The nova.volume.encryptors.luks Module

class LuksEncryptor(connection_info, **kwargs)

Bases: nova.volume.encryptors.cryptsetup.CryptsetupEncryptor

A VolumeEncryptor based on LUKS.

This VolumeEncryptor uses dm-crypt to encrypt the specified volume.

attach_volume(context, **kwargs)

Shadows the device and passes an unencrypted version to the instance.

Transparent disk encryption is achieved by mounting the volume via dm-crypt and passing the resulting device to the instance. The instance is unaware of the underlying encryption due to modifying the original symbolic link to refer to the device mounted by dm-crypt.

is_luks(device)

Checks if the specified device uses LUKS for encryption.

Parameters:device – the device to check
Returns:true if the specified device uses LUKS; false otherwise

Previous topic

The nova.volume.encryptors.cryptsetup Module

Next topic

The nova.volume.encryptors.nop Module

Project Source

This Page