kolla-ansible

barbican_crypto_password is missing in passwords.yml file

Bug #1683216 reported by Jeffrey Zhang
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kolla-ansible
Fix Released
Undecided
Jeffrey Zhang
kolla-ansible pike-2 "pike"
Ocata
Fix Released
Undecided
Unassigned

Bug Description

barbican_crypto_password need to be added into passwords.yml

Jeffrey Zhang (jeffrey4l)
Changed in kolla-ansible:
milestone: none → pike-1
assignee: nobody → Jeffrey Zhang (jeffrey4l)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (master)

Fix proposed to branch: master
Review: https://review.openstack.org/457117

Changed in kolla-ansible:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (master)

Reviewed: https://review.openstack.org/457117
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=fb9ab70e6f7dddbbfaa36a34babfc2273efa1fd6
Submitter: Jenkins
Branch: master

commit fb9ab70e6f7dddbbfaa36a34babfc2273efa1fd6
Author: Jeffrey Zhang <email address hidden>
Date: Mon Apr 17 10:27:39 2017 +0800

    Add barbican_crypto_password key in passwords.yml file

    Change-Id: Ib966858f0422521e8896404ad458ea23143083e0
    Closes-Bug: #1683216

Changed in kolla-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/ocata)

Reviewed: https://review.openstack.org/457141
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=4f3697f3cbd918a99347a23f68b83f65244b19db
Submitter: Jenkins
Branch: stable/ocata

commit 4f3697f3cbd918a99347a23f68b83f65244b19db
Author: Jeffrey Zhang <email address hidden>
Date: Mon Apr 17 10:27:39 2017 +0800

    Add barbican_crypto_password key in passwords.yml file

    Change-Id: Ib966858f0422521e8896404ad458ea23143083e0
    Closes-Bug: #1683216
    (cherry picked from commit fb9ab70e6f7dddbbfaa36a34babfc2273efa1fd6)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 4.0.1

This issue was fixed in the openstack/kolla-ansible 4.0.1 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 5.0.0.0b2

This issue was fixed in the openstack/kolla-ansible 5.0.0.0b2 development milestone.

Revision history for this message
Mark Goddard (mgoddard) wrote :

Related bug: https://bugs.launchpad.net/kolla-ansible/+bug/1699476

I think that barbican_crypto_password was actually a typo and should have been barbican_crypto_key.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to kolla-ansible (master)

Reviewed: https://review.openstack.org/476090
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=2e4359069e8a50f83fe0dca1103d935212dd2703
Submitter: Jenkins
Branch: master

commit 2e4359069e8a50f83fe0dca1103d935212dd2703
Author: Mark Goddard <email address hidden>
Date: Wed Jun 21 11:53:14 2017 +0100

    Barbican simple_crypto plugin broken - invalid key

    When using the simple_crypto plugin, barbican expects the
    [simple_crypto_plugin] kek config value to be a base64-encoded 32 byte
    value. However, kolla-ansible is providing a standard autogenerated
    password.

    There are two relevant variables in kolla-ansible -
    barbican_crypto_password (a standard password) and barbican_crypto_key
    (a HMAC-SHA256 key). There is no use of barbican_crypto_key other than
    when it is generated. barbican_crypto_password is used to set the
    [simple_crypto_plugin] kek config value but causes an error when the
    simple_crypto plugin is used as the value is not in the expected format.
    Using barbican_crypto_key instead resolves the error. Clearly there is a
    naming issue here and we should be using barbican_crypto_key instead of
    barbican_crypto_password.

    This change removes the barbican_crypto_password variable and uses
    barbican_crypto_key instead.

    Change-Id: I63e2b381c260265e5901ee88ca0a649d96952bda
    Closes-Bug: #1699014
    Related-Bug: #1683216
    Co-Authored-By: Stig Telfer <email address hidden>

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to kolla-ansible (stable/ocata)

Related fix proposed to branch: stable/ocata
Review: https://review.openstack.org/491251

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to kolla-ansible (stable/ocata)

Reviewed: https://review.openstack.org/491251
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=24b49ed83eb232f43de5a455a83f35f4cd67e443
Submitter: Zuul
Branch: stable/ocata

commit 24b49ed83eb232f43de5a455a83f35f4cd67e443
Author: Mark Goddard <email address hidden>
Date: Wed Jun 21 11:53:14 2017 +0100

    Barbican simple_crypto plugin broken - invalid key

    When using the simple_crypto plugin, barbican expects the
    [simple_crypto_plugin] kek config value to be a base64-encoded 32 byte
    value. However, kolla-ansible is providing a standard autogenerated
    password.

    There are two relevant variables in kolla-ansible -
    barbican_crypto_password (a standard password) and barbican_crypto_key
    (a HMAC-SHA256 key). There is no use of barbican_crypto_key other than
    when it is generated. barbican_crypto_password is used to set the
    [simple_crypto_plugin] kek config value but causes an error when the
    simple_crypto plugin is used as the value is not in the expected format.
    Using barbican_crypto_key instead resolves the error. Clearly there is a
    naming issue here and we should be using barbican_crypto_key instead of
    barbican_crypto_password.

    This change removes the barbican_crypto_password variable and uses
    barbican_crypto_key instead.

    Change-Id: I63e2b381c260265e5901ee88ca0a649d96952bda
    Closes-Bug: #1699014
    Related-Bug: #1683216
    Co-Authored-By: Stig Telfer <email address hidden>
    (cherry picked from commit 2e4359069e8a50f83fe0dca1103d935212dd2703)

tags: added: in-stable-ocata
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.