From 725629a2dc168fe7db7cc1efe6637734108f3d3b Mon Sep 17 00:00:00 2001 From: Eric Harney Date: Thu, 23 Mar 2017 12:07:54 -0400 Subject: [PATCH] RemoteFS: prevent creation of encrypted volumes Support for volume encryption of FS-based volumes is not currently implemented in Nova. Creating encrypted volumes with these drivers can result in dangerous and undesired behavior. Block creation of encrypted volumes for these drivers until this is supported. This adds a per-driver switch which can be used to enable this for individual RemoteFS drivers as they are tested. Closes-Bug: #1675469 Change-Id: I39d4230106c891e1b480989daaf72bea5a64e4b3 (cherry picked from commit e626f54f8b9793a06be2f2b0a49b2dbbff4ecdd3) (cherry picked from commit 689d7468513df4b5c7d032314fdf1d4e3e8f6ebc) Conflicts: cinder/volume/drivers/remotefs.py --- cinder/volume/drivers/remotefs.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cinder/volume/drivers/remotefs.py b/cinder/volume/drivers/remotefs.py index 1961178277a..2c0a6109b73 100644 --- a/cinder/volume/drivers/remotefs.py +++ b/cinder/volume/drivers/remotefs.py @@ -151,6 +151,7 @@ class RemoteFSDriver(driver.LocalVD, driver.TransferVD, driver.BaseVD): self._mounted_shares = [] self._execute_as_root = True self._is_voldb_empty_at_startup = kwargs.pop('is_vol_db_empty', None) + self._supports_encryption = False if self.configuration: self.configuration.append_config_values(nas_opts) @@ -235,6 +236,11 @@ class RemoteFSDriver(driver.LocalVD, driver.TransferVD, driver.BaseVD): :param volume: volume reference :returns: provider_location update dict for database """ + + if volume.encryption_key_id and not self._supports_encryption: + message = _("Encryption is not yet supported.") + raise exception.VolumeDriverException(message=message) + self._ensure_shares_mounted() volume.provider_location = self._find_share(volume.size)