libvirt/utils.py: Remove 'encryption' flag from create_cow_image
Current code in create_cow_image inherits the 'encryption' property of a qcow2 overlay from its backing file (also called base image). However, importantly, even if the base image is encrypted, Nova has no support for unencrypting it. So inherting the 'encryption' property (from the backing file) serves no purpose. (Thanks Dan Berrange for confirming this.) Additionally, qcow2 encryption support is currently deprecated[1], with plans[2] for a better future implementation, by upstream QEMU. Various reasons (not least because of "flawed crypto") for it are noted in the URL below, so it is reasonable to doubt if there are any serious users of encyrpted images with its current design. So, let's remove the 'encryption' flag from now. [1] https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg03433.html -- "block: Deprecate QCOW/QCOW2 encryption" [2] https://www.berrange.com/posts/2015/03/17/qemu-qcow2-built-in-encryption-just-say-no-deprecated-now-to-be-deleted-soon/ Change-Id: If61ee881c21835e5d538d0eb12383b4b4ef2cfd4
This commit is contained in:
parent
04c0e73cd3
commit
ae8bbc4743
|
@ -200,8 +200,6 @@ def create_cow_image(backing_file, path, size=None):
|
|||
# versions which had a different default 'cluster_size'.
|
||||
if base_details and base_details.cluster_size is not None:
|
||||
cow_opts += ['cluster_size=%s' % base_details.cluster_size]
|
||||
if base_details and base_details.encrypted:
|
||||
cow_opts += ['encryption=%s' % base_details.encrypted]
|
||||
if size is not None:
|
||||
cow_opts += ['size=%s' % size]
|
||||
if cow_opts:
|
||||
|
|
Loading…
Reference in New Issue