Add support for encryption of the underlying block device providing
storage for local instances.
This commit introduces a new juju storage binding and configuration
option to provide a single block device for use for local instance
storage; this block device is formatted and mounted at
/var/lib/nova/instances. In a MAAS deployment, this could be a
bcache fronted device.
The configuration option is preferred over the Juju storage binding
if both are supplied.
This block device can optionally be encrypted using dm-crypt/LUKS
with encryption keys stored in Hashicorp Vault using vaultlocker.
vaultlocker ensures that keys are never persisted to local storage,
providing assurance around security of data at rest in the event
that disks/server are stolen.
Charm support is implemented using a new configuration option 'encrypt'
which when set enforces a mandatory relationship to an instance
of the vault application.
Copy the 'ephemeral-unmount' config option and assocaited code from
the ceph-osd and swift-storage charms to enable testing in cloudy
environments.
Change-Id: I772baa61f45ff430f706ec4864f3018488026148
d10dd7795e