Test encrypted volumes in scenario002

This effectively adds barbican-api to the deployment in scenario002
and uses it to provide encrypted volumes for cinder that a nova
instance boots from in the test.

Change-Id: I132e346755fb49c9563247b4404be06b97f77872

ci/environments/scenario002-multinode.yaml

@@ -1,6 +1,7 @@
 resource_registry:
   OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
   OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+  OS::TripleO::Services::BarbicanApi: /usr/share/openstack-tripleo-heat-templates/puppet/services/barbican-api.yaml
 
 parameter_defaults:
   ControllerServices:
@@ -40,6 +41,7 @@ parameter_defaults:
     - OS::TripleO::Services::SwiftProxy
     - OS::TripleO::Services::SwiftStorage
     - OS::TripleO::Services::SwiftRingBuilder
+    - OS::TripleO::Services::BarbicanApi
   ControllerExtraConfig:
     nova::compute::libvirt::services::libvirt_virt_type: qemu
     nova::compute::libvirt::libvirt_virt_type: qemu

ci/pingtests/scenario002-multinode.yaml

@@ -72,12 +72,28 @@ resources:
       router_id: { get_resource: router }
       subnet_id: { get_resource: private_subnet }
 
+  luks_volume_type:
+    type: OS::Cinder::VolumeType
+    properties:
+      name: LUKS
+
+  encrypted_volume_type:
+    type: OS::Cinder::EncryptedVolumeType
+    properties:
+      volume_type: {get_resource: luks_volume_type}
+      provider: nova.volume.encryptors.luks.LuksEncryptor
+      cipher: aes-xts-plain64
+      control_location: front-end
+      key_size: 256
+
   volume1:
     type: OS::Cinder::Volume
+    depends_on: encrypted_volume_type
     properties:
       name: Volume1
       image: { get_param: image }
       size: 1
+      volume_type: {get_resource: luks_volume_type}
 
   server1:
     type: OS::Nova::Server