booting should succeed even if vault is unavailable
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Bionic Backports |
Fix Released
|
Undecided
|
James Page | ||
Ceph OSD Charm |
Invalid
|
High
|
James Page | ||
Ubuntu Cloud Archive |
Invalid
|
Undecided
|
Unassigned | ||
Queens |
Fix Released
|
High
|
James Page | ||
vaultlocker |
Fix Released
|
High
|
James Page | ||
vaultlocker (Ubuntu) |
Fix Released
|
High
|
James Page | ||
Cosmic |
Fix Released
|
High
|
James Page | ||
Disco |
Fix Released
|
High
|
James Page |
Bug Description
[Impact]
decrypt of vaultlocker encrypted block devices blocks the network-
[Test Case]
Deploy ceph+vaultlocke
Power cycle all servers
Servers never get to multiuser.target as vaultlocker-decrypt services block network-
[Regression Potential]
The proposed fix drops the Before=
[Original bug report]
If ceph is using vault secrets to encrypt its volumes and vault is not available, booting is not possible without manual intervention, as the ceph-volume and vaultlocker-decrypt services will hang forever.
In case of a full cloud outage, bootstrapping the mysql and vault nodes will require quite a bit of manual intervention, as all required nodes will have to be booted in single user mode to bypass the volume decryption services.
Decryption of the ceph volumes should instead timeout, and allow the rest of the machine to complete the boot sequence.
description: | updated |
description: | updated |
description: | updated |
Changed in bionic-backports: | |
status: | In Progress → Fix Released |
tags: | added: uosci |
Changed in vaultlocker: | |
status: | Fix Committed → Fix Released |
I incorrectly duped this against bug 1804261 but they are not the same issue.