error when attempting to mark drive type as encrypted

asked 2015-03-02 11:17:32 -0500

iffyshot gravatar image

Hi All

i am trying to set up drive encryption for lvm

so far we have followed

Initial configuration

Configuration changes need to be made to any nodes running the cinder-volume or nova-compute services.

Update cinder-volume servers:

Edit the /etc/cinder/cinder.conf file and add or update the value of the option fixed_key in the [keymgr] section:

[keymgr]

Fixed key returned by key manager, specified in hex (string

value)

fixed_key = 0000000000000000000000000000000000000000000000000000000000000000 Restart cinder-volume.

Update nova-compute servers:

Edit the /etc/nova/nova.conf file and add or update the value of the option fixed_key in the [keymgr] section (add a keymgr section as shown if needed):

[keymgr]

Fixed key returned by key manager, specified in hex (string

value)

fixed_key = 0000000000000000000000000000000000000000000000000000000000000000 Restart nova-compute.

when we run this cinder encryption-type-create --cipher aes-xts-plain64 --key_size 256 --control_location front-end lvm nova.volume.encryptors.luks.LuksEncryptor

we get the error

ERROR: Policy doesn't allow volume_extension:volume_type_encryption to be performed. (HTTP 403) (Request-ID: req-2fc9f4cd-c334-4540-9db6-545e693466ae)

Can someone point us in the correct direction to enable drive encryption

thanks

edit retag flag offensive close merge delete

Comments

Hi

Does any one have any idea how to enable LUKS volumes in cinder?

any documentation would be greatly received

thanks

iffyshot gravatar imageiffyshot ( 2015-03-04 05:55:56 -0500 )edit