31a54f3a4e
When attaching a volume, after the connection is initialized to the volume in Cinder, the nova.volume.encryptors.get_encryption_metadata method is called to get encryption metadata for the volume. That call is based on the 'encrypted' key in connection_info['data'] returned from the os-initialize_connection Cinder API. However, just because the volume has an encryption key in Cinder does not mean that the corresponding volume driver in Nova supports encrypting the volume, like in the case of RBD volumes. Tempest has tests for encrypted volumes which succeed today in the Ceph job but they are actually false positives since without Cinder change I03f8cae05cc117e14f7482115de685fc9f3fa54a, the 'encrypted' key is not set in the connection_info dict and Nova doesn't attempt encryption of the volume during attach. The Ceph job fails when encrypted=True is in connection_info because cryptsetup (and luks which extends cryptsetup) requires the 'device_path' key in the connection_info dict, which is set when connecting the volume during attach via the corresponding Nova volume driver. In the case of RBD and libvirt, the LibvirtNetVolumeDriver is used and the 'device_path' key isn't set, so a KeyError is raised when trying to construct the CryptsetupEncryptor or LuksEncryptor objects. This change adds a check in CryptsetupEncryptor such that if the device_path is not in connection_info, a VolumeEcnryptionNotSupported error is raised rather than KeyError. Note that this doesn't fix the encrypted volume tests in Tempest. Those tests fail due to a timeout waiting for the volume status to be 'in-use' which doesn't happen since the compute manager rolls back the reservation on the volume when the error occurs. The Tempest tests will have to be skipped in the Ceph job until volume encryption is supported for RBD in Nova, which will be a separate set of changes. Related-Bug: #1463525 Change-Id: I8efc2628b09d4e9e59831353daa080b20e17ccde |
||
|---|---|---|
| doc | ||
| nova | ||
| .coveragerc | ||
| .gitignore | ||
| .gitreview | ||
| babel.cfg | ||
| CONTRIBUTING.rst | ||
| HACKING.rst | ||
| LICENSE | ||
| README.rst | ||
| requirements.txt | ||
| setup.cfg | ||
| setup.py | ||
| test-requirements.txt | ||
| tox.ini | ||
OpenStack Nova README
OpenStack Nova provides a cloud computing fabric controller, supporting a wide variety of virtualization technologies, including KVM, Xen, LXC, VMware, and more. In addition to its native API, it includes compatibility with the commonly encountered Amazon EC2 and S3 APIs.
OpenStack Nova is distributed under the terms of the Apache License, Version 2.0. The full terms and conditions of this license are detailed in the LICENSE file.
Nova primarily consists of a set of Python daemons, though it requires and integrates with a number of native system components for databases, messaging and virtualization capabilities.
To keep updated with new developments in the OpenStack project follow @openstack on Twitter.
To learn how to deploy OpenStack Nova, consult the documentation available online at:
For information about the different compute (hypervisor) drivers supported by Nova, read this page on the wiki:
In the unfortunate event that bugs are discovered, they should be reported to the appropriate bug tracker. If you obtained the software from a 3rd party operating system vendor, it is often wise to use their own bug tracker for reporting problems. In all other cases use the master OpenStack bug tracker, available at:
Developers wishing to work on the OpenStack Nova project should always base their work on the latest Nova code, available from the master GIT repository at:
Developers should also join the discussion on the mailing list, at:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Any new code must follow the development guidelines detailed in the HACKING.rst file, and pass all unit tests. Further developer focused documentation is available at:
For information on how to contribute to Nova, please see the contents of the CONTRIBUTING.rst file.
-- End of broadcast