2018-04-03 16:41:56 |
Vladyslav Drok |
description |
When following https://docs.openstack.org/cinder/pike/configuration/block-storage/volume-encryption.html, with having barbican setup with dogtag backend, the following issue appears:
openstack volume create --size 1 --type LUKS 'encrypted volume'
The volume gets error status afterwards. Related logs:
Key manager error (HTTP 400) (Request-ID: req-f87b90e4-c209-421b-9cf4-fd36d6b042fd)
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/cliff/app.py", line 400, in run_subcommand
result = cmd.run(parsed_args)
File "/usr/lib/python2.7/dist-packages/osc_lib/command/command.py", line 41, in run
return super(Command, self).run(parsed_args)
File "/usr/lib/python2.7/dist-packages/cliff/display.py", line 113, in run
column_names, data = self.take_action(parsed_args)
File "/usr/lib/python2.7/dist-packages/openstackclient/volume/v2/volume.py", line 222, in take_action
scheduler_hints=parsed_args.hint,
File "/usr/lib/python2.7/dist-packages/cinderclient/v2/volumes.py", line 290, in create
return self._create('/volumes', body, 'volume')
File "/usr/lib/python2.7/dist-packages/cinderclient/base.py", line 324, in _create
resp, body = self.api.client.post(url, body=body)
File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 180, in post
return self._cs_request(url, 'POST', **kwargs)
File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 168, in _cs_request
return self.request(url, method, **kwargs)
File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 154, in request
raise exceptions.from_response(resp, body)
BadRequest: Key manager error (HTTP 400) (Request-ID: req-f87b90e4-c209-421b-9cf4-fd36d6b042fd)
clean_up CreateVolume: Key manager error (HTTP 400) (Request-ID: req-f87b90e4-c209-421b-9cf4-fd36d6b042fd)
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/osc_lib/shell.py", line 134, in run
ret_val = super(OpenStackShell, self).run(argv)
File "/usr/lib/python2.7/dist-packages/cliff/app.py", line 279, in run
result = self.run_subcommand(remainder)
File "/usr/lib/python2.7/dist-packages/osc_lib/shell.py", line 169, in run_subcommand
ret_value = super(OpenStackShell, self).run_subcommand(argv)
File "/usr/lib/python2.7/dist-packages/cliff/app.py", line 400, in run_subcommand
result = cmd.run(parsed_args)
File "/usr/lib/python2.7/dist-packages/osc_lib/command/command.py", line 41, in run
return super(Command, self).run(parsed_args)
File "/usr/lib/python2.7/dist-packages/cliff/display.py", line 113, in run
column_names, data = self.take_action(parsed_args)
File "/usr/lib/python2.7/dist-packages/openstackclient/volume/v2/volume.py", line 222, in take_action
scheduler_hints=parsed_args.hint,
File "/usr/lib/python2.7/dist-packages/cinderclient/v2/volumes.py", line 290, in create
return self._create('/volumes', body, 'volume')
File "/usr/lib/python2.7/dist-packages/cinderclient/base.py", line 324, in _create
resp, body = self.api.client.post(url, body=body)
File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 180, in post
return self._cs_request(url, 'POST', **kwargs)
File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 168, in _cs_request
return self.request(url, method, **kwargs)
File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 154, in request
raise exceptions.from_response(resp, body)
BadRequest: Key manager error (HTTP 400) (Request-ID: req-f87b90e4-c209-421b-9cf4-fd36d6b042fd)
root@ctl01:~# tail -f /var/log/apache2/barbican.error.log
2018-03-28 14:32:45.427 24096 ERROR barbican.tasks.resources File "/usr/lib/python2.7/dist-packages/barbican/tasks/resources.py", line 68, in process_and_suppress_exceptions
2018-03-28 14:32:45.427 24096 ERROR barbican.tasks.resources return self.process(*args, **kwargs)
2018-03-28 14:32:45.427 24096 ERROR barbican.tasks.resources File "/usr/lib/python2.7/dist-packages/barbican/tasks/resources.py", line 113, in process
2018-03-28 14:32:45.427 24096 ERROR barbican.tasks.resources raise e_orig
2018-03-28 14:32:45.427 24096 ERROR barbican.tasks.resources MissingArgumentError: Must supply non-None value argument for SecretStoreMetadatum entry.
When adding mode to the create_key method in castellan, and explicitly passing mode in the cinder/volume/flows/api/create_volume.py to this method (by specifying it in 'barbican:secret_mode' extra_spec of the LUKS volume type), volume gets created successfully.
