On 11/20/2015 01:19 PM, Daniel P. Berrange wrote: On Fri, Nov 20, 2015 at 02:45:15PM +0200, Duncan Thomas wrote: Brick does not have to take over the decisions in order to be a useful repository for the code. The motivation for this work is to avoid having the dm setup code copied wholesale

[openstack-dev] [cinder][nova]Move encryptors to os-brick

2015-11-19 Thread Li, Xiaoyan
Hi all, To fix bug [1][2] in Cinder, Cinder needs to use nova/volume/encryptors[3] to attach/detach encrypted volumes. To decrease the code duplication, I raised a BP[4] to move encryptors to os-brick[5]. Once it is done, Nova needs to update to use the common library. This is BP raised.