Boot server from encrypted volume
This patch adds support for booting a server from an
encrypted volume while using luks encryption method.
Note: manager.create_server method passes wait_until='ACTIVE',
so 'create_test_server' function in common/compute.py waits
until the server status is 'ACTIVE'.
Change-Id: Ibd05252976499daaaafc658e3f3a920398b53420
diff --git a/tempest/scenario/manager.py b/tempest/scenario/manager.py
index b692acf..9329f41 100644
--- a/tempest/scenario/manager.py
+++ b/tempest/scenario/manager.py
@@ -1259,6 +1259,17 @@
type_id, provider=provider, key_size=key_size, cipher=cipher,
control_location=control_location)['encryption']
+ def create_encrypted_volume(self, encryption_provider, volume_type,
+ key_size=256, cipher='aes-xts-plain64',
+ control_location='front-end'):
+ volume_type = self.create_volume_type(name=volume_type)
+ self.create_encryption_type(type_id=volume_type['id'],
+ provider=encryption_provider,
+ key_size=key_size,
+ cipher=cipher,
+ control_location=control_location)
+ return self.create_volume(volume_type=volume_type['name'])
+
class ObjectStorageScenarioTest(ScenarioTest):
"""Provide harness to do Object Storage scenario tests.
diff --git a/tempest/scenario/test_encrypted_cinder_volumes.py b/tempest/scenario/test_encrypted_cinder_volumes.py
index d7b86f6..cbdf307 100644
--- a/tempest/scenario/test_encrypted_cinder_volumes.py
+++ b/tempest/scenario/test_encrypted_cinder_volumes.py
@@ -48,15 +48,6 @@
return self.create_server(image_id=image, key_name=keypair['name'])
- def create_encrypted_volume(self, encryption_provider, volume_type):
- volume_type = self.create_volume_type(name=volume_type)
- self.create_encryption_type(type_id=volume_type['id'],
- provider=encryption_provider,
- key_size=256,
- cipher='aes-xts-plain64',
- control_location='front-end')
- return self.create_volume(volume_type=volume_type['name'])
-
def attach_detach_volume(self, server, volume):
attached_volume = self.nova_volume_attach(server, volume)
self.nova_volume_detach(server, attached_volume)
diff --git a/tempest/scenario/test_volume_boot_pattern.py b/tempest/scenario/test_volume_boot_pattern.py
index 3dfbf18..96d0474 100644
--- a/tempest/scenario/test_volume_boot_pattern.py
+++ b/tempest/scenario/test_volume_boot_pattern.py
@@ -24,7 +24,7 @@
LOG = logging.getLogger(__name__)
-class TestVolumeBootPattern(manager.ScenarioTest):
+class TestVolumeBootPattern(manager.EncryptionScenarioTest):
# Boot from volume scenario is quite slow, and needs extra
# breathing room to get through deletes in the time allotted.
@@ -227,3 +227,26 @@
# delete instance
self._delete_server(instance)
+
+ @decorators.idempotent_id('cb78919a-e553-4bab-b73b-10cf4d2eb125')
+ @testtools.skipIf(CONF.volume.storage_protocol.lower() in ['ceph', 'nfs'],
+ 'Currently, {} does not support volume encryption'
+ .format(CONF.volume.storage_protocol))
+ @test.services('compute', 'volume')
+ def test_boot_server_from_encrypted_volume_luks(self):
+ # Create an encrypted volume
+ volume = self.create_encrypted_volume('nova.volume.encryptors.'
+ 'luks.LuksEncryptor',
+ volume_type='luks')
+
+ self.volumes_client.set_bootable_volume(volume['id'], bootable=True)
+
+ # Boot a server from the encrypted volume
+ server = self._boot_instance_from_resource(
+ source_id=volume['id'],
+ source_type='volume',
+ delete_on_termination=False)
+
+ server_info = self.servers_client.show_server(server['id'])['server']
+ created_volume = server_info['os-extended-volumes:volumes_attached']
+ self.assertEqual(volume['id'], created_volume[0]['id'])