tripleo

Unable to rotate fernet keys on containerized deployment

Bug #1713905 reported by Juan Antonio Osorio Robles
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
High
Juan Antonio Osorio Robles
tripleo pike-rc2

Bug Description

The playbook that does the fernet key rotation [1] assumes the standard directory for the keys, which is not the case for containerized environments. It also tries to restart httpd, which won't do any effect for containerized keystone. Thus, it doesn't work.

[1] https://github.com/openstack/tripleo-common/blob/master/playbooks/rotate-keys.yaml

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-common (master)

Fix proposed to branch: master
Review: https://review.openstack.org/499028

Changed in tripleo:
assignee: nobody → Juan Antonio Osorio Robles (juan-osorio-robles)
status: New → In Progress
Emilien Macchi (emilienm)
Changed in tripleo:
milestone: none → pike-rc2
tags: added: pike-backport-potential
Changed in tripleo:
importance: Undecided → High
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-common (master)

Reviewed: https://review.openstack.org/499028
Committed: https://git.openstack.org/cgit/openstack/tripleo-common/commit/?id=0b80b1b0b42828b4f95103c645a889f106a6f773
Submitter: Jenkins
Branch: master

commit 0b80b1b0b42828b4f95103c645a889f106a6f773
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Wed Aug 30 08:32:02 2017 +0300

    Support fernet key rotation with containers

    The original playbook did not support the keystone container, this fixes
    that.

    Change-Id: I758390749961d0ca020e2d73f746d0c85c5286c8
    Closes-Bug: #1713905

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-common (stable/pike)

Fix proposed to branch: stable/pike
Review: https://review.openstack.org/499808

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-common (stable/pike)

Reviewed: https://review.openstack.org/499808
Committed: https://git.openstack.org/cgit/openstack/tripleo-common/commit/?id=511847607a045f2ed306398b72e766c56209abeb
Submitter: Jenkins
Branch: stable/pike

commit 511847607a045f2ed306398b72e766c56209abeb
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Wed Aug 30 08:32:02 2017 +0300

    Support fernet key rotation with containers

    The original playbook did not support the keystone container, this fixes
    that.

    Change-Id: I758390749961d0ca020e2d73f746d0c85c5286c8
    Closes-Bug: #1713905
    (cherry picked from commit 0b80b1b0b42828b4f95103c645a889f106a6f773)

tags: added: in-stable-pike
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-common 7.6.0

This issue was fixed in the openstack/tripleo-common 7.6.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-common 8.0.0

This issue was fixed in the openstack/tripleo-common 8.0.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.