Request dm-crypt for openstack-hypervisor

gboutry · March 31, 2026, 9:25am

name: openstack-hypervisor
description: The openstack-hypervisor is the compute daemon of the Sunbeam project, it hosts all actions related to hosting VMs and more.
snapcraft: snap-openstack-hypervisor/snap/snapcraft.yaml at main · canonical/snap-openstack-hypervisor · GitHub
upstream: GitHub - canonical/snap-openstack-hypervisor · GitHub
upstream-relation: For this specific feature, the actual modificatins are gonna be carried by the hypervisor snap itself
interfaces:
- dm-crypt:
  - request-type: auto-connection
  - reasoning: The hypervisor is gaining a new responsibility of managing an encrypted VG on which to spawn the instances. The hypervisor is going to store the encryption key into a remote, trusted vault, use these keys to encrypt the Volume Group (LuksV2). This will allows ephemeral instance storage to be encrypted at rest.

This interface is critical to allow Canonical OpenStack to offer secure storage of instance data.

elisehdy · April 2, 2026, 4:16pm

This is a +1 (#voteFor) for from me to grant auto-connection of the dm-crypt interface for the openstack-hypervisor snap, given the described new functionality. Excited to see these improvements come to the hypervisor!

jslarraz · April 7, 2026, 1:28pm

I agree with @elisehdy, this request also makes sense to me (#voteFor)

+2 for, 0 against granting openstack-hypervisor auto-connection to dm-crypt interface. Publisher is vetted. We will make the changes once a new revision using the dm-crypt interface will be uploaded to the store

store-requests-bot · April 7, 2026, 1:29pm

Voting period has ended. This request is approved with 2 votes for and 0 votes against.