compute: Skip cinder_encryption_key_id check when booting from volume
Idf84ccff254d26fa13473fe9741ddac21cbcf321 added this check in order for
Nova to avoid booting encrypted images created by Cinder as there is
currently no support for using such images (rotating keys etc).
The check however missed the slightly convoluted use case where this
image property is found against a volume after the volume in question is
created using an encrypted image created by cinder from an encrypted
volume. In other words:
- Cinder creates an encrypted volume A
- Glance creates an encrypted image A from volume A
- Cinder creates an encrypted volume B from image A
- Nova attempts to boot an instance using volume B
Note that Nova may request the creation of volume B or a user could also
do this directly through Cinder.
As such this change simply ensures that the instance isn't booting from
a volume when preforming the check as it is only valid when booting from
an image.
Reviewed: https:/ /review. opendev. org/752090 /git.openstack. org/cgit/ openstack/ nova/commit/ ?id=f9b67893acf 94c06fd41be36b8 0b99788dc77e48
Committed: https:/
Submitter: Zuul
Branch: master
commit f9b67893acf94c0 6fd41be36b80b99 788dc77e48
Author: Lee Yarwood <email address hidden>
Date: Tue Sep 15 18:17:04 2020 +0100
compute: Skip cinder_ encryption_ key_id check when booting from volume
Idf84ccff25 4d26fa13473fe97 41ddac21cbcf321 added this check in order for
Nova to avoid booting encrypted images created by Cinder as there is
currently no support for using such images (rotating keys etc).
The check however missed the slightly convoluted use case where this
image property is found against a volume after the volume in question is
created using an encrypted image created by cinder from an encrypted
volume. In other words:
- Cinder creates an encrypted volume A
- Glance creates an encrypted image A from volume A
- Cinder creates an encrypted volume B from image A
- Nova attempts to boot an instance using volume B
Note that Nova may request the creation of volume B or a user could also
do this directly through Cinder.
As such this change simply ensures that the instance isn't booting from
a volume when preforming the check as it is only valid when booting from
an image.
Closes-Bug: #1895696 050e5bbef5c3e36 0108365b5c7
Change-Id: Ic92cab7362fa25