Comment 4 for bug 1745149

Adding more notes on what I think needs to be done. I did some digging and found that what's happening is the volume is connected to the instance in the libvirt driver, *then* it tries to attach the encryptor and the encryptor attach fails because the fixed_key config option hasn't been set. So the instance spawn fails but the volume remains connected. We need to try-except around the encryptor attach attempt and disconnect the volume before re-raising.

1. Create a new, more specific NovaException for the missing fixed key, for example "FixedKeyNotDefined" and correct the message (it should be "key_manager.fixed_key") [1]

2. Catch FixedKeyNotDefined in the libvirt driver when trying to attach the encryptor and disconnect the volume before re-raising [2]

[1] https://github.com/openstack/nova/blob/233285d/nova/keymgr/conf_key_mgr.py#L67
[2] https://github.com/openstack/nova/blob/233285d/nova/virt/libvirt/driver.py#L1227