From 3023e75f8fd84bd262ec60d57a6a6db5924d7d16 Mon Sep 17 00:00:00 2001 From: lkuchlan Date: Thu, 8 Jun 2017 12:53:13 +0300 Subject: [PATCH] Boot server from encrypted volume This patch adds support for booting a server from an encrypted volume while using luks encryption method. Note: manager.create_server method passes wait_until='ACTIVE', so 'create_test_server' function in common/compute.py waits until the server status is 'ACTIVE'. Change-Id: Ibd05252976499daaaafc658e3f3a920398b53420 --- tempest/scenario/manager.py | 11 ++++++++ .../scenario/test_encrypted_cinder_volumes.py | 9 ------- tempest/scenario/test_volume_boot_pattern.py | 25 ++++++++++++++++++- 3 files changed, 35 insertions(+), 10 deletions(-) diff --git a/tempest/scenario/manager.py b/tempest/scenario/manager.py index b692acffa1..9329f41036 100644 --- a/tempest/scenario/manager.py +++ b/tempest/scenario/manager.py @@ -1259,6 +1259,17 @@ class EncryptionScenarioTest(ScenarioTest): type_id, provider=provider, key_size=key_size, cipher=cipher, control_location=control_location)['encryption'] + def create_encrypted_volume(self, encryption_provider, volume_type, + key_size=256, cipher='aes-xts-plain64', + control_location='front-end'): + volume_type = self.create_volume_type(name=volume_type) + self.create_encryption_type(type_id=volume_type['id'], + provider=encryption_provider, + key_size=key_size, + cipher=cipher, + control_location=control_location) + return self.create_volume(volume_type=volume_type['name']) + class ObjectStorageScenarioTest(ScenarioTest): """Provide harness to do Object Storage scenario tests. diff --git a/tempest/scenario/test_encrypted_cinder_volumes.py b/tempest/scenario/test_encrypted_cinder_volumes.py index d7b86f6ca3..cbdf30766c 100644 --- a/tempest/scenario/test_encrypted_cinder_volumes.py +++ b/tempest/scenario/test_encrypted_cinder_volumes.py @@ -48,15 +48,6 @@ class TestEncryptedCinderVolumes(manager.EncryptionScenarioTest): return self.create_server(image_id=image, key_name=keypair['name']) - def create_encrypted_volume(self, encryption_provider, volume_type): - volume_type = self.create_volume_type(name=volume_type) - self.create_encryption_type(type_id=volume_type['id'], - provider=encryption_provider, - key_size=256, - cipher='aes-xts-plain64', - control_location='front-end') - return self.create_volume(volume_type=volume_type['name']) - def attach_detach_volume(self, server, volume): attached_volume = self.nova_volume_attach(server, volume) self.nova_volume_detach(server, attached_volume) diff --git a/tempest/scenario/test_volume_boot_pattern.py b/tempest/scenario/test_volume_boot_pattern.py index 3dfbf186d0..96d0474695 100644 --- a/tempest/scenario/test_volume_boot_pattern.py +++ b/tempest/scenario/test_volume_boot_pattern.py @@ -24,7 +24,7 @@ CONF = config.CONF LOG = logging.getLogger(__name__) -class TestVolumeBootPattern(manager.ScenarioTest): +class TestVolumeBootPattern(manager.EncryptionScenarioTest): # Boot from volume scenario is quite slow, and needs extra # breathing room to get through deletes in the time allotted. @@ -227,3 +227,26 @@ class TestVolumeBootPattern(manager.ScenarioTest): # delete instance self._delete_server(instance) + + @decorators.idempotent_id('cb78919a-e553-4bab-b73b-10cf4d2eb125') + @testtools.skipIf(CONF.volume.storage_protocol.lower() in ['ceph', 'nfs'], + 'Currently, {} does not support volume encryption' + .format(CONF.volume.storage_protocol)) + @test.services('compute', 'volume') + def test_boot_server_from_encrypted_volume_luks(self): + # Create an encrypted volume + volume = self.create_encrypted_volume('nova.volume.encryptors.' + 'luks.LuksEncryptor', + volume_type='luks') + + self.volumes_client.set_bootable_volume(volume['id'], bootable=True) + + # Boot a server from the encrypted volume + server = self._boot_instance_from_resource( + source_id=volume['id'], + source_type='volume', + delete_on_termination=False) + + server_info = self.servers_client.show_server(server['id'])['server'] + created_volume = server_info['os-extended-volumes:volumes_attached'] + self.assertEqual(volume['id'], created_volume[0]['id'])