keystone-fernet cron job not triggering, results in keys not rotating
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kolla-ansible |
Fix Released
|
High
|
Michal Nasiadka | ||
Victoria |
Fix Released
|
High
|
Michal Nasiadka |
Bug Description
**Bug Report**
What happened:
in the keystone-fernet container you can see the cronjob is setup but does not seem to be working. I can manually run /usr/bin/
```
(keystone-
PATH=/var/
0 0 * * 0 /usr/bin/
(keystone-
Tue 06 Oct 2020 05:53:15 PM UTC
```
You can see the keys below were not rotated:
```
(keystone-
total 20K
drwxrwx--- 2 keystone keystone 4.0K Sep 28 17:27 .
drwxr-xr-x 1 keystone keystone 4.0K Sep 28 17:43 ..
-rw------- 1 keystone keystone 44 Sep 28 17:27 0
-rw------- 1 keystone keystone 44 Sep 25 12:32 3
-rw------- 1 keystone keystone 44 Sep 25 16:07 4
```
in my /etc/kolla/
```
fernet_
fernet_
```
This causes a problem when I try to restart the keystone containers because the get caught in a restart loop because the primary fernet key is expired. similar to what is reported in
https:/
What you expected to happen:
I expected the fernet-rotate.sh script to run on sunday at 00:00.
How to reproduce it:
considering the issue is the script is not running at the specified date and time, i'm not sure how to reproduce it because I don't know the cause. However I'm open to suggestions.
**Environment**:
* OS (e.g. from /etc/os-release):
Ubuntu server 20.04.1 LTS
* Kernel (e.g. `uname -a`):
5.4.0-48-generic
* Docker version if applicable (e.g. `docker version`):
Docker version 19.03.13, build 4484c46d9d
* Kolla-Ansible version (e.g. `git head or tag or stable branch` or pip package version if using release):
git head 7e91cb8f542493a
* Docker image Install type (source/binary):
source
* Docker image distribution:
ubuntu
* Are you using official images from Docker Hub or self built?
docker hub
* If self built - Kolla version and environment used to build:
* Share your inventory file, globals.yml and other configuration files if relevant
uploaded.
Changed in kolla-ansible: | |
importance: | Undecided → High |
milestone: | none → 11.0.0 |
Changed in kolla-ansible: | |
status: | Incomplete → In Progress |
Hello Joel, can you please try to apply that patch on your kolla-ansible https:/ /review. opendev. org/#/c/ 756083/ - it will add some logging to the script, and we could investigate if it's really running or not.