Comment 37 for bug 1821696

Reviewed: https://review.opendev.org/656463
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=2c6e59e835b123d6040e2a059aaa98bf9cced392
Submitter: Zuul
Branch: stable/rocky

commit 2c6e59e835b123d6040e2a059aaa98bf9cced392
Author: Lee Yarwood <email address hidden>
Date: Thu Apr 4 09:09:04 2019 +0100

    libvirt: Avoid using os-brick encryptors when device_path isn't provided

    When disconnecting an encrypted volume the Libvirt driver uses the
    presence of a Libvirt secret associated with the volume to determine if
    the new style native QEMU LUKS decryption or original decryption method
    using os-brick encrytors is used.

    While this works well in most deployments some issues have been observed
    in Kolla based environments where the Libvirt secrets are not fully
    persisted between host reboots or container upgrades. This can lead to
    _detach_encryptor attempting to build an encryptor which will fail if
    the associated connection_info for the volume does not contain a
    device_path, such as in the case for encrypted rbd volumes.

    This change adds a simple conditional to _detach_encryptor to ensure we
    return when device_path is not present in connection_info and native
    QEMU LUKS decryption is available. This handles the specific use
    case where we are certain that the encrypted volume was never decrypted
    using the os-brick encryptors, as these require a local block device on
    the compute host and have thus never supported rbd.

    It is still safe to build an encryptor and call detach_volume when a
    device_path is present however as change I9f52f89b8466d036 made such
    calls idempotent within os-brick.

    Change-Id: Id670f13a7f197e71c77dc91276fc2fba2fc5f314
    Closes-bug: #1821696
    (cherry picked from commit 56ca4d32ddf944b541b8a6c46f07275e7d8472bc)
    (cherry picked from commit c6432ac0212d15b6d8f1620b42937b2abcb66d46)