Browse Source

Added encryption support for volumes

The modifications are to the volumes/cinder area of the dashboard. In
the cinder client's API, we exposed the metadata parameter in the
"create" method, and then added a choice field to the create form to
(optionally) select an encryption mode.  The user's selection is then
passed in to cinder as volume metadata.  We also modified the detailed
volume view to display all metadata associated with a volume.  We also
added a flag in OPENSTACK_HYPERVISOR_FEATURES to enable/disable the
encryption field.  Finally, we added a test case to exercise the
encryption choice field.

The following changes were made to Nova to support this feature:

Added support to encrypt volumes. Modified the libvirt driver to
encrypt volumes during the attach call. Created a new VolumeEncryptor
class that is responsible for encrypting volumes. The default
implementation does not do enryption, and a DmCryptVolumeEncryptor is
provided to encrypt volumes using dmcrypt.

Added a new KeyManager interface. The KeyManager is used by the
VolumeEncryptor to retrieve the key necessary for encryption.

Change-Id: Idb6a923f0e3fa52ca800ebd621e247d972b7c714
Implements: blueprint volume-encryption-field
changes/21/514521/1
Nathan Reller 9 years ago
parent
commit
f9aef5b9d3
  1. 6
      openstack_dashboard/test/settings.py

6
openstack_dashboard/test/settings.py

@ -75,7 +75,11 @@ OPENSTACK_KEYSTONE_BACKEND = {
}
OPENSTACK_HYPERVISOR_FEATURES = {
'can_set_mount_point': True
'can_set_mount_point': True,
# NOTE: as of Grizzly this is not yet supported in Nova so enabling this
# setting will not do anything useful
'can_encrypt_volumes': False
}
LOGGING['loggers']['openstack_dashboard'] = {

Loading…
Cancel
Save