openstack
/
nova-specs
Code Issues Proposed changes

Update patch set 7 

Patch Set 7:

(9 comments)

Patch-set: 7
Attention: {"person_ident":"Gerrit User 4393 \u003c4393@4a232e18-c5a9-48ee-94c0-e04e7cca6543\u003e","operation":"ADD","reason":"\u003cGERRIT_ACCOUNT_4690\u003e replied on the change"}
Attention: {"person_ident":"Gerrit User 4690 \u003c4690@4a232e18-c5a9-48ee-94c0-e04e7cca6543\u003e","operation":"REMOVE","reason":"\u003cGERRIT_ACCOUNT_4690\u003e replied on the change"}
This commit is contained in:
Gerrit User 4690 2024-03-28 17:45:24 +00:00 committed by Gerrit Code Review
parent 5e08192c9e
commit 75e88677a3
1 changed files with 172 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

172
6940b7f76b9e415fd0ab75cbea9c0b001a68272a
View File

@ -63,6 +63,29 @@
"revId": "6940b7f76b9e415fd0ab75cbea9c0b001a68272a",
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
},
{
"unresolved": true,
"key": {
"uuid": "8b5bfab7_1521d571",
"filename": "specs/2024.2/approved/ephemeral-encryption-libvirt.rst",
"patchSetId": 7
},
"lineNbr": 305,
"author": {
"id": 4690
},
"writtenOn": "2024-03-28T17:45:24Z",
"side": 1,
"message": "Dalmatian",
"range": {
"startLine": 305,
"startChar": 14,
"endLine": 305,
"endChar": 23
},
"revId": "6940b7f76b9e415fd0ab75cbea9c0b001a68272a",
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
},
{
"unresolved": true,
"key": {
@ -203,6 +226,24 @@
"revId": "6940b7f76b9e415fd0ab75cbea9c0b001a68272a",
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
},
{
"unresolved": true,
"key": {
"uuid": "4c2915d4_64199dff",
"filename": "specs/2024.2/approved/ephemeral-storage-encryption.rst",
"patchSetId": 7
},
"lineNbr": 260,
"author": {
"id": 4690
},
"writtenOn": "2024-03-28T17:45:24Z",
"side": 1,
"message": "I don\u0027t understand what you\u0027re asking. The disk for Instance B has to have a backing file if it\u0027s qcow2 and that backing file has Secret 4. If we want to be able to clean up secrets when instances are deleted, we need to make a copy Secret 6 that belongs only to the instance.\n\nSecret 6 is a \"reference\" to Secret 4. They contain the same password inside but they are different objects in Barbican. Secret 4 is tied to the Glance image (Image Z in this table) and Secret 6 is Instance B\u0027s reference to it. Secret 6 will be deleted when Instance B is deleted.\n\nAre you saying you don\u0027t think each instance should have their own allocated reference to the backing file secret? If they don\u0027t, then if/when someone deletes Image Z from Glance (along with its secret, Secret 4) then any instances using that backing file would have lost the secret for it. If Instance B has its own copy, Secret 6, then it can continue to work even if someone deletes Image Z/Secret 4.",
"parentUuid": "22ac8780_0012ab12",
"revId": "6940b7f76b9e415fd0ab75cbea9c0b001a68272a",
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
},
{
"unresolved": true,
"key": {
@ -256,6 +297,24 @@
"revId": "6940b7f76b9e415fd0ab75cbea9c0b001a68272a",
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
},
{
"unresolved": true,
"key": {
"uuid": "8747c928_4433dd4b",
"filename": "specs/2024.2/approved/ephemeral-storage-encryption.rst",
"patchSetId": 7
},
"lineNbr": 280,
"author": {
"id": 4690
},
"writtenOn": "2024-03-28T17:45:24Z",
"side": 1,
"message": "Like I said, I wasn\u0027t really sure what to do with rescue disk so I just did \"if instance encrypted then rescue disk encrypted\".\n\nIf a rescue disk doesn\u0027t need to be encrypted ever, then that would make it a lot simpler and I could delete some code.",
"parentUuid": "170b5505_de86ed29",
"revId": "6940b7f76b9e415fd0ab75cbea9c0b001a68272a",
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
},
{
"unresolved": true,
"key": {
@ -414,6 +473,24 @@
"revId": "6940b7f76b9e415fd0ab75cbea9c0b001a68272a",
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
},
{
"unresolved": true,
"key": {
"uuid": "38fa7986_5d886567",
"filename": "specs/2024.2/approved/ephemeral-storage-encryption.rst",
"patchSetId": 7
},
"lineNbr": 317,
"author": {
