Creation of encrypted volume fails when barbican backend is dogtag
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Barbican |
Invalid
|
Undecided
|
Unassigned | ||
Cinder |
Invalid
|
Undecided
|
Unassigned | ||
castellan |
Invalid
|
Undecided
|
Unassigned |
Bug Description
When following https:/
openstack volume create --size 1 --type LUKS 'encrypted volume'
The volume gets error status afterwards. Related logs:
Key manager error (HTTP 400) (Request-ID: req-f87b90e4-
Traceback (most recent call last):
File "/usr/lib/
result = cmd.run(
File "/usr/lib/
return super(Command, self).run(
File "/usr/lib/
column_names, data = self.take_
File "/usr/lib/
scheduler_
File "/usr/lib/
return self._create(
File "/usr/lib/
resp, body = self.api.
File "/usr/lib/
return self._cs_
File "/usr/lib/
return self.request(url, method, **kwargs)
File "/usr/lib/
raise exceptions.
BadRequest: Key manager error (HTTP 400) (Request-ID: req-f87b90e4-
clean_up CreateVolume: Key manager error (HTTP 400) (Request-ID: req-f87b90e4-
Traceback (most recent call last):
File "/usr/lib/
ret_val = super(OpenStack
File "/usr/lib/
result = self.run_
File "/usr/lib/
ret_value = super(OpenStack
File "/usr/lib/
result = cmd.run(
File "/usr/lib/
return super(Command, self).run(
File "/usr/lib/
column_names, data = self.take_
File "/usr/lib/
scheduler_
File "/usr/lib/
return self._create(
File "/usr/lib/
resp, body = self.api.
File "/usr/lib/
return self._cs_
File "/usr/lib/
return self.request(url, method, **kwargs)
File "/usr/lib/
raise exceptions.
BadRequest: Key manager error (HTTP 400) (Request-ID: req-f87b90e4-
root@ctl01:~# tail -f /var/log/
2018-03-28 14:32:45.427 24096 ERROR barbican.
2018-03-28 14:32:45.427 24096 ERROR barbican.
2018-03-28 14:32:45.427 24096 ERROR barbican.
2018-03-28 14:32:45.427 24096 ERROR barbican.
2018-03-28 14:32:45.427 24096 ERROR barbican.
When adding mode to the create_key method in castellan, and explicitly passing mode in the cinder/
Ideally, this secret mode should be added to the volume type POST method as a separate argument, with a corresponding field addition to VolumeTypeEncry
description: | updated |
Can you explain a bit more why Cinder needs code to supply this dogtag flag? Can the right value not be supplied by Castellan by default?