puppet-heat

auth_encryption_key parameter is overwritten at every puppet run

Bug #1249280 reported by Simon Pasquier
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
puppet-heat
Fix Released
Medium
François Charlier
puppet-heat 4.0.0 "4.0.0"
Havana
Fix Released
Medium
Unassigned
puppet-heat 3.0.0 "3.0.0"

Bug Description

Every time, the heat::engine manifest is executed, it generates a new value for auth_encryption_key. This is highly undesirable because it breaks requests to the CFN API (at least).

The problem is that heat_config [0] is always executed so the 'onlyif' condition of heat-encryption-key-replacement [1] is always true.

[0] https://github.com/stackforge/puppet-heat/blob/master/manifests/engine.pp#L48
[1] https://github.com/stackforge/puppet-heat/blob/master/manifests/engine.pp#L41

Revision history for this message
Benedikt Trefzer (benedikt-trefzer) wrote :

I can confirm this behaviour.

the 'onlyif' statement is correct. but for each puppetrun the key is overwritten with the pattern:

notice: /Stage[main]/Heat::Engine/Heat_config[DEFAULT/auth_encryption_key]/value: value changed '27341f3aa61cdb4ec5d0ae62e7803838' to '%ENCRYPTION_KEY%'
info: /Stage[main]/Heat::Engine/Heat_config[DEFAULT/auth_encryption_key]: Scheduling refresh of Service[heat-engine]
notice: /Stage[main]/Heat::Engine/Exec[heat-encryption-key-replacement]/returns: executed successfully

I suggest, to remove the automatic generation of auth_encryption_key, and use a parameter.
This also makes it possible to setup more than one heat-engine, or to move ist to another node etc.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-heat (master)

Fix proposed to branch: master
Review: https://review.openstack.org/57881

Changed in puppet-heat:
assignee: nobody → Benedikt Trefzer (benedikt-trefzer)
status: New → In Progress
Emilien Macchi (emilienm)
Changed in puppet-heat:
assignee: Benedikt Trefzer (benedikt-trefzer) → Emilien Macchi (emilienm)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.openstack.org/61106

Changed in puppet-heat:
assignee: Emilien Macchi (emilienm) → François Charlier (francois-charlier)
Emilien Macchi (emilienm)
Changed in puppet-heat:
importance: Undecided → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-heat (master)

Reviewed: https://review.openstack.org/61106
Committed: https://git.openstack.org/cgit/stackforge/puppet-heat/commit/?id=9a885b068b90e1e9d89a6ceee7b857b06fc090ea
Submitter: Jenkins
Branch: master

commit 9a885b068b90e1e9d89a6ceee7b857b06fc090ea
Author: François Charlier <email address hidden>
Date: Tue Dec 10 12:51:10 2013 +0100

    make auth_encryption_key a parameter

    Also add tests for heat::engine

    Change-Id: Ic84344060eaad006026fb6b66d569efa3d2592e3
    Closes-Bug: #1249280

Changed in puppet-heat:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-heat (stable/havana)

Fix proposed to branch: stable/havana
Review: https://review.openstack.org/65077

tags: added: in-stable-havana
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-heat (stable/havana)

Reviewed: https://review.openstack.org/65077
Committed: https://git.openstack.org/cgit/stackforge/puppet-heat/commit/?id=ea456832f3c36604fbc126b86711006e53a61a8c
Submitter: Jenkins
Branch: stable/havana

commit ea456832f3c36604fbc126b86711006e53a61a8c
Author: François Charlier <email address hidden>
Date: Tue Dec 10 12:51:10 2013 +0100

    make auth_encryption_key a parameter

    Also add tests for heat::engine

    Change-Id: Ic84344060eaad006026fb6b66d569efa3d2592e3
    Closes-Bug: #1249280
    (cherry picked from commit 9a885b068b90e1e9d89a6ceee7b857b06fc090ea)

Mathieu Gagné (mgagne)
Changed in puppet-heat:
milestone: none → 3.0.0
Mathieu Gagné (mgagne)
Changed in puppet-heat:
milestone: 3.0.0 → none
Matt Fischer (mfisch)
Changed in puppet-heat:
milestone: none → 4.0.0
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.