Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

error when attempting to mark drive type as encrypted

Hi All

i am trying to set up drive encryption for lvm

so far we have followed

Initial configuration

Configuration changes need to be made to any nodes running the cinder-volume or nova-compute services.

Update cinder-volume servers:

Edit the /etc/cinder/cinder.conf file and add or update the value of the option fixed_key in the [keymgr] section:

[keymgr]

Fixed key returned by key manager, specified in hex (string

value)

fixed_key = 0000000000000000000000000000000000000000000000000000000000000000 Restart cinder-volume.

Update nova-compute servers:

Edit the /etc/nova/nova.conf file and add or update the value of the option fixed_key in the [keymgr] section (add a keymgr section as shown if needed):

[keymgr]

Fixed key returned by key manager, specified in hex (string

value)

fixed_key = 0000000000000000000000000000000000000000000000000000000000000000 Restart nova-compute.

when we run this cinder encryption-type-create --cipher aes-xts-plain64 --key_size 256 --control_location front-end lvm nova.volume.encryptors.luks.LuksEncryptor

we get the error

ERROR: Policy doesn't allow volume_extension:volume_type_encryption to be performed. (HTTP 403) (Request-ID: req-2fc9f4cd-c334-4540-9db6-545e693466ae)

Can someone point us in the correct direction to enable drive encryption

thanks