Add ephemeral disk encryption scenario test
Adds ephemeral-disk-encryption group to Barbican Tempest configuration
options.
Enables ephemeral disk encryption for Barbican Tempest tests by updating
pre_test_hook.sh, which is run at the start of relevant gate tests.
Adds an ephemeral disk encryption scenario test to verify the
functionality of encrypted ephemeral storage. The test creates an image,
boots an instance from the created image, and writes to a new file in
the instance. Improper calls to encrypt the LVM ephemeral disk that is
being written to will be caught with this test.
Change-Id: I5f194f3c2a91263d4d34204db5cd5845197169bb
diff --git a/tools/pre_test_hook.sh b/tools/pre_test_hook.sh
index 2640433..63b123e 100755
--- a/tools/pre_test_hook.sh
+++ b/tools/pre_test_hook.sh
@@ -11,11 +11,22 @@
# Here we can set some configurations for local.conf
# for example, to pass some config options directly to .conf files
+# Set up LVM device
+echo -e '[[local|localrc]]' >> $LOCALCONF_PATH
+echo -e 'NOVA_BACKEND=LVM' >> $LOCALCONF_PATH
+echo -e 'LVM_VOLUME_CLEAR=none' >> $LOCALCONF_PATH
+
# For image signature verification tests
echo -e '[[post-config|$NOVA_CONF]]' >> $LOCALCONF_PATH
echo -e '[glance]' >> $LOCALCONF_PATH
echo -e 'verify_glance_signatures = True' >> $LOCALCONF_PATH
+# For ephemeral storage encryption tests
+echo -e '[ephemeral_storage_encryption]' >> $LOCALCONF_PATH
+echo -e 'key_size = 256' >> $LOCALCONF_PATH
+echo -e 'cipher = aes-xts-plain64' >> $LOCALCONF_PATH
+echo -e 'enabled = True' >> $LOCALCONF_PATH
+
# Allow dynamically created tempest users to create secrets
# in barbican
echo -e '[[test-config|$TEMPEST_CONFIG]]' >> $LOCALCONF_PATH
@@ -24,3 +35,7 @@
# Glance v1 doesn't do signature verification on image upload
echo -e '[image-feature-enabled]' >> $LOCALCONF_PATH
echo -e 'api_v1=False' >> $LOCALCONF_PATH
+
+# Enable ephemeral storage encryption in Tempest
+echo -e '[ephemeral_storage_encryption]' >> $LOCALCONF_PATH
+echo -e 'enabled = True' >> $LOCALCONF_PATH