castellan

  1. Bug #1760927
  2. Activity log

Activity log for bug #1760927

Date Who What changed Old value New value Message
2018-04-03 16:37:43 Vladyslav Drok bug added bug
2018-04-03 16:38:09 Vladyslav Drok bug task added castellan
2018-04-03 16:41:56 Vladyslav Drok description When following https://docs.openstack.org/cinder/pike/configuration/block-storage/volume-encryption.html, with having barbican setup with dogtag backend, the following issue appears: openstack volume create --size 1 --type LUKS 'encrypted volume' The volume gets error status afterwards. Related logs: Key manager error (HTTP 400) (Request-ID: req-f87b90e4-c209-421b-9cf4-fd36d6b042fd) Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/cliff/app.py", line 400, in run_subcommand result = cmd.run(parsed_args) File "/usr/lib/python2.7/dist-packages/osc_lib/command/command.py", line 41, in run return super(Command, self).run(parsed_args) File "/usr/lib/python2.7/dist-packages/cliff/display.py", line 113, in run column_names, data = self.take_action(parsed_args) File "/usr/lib/python2.7/dist-packages/openstackclient/volume/v2/volume.py", line 222, in take_action scheduler_hints=parsed_args.hint, File "/usr/lib/python2.7/dist-packages/cinderclient/v2/volumes.py", line 290, in create return self._create('/volumes', body, 'volume') File "/usr/lib/python2.7/dist-packages/cinderclient/base.py", line 324, in _create resp, body = self.api.client.post(url, body=body) File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 180, in post return self._cs_request(url, 'POST', **kwargs) File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 168, in _cs_request return self.request(url, method, **kwargs) File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 154, in request raise exceptions.from_response(resp, body) BadRequest: Key manager error (HTTP 400) (Request-ID: req-f87b90e4-c209-421b-9cf4-fd36d6b042fd) clean_up CreateVolume: Key manager error (HTTP 400) (Request-ID: req-f87b90e4-c209-421b-9cf4-fd36d6b042fd) Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/osc_lib/shell.py", line 134, in run ret_val = super(OpenStackShell, self).run(argv) File "/usr/lib/python2.7/dist-packages/cliff/app.py", line 279, in run result = self.run_subcommand(remainder) File "/usr/lib/python2.7/dist-packages/osc_lib/shell.py", line 169, in run_subcommand ret_value = super(OpenStackShell, self).run_subcommand(argv) File "/usr/lib/python2.7/dist-packages/cliff/app.py", line 400, in run_subcommand result = cmd.run(parsed_args) File "/usr/lib/python2.7/dist-packages/osc_lib/command/command.py", line 41, in run return super(Command, self).run(parsed_args) File "/usr/lib/python2.7/dist-packages/cliff/display.py", line 113, in run column_names, data = self.take_action(parsed_args) File "/usr/lib/python2.7/dist-packages/openstackclient/volume/v2/volume.py", line 222, in take_action scheduler_hints=parsed_args.hint, File "/usr/lib/python2.7/dist-packages/cinderclient/v2/volumes.py", line 290, in create return self._create('/volumes', body, 'volume') File "/usr/lib/python2.7/dist-packages/cinderclient/base.py", line 324, in _create resp, body = self.api.client.post(url, body=body) File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 180, in post return self._cs_request(url, 'POST', **kwargs) File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 168, in _cs_request return self.request(url, method, **kwargs) File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 154, in request raise exceptions.from_response(resp, body) BadRequest: Key manager error (HTTP 400) (Request-ID: req-f87b90e4-c209-421b-9cf4-fd36d6b042fd) root@ctl01:~# tail -f /var/log/apache2/barbican.error.log 2018-03-28 14:32:45.427 24096 ERROR barbican.tasks.resources File "/usr/lib/python2.7/dist-packages/barbican/tasks/resources.py", line 68, in process_and_suppress_exceptions 2018-03-28 14:32:45.427 24096 ERROR barbican.tasks.resources return self.process(*args, **kwargs) 2018-03-28 14:32:45.427 24096 ERROR barbican.tasks.resources File "/usr/lib/python2.7/dist-packages/barbican/tasks/resources.py", line 113, in process 2018-03-28 14:32:45.427 24096 ERROR barbican.tasks.resources raise e_orig 2018-03-28 14:32:45.427 24096 ERROR barbican.tasks.resources MissingArgumentError: Must supply non-None value argument for SecretStoreMetadatum entry. When adding mode to the create_key method in castellan, and explicitly passing mode in the cinder/volume/flows/api/create_volume.py to this method (by specifying it in 'barbican:secret_mode' extra_spec of the LUKS volume type), volume gets created successfully. Ideally, this secret mode should be added to the volume type POST method as a separate argument, and add a corresponding field to VolumeTypeEncryption database model. When following https://docs.openstack.org/cinder/pike/configuration/block-storage/volume-encryption.html, with having barbican