Heat puppet module isn't HA aware
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cisco Openstack |
New
|
Undecided
|
Unassigned | ||
puppet-heat |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
I'm having issues with the heat puppet module. It appears that the auth_encryption_key gets set different on all the mgmt nodes.
I've found the offending code in modules/
It would probably be best to simply expose auth_encryption_key to be set by the puppet admin or default it to a string.
service { 'heat-engine':
ensure => $service_ensure,
name => $::heat:
enable => $enabled,
hasstatus => true,
hasrestart => true,
require => [ File['/
subscribe => Exec['heat-
}
exec {'heat-
#/// Hello. on my own I'm not a bad piece of code but in this context I'm dangerous ///
command => 'sed -i".bak" "s/%ENCRYPTION_
path => [ '/usr/bin', '/bin'],
onlyif => 'grep -c %ENCRYPTION_KEY% /etc/heat/
require => File['/
}
heat_config {
#/// Below it gets even better. We can't check to see if Encryption_key is set to anything but we'll set it anyway :-)
'DEFAULT/
'DEFAULT/
'DEFAULT/
'DEFAULT/
'DEFAULT/
}
auth_encryption_key is exposed in engine.pp and easily set now - this is an old ticket and I'm pretty sure from looking at engine.pp that the original issue is long resolved, so I'll mark it as fix released.
The encryption_key is enforced, but if you declare it in heat::engine then you get a consistent result across cluster nodes.