Hide Forgot
The volume encryption feature would require a working and configured key manager like barbican, and it also requires a volume backend which supporters the related api calls. ceph/rdb does not supports it. If you just want to see the tempest test passing, you can use the (demo) lvm backend with the simple key manager with a hard-coded key in both nova and cinder config. barbican is not packaged for Red Hat OpenStack, so please add tempest-deployer-input.conf [compute-feature-enabled] attach_encrypted_volume false . The related tempest tests in the: tempest/scenario/test_encrypted_cinder_volumes.py
This file should be removed and replaced with documentation on how to generate your own. This file probably hasn't worked in a long time.
FYI https://github.com/openstack/python-tripleoclient/blob/master/tripleoclient/utils.py#L126-L166
https://review.openstack.org/#/c/570157/ -> implements the auto discovery of compute-feature-enabled.attach_encrypted_volume in python-tempestconf, I think this review might help.
Even though in tripleo client we are not setting this to false, in python-tempestconf we have now a way to identify if encryption is enabled or not and so set it to False or True properly, I believe this solve the problem, since both upstream and downstream uses python-tempestconf to configure the tempest.conf file.
moving release target to Rocky per tempest squad scrum.
The feature implemented in python-tempestconf by [1] will be part of python-tempestconf-2.0.0. package which, unfortunately, will not be available for RHOS10. It will be available in RHOS11 and higher. I see two ways how to move on with this and I have two questions regarding that: 1. Is it possible to backport the feature [1] to tools/config_tempest.py in tempest version available for RHOS10? 2. The bug is opened for openstack-tripleo, so, does openstack-tripleo handle or can handle this situation? [1] https://review.openstack.org/#/c/570157/
I believe Wes wanted to point to this [1] part of code, which is responsible for generating the deployer-input file. If compute-feature-enabled.attach_encrypted_volume is set to false there, it will solve the issue as Attila has pointed out. Arx can we send a patch to tripleoclient or it will break something I don't see? [1] https://github.com/openstack/python-tripleoclient/blob/285b887da6ef06e449864a46d5471a95d22e6754/tripleoclient/utils.py#L200
Well, this should not be on tripleoclient, and this part of generate the deployer input file is wrong, if that is still needed, we might need to backport it to tempestconf / tools/config_tempest.py for RHOS10
This Release is retired. If this bug is still relevant, please reopen and retarget to an open release.