setup with dogtag backend, the following issue appears: openstack volume create --size 1 --type LUKS 'encrypted volume' The volume gets error status afterwards. Related logs: Key manager error (HTTP 400) (Request-ID: req-f87b90e4-c209-421b-9cf4-fd36d6b042fd) Traceback (most recent call last):   File "/usr/lib/python2.7/dist-packages/cliff/app.py", line 400, in run_subcommand     result = cmd.run(parsed_args)   File "/usr/lib/python2.7/dist-packages/osc_lib/command/command.py", line 41, in run     return super(Command, self).run(parsed_args)   File "/usr/lib/python2.7/dist-packages/cliff/display.py", line 113, in run     column_names, data = self.take_action(parsed_args)   File "/usr/lib/python2.7/dist-packages/openstackclient/volume/v2/volume.py", line 222, in take_action     scheduler_hints=parsed_args.hint,   File "/usr/lib/python2.7/dist-packages/cinderclient/v2/volumes.py", line 290, in create     return self._create('/volumes', body, 'volume')   File "/usr/lib/python2.7/dist-packages/cinderclient/base.py", line 324, in _create     resp, body = self.api.client.post(url, body=body)   File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 180, in post     return self._cs_request(url, 'POST', **kwargs)   File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 168, in _cs_request     return self.request(url, method, **kwargs)   File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 154, in request     raise exceptions.from_response(resp, body) BadRequest: Key manager error (HTTP 400) (Request-ID: req-f87b90e4-c209-421b-9cf4-fd36d6b042fd) clean_up CreateVolume: Key manager error (HTTP 400) (Request-ID: req-f87b90e4-c209-421b-9cf4-fd36d6b042fd) Traceback (most recent call last):   File "/usr/lib/python2.7/dist-packages/osc_lib/shell.py", line 134, in run     ret_val = super(OpenStackShell, self).run(argv)   File "/usr/lib/python2.7/dist-packages/cliff/app.py", line 279, in run     result = self.run_subcommand(remainder)   File "/usr/lib/python2.7/dist-packages/osc_lib/shell.py", line 169, in run_subcommand     ret_value = super(OpenStackShell, self).run_subcommand(argv)   File "/usr/lib/python2.7/dist-packages/cliff/app.py", line 400, in run_subcommand     result = cmd.run(parsed_args)   File "/usr/lib/python2.7/dist-packages/osc_lib/command/command.py", line 41, in run     return super(Command, self).run(parsed_args)   File "/usr/lib/python2.7/dist-packages/cliff/display.py", line 113, in run     column_names, data = self.take_action(parsed_args)   File "/usr/lib/python2.7/dist-packages/openstackclient/volume/v2/volume.py", line 222, in take_action     scheduler_hints=parsed_args.hint,   File "/usr/lib/python2.7/dist-packages/cinderclient/v2/volumes.py", line 290, in create     return self._create('/volumes', body, 'volume')   File "/usr/lib/python2.7/dist-packages/cinderclient/base.py", line 324, in _create     resp, body = self.api.client.post(url, body=body)   File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 180, in post     return self._cs_request(url, 'POST', **kwargs)   File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 168, in _cs_request     return self.request(url, method, **kwargs)   File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 154, in request     raise exceptions.from_response(resp, body) BadRequest: Key manager error (HTTP 400) (Request-ID: req-f87b90e4-c209-421b-9cf4-fd36d6b042fd) root@ctl01:~# tail -f /var/log/apache2/barbican.error.log 2018-03-28 14:32:45.427 24096 ERROR barbican.tasks.resources File "/usr/lib/python2.7/dist-packages/barbican/tasks/resources.py", line 68, in process_and_suppress_exceptions 2018-03-28 14:32:45.427 24096 ERROR barbican.tasks.resources return self.process(*args, **kwargs) 2018-03-28 14:32:45.427 24096 ERROR barbican.tasks.resources File "/usr/lib/python2.7/dist-packages/barbican/tasks/resources.py", line 113, in process 2018-03-28 14:32:45.427 24096 ERROR barbican.tasks.resources raise e_orig 2018-03-28 14:32:45.427 24096 ERROR barbican.tasks.resources MissingArgumentError: Must supply non-None value argument for SecretStoreMetadatum entry. When adding mode to the create_key method in castellan, and explicitly passing mode in the cinder/volume/flows/api/create_volume.py to this method (by specifying it in 'barbican:secret_mode' extra_spec of the LUKS volume type), volume gets created successfully. Ideally, this secret mode should be added to the volume type POST method as a separate argument, with a corresponding field addition to VolumeTypeEncryption database model.
2018-04-03 20:57:05 Eric Harney tags encryption
2018-04-03 20:57:09 Eric Harney cinder: status New Incomplete
2018-04-04 13:33:57 Eric Harney bug task added barbican
2018-04-04 13:34:04 Eric Harney cinder: status Incomplete Invalid
2018-04-04 15:52:46 Vladyslav Drok barbican: status New Invalid
2018-04-04 15:52:52 Vladyslav Drok castellan: status New Invalid