ec43a1348d
When disconnecting an encrypted volume the Libvirt driver uses the presence of a Libvirt secret associated with the volume to determine if the new style native QEMU LUKS decryption or original decryption method using os-brick encrytors is used. While this works well in most deployments some issues have been observed in Kolla based environments where the Libvirt secrets are not fully persisted between host reboots or container upgrades. This can lead to _detach_encryptor attempting to build an encryptor which will fail if the associated connection_info for the volume does not contain a device_path, such as in the case for encrypted rbd volumes. This change adds a simple conditional to _detach_encryptor to ensure we return when device_path is not present in connection_info and native QEMU LUKS decryption is available. This handles the specific use case where we are certain that the encrypted volume was never decrypted using the os-brick encryptors, as these require a local block device on the compute host and have thus never supported rbd. It is still safe to build an encryptor and call detach_volume when a device_path is present however as change I9f52f89b8466d036 made such calls idempotent within os-brick. Change-Id: Id670f13a7f197e71c77dc91276fc2fba2fc5f314 Closes-bug: #1821696 (cherry picked from commit |
||
---|---|---|
.. | ||
disk | ||
hyperv | ||
image | ||
ironic | ||
libvirt | ||
powervm | ||
vmwareapi | ||
xenapi | ||
__init__.py | ||
fakelibosinfo.py | ||
test_block_device.py | ||
test_configdrive.py | ||
test_driver.py | ||
test_events.py | ||
test_fake.py | ||
test_firewall.py | ||
test_hardware.py | ||
test_imagecache.py | ||
test_images.py | ||
test_netutils.py | ||
test_osinfo.py | ||
test_virt_drivers.py | ||
test_virt.py |