"id": 4690
},
"writtenOn": "2024-03-28T17:45:24Z",
"side": 1,
"message": "They have a filesystem or swap area on them, so they\u0027re not totally empty/blank, but yeah. I\u0027m not sure why it\u0027s done that way.",
"parentUuid": "9db30112_8f7a4833",
"revId": "6940b7f76b9e415fd0ab75cbea9c0b001a68272a",
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
},
{
"unresolved": true,
"key": {
@ -536,6 +613,24 @@
"revId": "6940b7f76b9e415fd0ab75cbea9c0b001a68272a",
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
},
{
"unresolved": true,
"key": {
"uuid": "85ea9e7c_bcfdb7e5",
"filename": "specs/2024.2/approved/ephemeral-storage-encryption.rst",
"patchSetId": 7
},
"lineNbr": 441,
"author": {
"id": 4690
},
"writtenOn": "2024-03-28T17:45:24Z",
"side": 1,
"message": "Yes, snapshot RPC is a cast.",
"parentUuid": "979f1f49_9e5c543c",
"revId": "6940b7f76b9e415fd0ab75cbea9c0b001a68272a",
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
},
{
"unresolved": true,
"key": {
@ -729,6 +824,24 @@
"revId": "6940b7f76b9e415fd0ab75cbea9c0b001a68272a",
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
},
{
"unresolved": true,
"key": {
"uuid": "7a7a2833_2f97c351",
"filename": "specs/2024.2/approved/ephemeral-storage-encryption.rst",
"patchSetId": 7
},
"lineNbr": 591,
"author": {
"id": 4690
},
"writtenOn": "2024-03-28T17:45:24Z",
"side": 1,
"message": "Ack, I thought you were saying that you also thought we shouldn\u0027t have `image_` of the secret UUID.",
"parentUuid": "cae4f797_482e4573",
"revId": "6940b7f76b9e415fd0ab75cbea9c0b001a68272a",
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
},
{
"unresolved": true,
"key": {
@ -782,6 +895,24 @@
"revId": "6940b7f76b9e415fd0ab75cbea9c0b001a68272a",
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
},
{
"unresolved": true,
"key": {
"uuid": "b5fe6095_de85ec87",
"filename": "specs/2024.2/approved/ephemeral-storage-encryption.rst",
"patchSetId": 7
},
"lineNbr": 615,
"author": {
"id": 4690
},
"writtenOn": "2024-03-28T17:45:24Z",
"side": 1,
"message": "What is your suggestion then? To re-encrypt stuff if an option is removed in a newer libvirt/qemu or re-encrypt if the move request is specifying a specific host and that host doesn\u0027t have the option or cipher or whatever it was originally encrypted with?",
"parentUuid": "b4330112_d832cb38",
"revId": "6940b7f76b9e415fd0ab75cbea9c0b001a68272a",
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
},
{
"unresolved": true,
"key": {
@ -923,6 +1054,24 @@
"revId": "6940b7f76b9e415fd0ab75cbea9c0b001a68272a",
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
},
{
"unresolved": true,
"key": {
"uuid": "9061ca0d_c49132c9",
"filename": "specs/2024.2/approved/ephemeral-storage-encryption.rst",
"patchSetId": 7
},
"lineNbr": 785,
"author": {
"id": 4690
},
"writtenOn": "2024-03-28T17:45:24Z",
"side": 1,
"message": "Yeah. It does say \"This isn\u0027t trivial and so for this initial implementation\nresizing between flavors that differ will be blocked.\" so to me that makes it sound like it is something that is thought of as desirable but is considered future work.\n\nThe scope of this feature is large and it just keeps getting larger. I\u0027m guessing this was one of the ways to do things more iteratively.",
"parentUuid": "4a06bee3_3314bdf7",
"revId": "6940b7f76b9e415fd0ab75cbea9c0b001a68272a",
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
},
{
"unresolved": true,
"key": {
@ -1063,6 +1212,29 @@
"parentUuid": "134652bd_6e285af5",
"revId": "6940b7f76b9e415fd0ab75cbea9c0b001a68272a",
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
},
{
"unresolved": true,
"key": {
"uuid": "ff77fa3f_540357ed",
"filename": "specs/2024.2/approved/ephemeral-storage-encryption.rst",
"patchSetId": 7
},
"lineNbr": 1009,
"author": {
"id": 4690
},
"writtenOn": "2024-03-28T17:45:24Z",
"side": 1,
"message": "Dalmatian",
"range": {
"startLine": 1009,
"startChar": 14,
"endLine": 1009,
"endChar": 23
},
"revId": "6940b7f76b9e415fd0ab75cbea9c0b001a68272a",
"serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
}
]
}