Add release note for QEMU native LUKS decryption

Part of blueprint libvirt-qemu-native-luks

Change-Id: Ifad80fbad54e31986af5da265d37b8ce4a01ef10
This commit is contained in:
melanie witt 2018-01-24 20:07:10 +00:00
parent f8e24c33f8
commit e04ef32244
1 changed files with 18 additions and 0 deletions

View File

@ -0,0 +1,18 @@
---
features:
- |
QEMU 2.6.0 and Libvirt 2.2.0 allow LUKS encrypted RAW files, block devices
and network devices (such as rbd) to be decrypted natively by QEMU.
If qemu >= 2.6.0 and libvirt >= 2.2.0 are installed and the volume
encryption provider is 'luks', the libvirt driver will use native QEMU
decryption for encrypted volumes. The libvirt driver will generate a secret
to hold the LUKS passphrase for unlocking the volume and the volume driver
will use the secret to generate the required encryption XML for the disk.
QEMU will then be able to read from and write to the encrypted disk
natively, without the need of os-brick encryptors.
Instances that have attached encrypted volumes from before Queens will
continue to use os-brick encryptors after a live migration or direct
upgrade to Queens. A full reboot or another live migration between Queens
compute hosts is required before the instance will attempt to use QEMU
native LUKS decryption.