Ideally, this secret mode should be added to the volume type POST method as a separate argument, and add a corresponding field to VolumeTypeEncryption database model. |
When following https://docs.openstack.org/cinder/pike/configuration/block-storage/volume-encryption.html, with having barbican setup with dogtag backend, the following issue appears:
openstack volume create --size 1 --type LUKS 'encrypted volume'
The volume gets error status afterwards. Related logs:
Key manager error (HTTP 400) (Request-ID: req-f87b90e4-c209-421b-9cf4-fd36d6b042fd)
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/cliff/app.py", line 400, in run_subcommand
result = cmd.run(parsed_args)
File "/usr/lib/python2.7/dist-packages/osc_lib/command/command.py", line 41, in run
return super(Command, self).run(parsed_args)
File "/usr/lib/python2.7/dist-packages/cliff/display.py", line 113, in run
column_names, data = self.take_action(parsed_args)
File "/usr/lib/python2.7/dist-packages/openstackclient/volume/v2/volume.py", line 222, in take_action
scheduler_hints=parsed_args.hint,
File "/usr/lib/python2.7/dist-packages/cinderclient/v2/volumes.py", line 290, in create
return self._create('/volumes', body, 'volume')
File "/usr/lib/python2.7/dist-packages/cinderclient/base.py", line 324, in _create
resp, body = self.api.client.post(url, body=body)
File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 180, in post
return self._cs_request(url, 'POST', **kwargs)
File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 168, in _cs_request
return self.request(url, method, **kwargs)
File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 154, in request
raise exceptions.from_response(resp, body)
BadRequest: Key manager error (HTTP 400) (Request-ID: req-f87b90e4-c209-421b-9cf4-fd36d6b042fd)
clean_up CreateVolume: Key manager error (HTTP 400) (Request-ID: req-f87b90e4-c209-421b-9cf4-fd36d6b042fd)
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/osc_lib/shell.py", line 134, in run
ret_val = super(OpenStackShell, self).run(argv)
File "/usr/lib/python2.7/dist-packages/cliff/app.py", line 279, in run
result = self.run_subcommand(remainder)
File "/usr/lib/python2.7/dist-packages/osc_lib/shell.py", line 169, in run_subcommand
ret_value = super(OpenStackShell, self).run_subcommand(argv)
File "/usr/lib/python2.7/dist-packages/cliff/app.py", line 400, in run_subcommand
result = cmd.run(parsed_args)
File "/usr/lib/python2.7/dist-packages/osc_lib/command/command.py", line 41, in run
return super(Command, self).run(parsed_args)
File "/usr/lib/python2.7/dist-packages/cliff/display.py", line 113, in run
column_names, data = self.take_action(parsed_args)
File "/usr/lib/python2.7/dist-packages/openstackclient/volume/v2/volume.py", line 222, in take_action
scheduler_hints=parsed_args.hint,
File "/usr/lib/python2.7/dist-packages/cinderclient/v2/volumes.py", line 290, in create
return self._create('/volumes', body, 'volume')
File "/usr/lib/python2.7/dist-packages/cinderclient/base.py", line 324, in _create
resp, body = self.api.client.post(url, body=body)
File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 180, in post
return self._cs_request(url, 'POST', **kwargs)
File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 168, in _cs_request
return self.request(url, method, **kwargs)
File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 154, in request
raise exceptions.from_response(resp, body)
BadRequest: Key manager error (HTTP 400) (Request-ID: req-f87b90e4-c209-421b-9cf4-fd36d6b042fd)
root@ctl01:~# tail -f /var/log/apache2/barbican.error.log
2018-03-28 14:32:45.427 24096 ERROR barbican.tasks.resources File "/usr/lib/python2.7/dist-packages/barbican/tasks/resources.py", line 68, in process_and_suppress_exceptions
2018-03-28 14:32:45.427 24096 ERROR barbican.tasks.resources return self.process(*args, **kwargs)
2018-03-28 14:32:45.427 24096 ERROR barbican.tasks.resources File "/usr/lib/python2.7/dist-packages/barbican/tasks/resources.py", line 113, in process
2018-03-28 14:32:45.427 24096 ERROR barbican.tasks.resources raise e_orig
2018-03-28 14:32:45.427 24096 ERROR barbican.tasks.resources MissingArgumentError: Must supply non-None value argument for SecretStoreMetadatum entry.
When adding mode to the create_key method in castellan, and explicitly passing mode in the cinder/volume/flows/api/create_volume.py to this method (by specifying it in 'barbican:secret_mode' extra_spec of the LUKS volume type), volume gets created successfully.
Ideally, this secret mode should be added to the volume type POST method as a separate argument, with a corresponding field addition to VolumeTypeEncryption database model. |
|