Fernet keys are lost during Rocky->Stein upgrade
Bug #1833414 reported by
Jonathan Rosser
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack-Ansible |
Fix Released
|
Undecided
|
Jonathan Rosser |
Bug Description
With the transition to smart sources the /etc/keystone/.... directory is relocated from the host to be symlinked into the keystone venv.
The os_keystone role deletes the original contents of /etc/keystone here https:/
This very undesirable behaviour with existing tokens failing and credential keys being lost.
Changed in openstack-ansible: | |
assignee: | nobody → Jonathan Rosser (jrosser) |
status: | New → In Progress |
To post a comment you must log in.
One note about this bug, this affects not only fernet keys but also credential keys.
Fernet key loss is recoverable. Your tokens are invalidated but you can always log back in and obtain another token.
Credential key loss is unrecoverable. All credential keys stored in the database are encrypted by the credential keys, and losing the credential key repository invalidates them all permanently.