cryptsetup should be called with --force-password

Bug #1861120 reported by Eric Harney on 2020-01-28
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Cinder
Undecided
Eric Harney
os-brick
Undecided
Unassigned

Bug Description

Currently cinder and os-brick perform password quality checking when setting luks passwords -- this is unproductive since we only use long hex strings for passwords.

Skip this checking with "cryptsetup --force-password", since not skipping it means that cinder/brick installations have to rely on cracklib-dicts.

Fix proposed to branch: master
Review: https://review.opendev.org/704578

Changed in cinder:
assignee: nobody → Eric Harney (eharney)
status: New → In Progress

Reviewed: https://review.opendev.org/704577
Committed: https://git.openstack.org/cgit/openstack/os-brick/commit/?id=afb7beb7ce98824d5fb789ad8e7577cebae4e41c
Submitter: Zuul
Branch: master

commit afb7beb7ce98824d5fb789ad8e7577cebae4e41c
Author: Eric Harney <email address hidden>
Date: Tue Jan 28 09:12:55 2020 -0500

    Skip cryptsetup password quality checking

    LUKS password quality checking is not useful
    since we only use long hex strings for passwords.

    Not skipping this means that we have to install
    cracklib-dicts for cryptsetup to work, which is
    unnecessary weight.

    Closes-Bug: #1861120

    Change-Id: Idc281be7cf88eeeeefe260877a1fc275d94f2bed

Changed in os-brick:
status: In Progress → Fix Released

Reviewed: https://review.opendev.org/704578
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=7c3621311a320344a2b158a325fb5f797aa16a4a
Submitter: Zuul
Branch: master

commit 7c3621311a320344a2b158a325fb5f797aa16a4a
Author: Eric Harney <email address hidden>
Date: Tue Jan 28 09:14:36 2020 -0500

    Skip cryptsetup password quality checking

    LUKS password quality checking is not useful
    since we only use long hex strings for passwords.

    Not skipping this means that we have to install
    cracklib-dicts for cryptsetup to work, which is
    unnecessary weight.

    Closes-Bug: #1861120

    Change-Id: I1105c16caaf916e9101b6dca34a7f13936ce2240

Changed in cinder:
status: In Progress → Fix Released

This issue was fixed in the openstack/cinder 16.0.0.0b1 development milestone.

Reviewed: https://review.opendev.org/707643
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=32bb44973085b48249138e2359be9c843a371a9d
Submitter: Zuul
Branch: stable/train

commit 32bb44973085b48249138e2359be9c843a371a9d
Author: Eric Harney <email address hidden>
Date: Tue Jan 28 09:14:36 2020 -0500

    Skip cryptsetup password quality checking

    LUKS password quality checking is not useful
    since we only use long hex strings for passwords.

    Not skipping this means that we have to install
    cracklib-dicts for cryptsetup to work, which is
    unnecessary weight.

    Closes-Bug: #1861120

    Change-Id: I1105c16caaf916e9101b6dca34a7f13936ce2240
    (cherry picked from commit 7c3621311a320344a2b158a325fb5f797aa16a4a)

tags: added: in-stable-train

Reviewed: https://review.opendev.org/707644
Committed: https://git.openstack.org/cgit/openstack/os-brick/commit/?id=6461c993bc24a07af0b4240aaccab50eaa018707
Submitter: Zuul
Branch: stable/train

commit 6461c993bc24a07af0b4240aaccab50eaa018707
Author: Eric Harney <email address hidden>
Date: Tue Jan 28 09:12:55 2020 -0500

    Skip cryptsetup password quality checking

    LUKS password quality checking is not useful
    since we only use long hex strings for passwords.

    Not skipping this means that we have to install
    cracklib-dicts for cryptsetup to work, which is
    unnecessary weight.

    Closes-Bug: #1861120

    Change-Id: Idc281be7cf88eeeeefe260877a1fc275d94f2bed
    (cherry picked from commit afb7beb7ce98824d5fb789ad8e7577cebae4e41c)

Changed in os-brick:
milestone: none → 3.0.0
Changed in cinder:
milestone: none → ussuri-3

This issue was fixed in the openstack/os-brick 3.0.0 release.

Reviewed: https://review.opendev.org/708696
Committed: https://git.openstack.org/cgit/openstack/os-brick/commit/?id=0db2285387e32230471c81eef057c74436a9c82f
Submitter: Zuul
Branch: stable/stein

commit 0db2285387e32230471c81eef057c74436a9c82f
Author: Eric Harney <email address hidden>
Date: Tue Jan 28 09:12:55 2020 -0500

    Skip cryptsetup password quality checking

    LUKS password quality checking is not useful
    since we only use long hex strings for passwords.

    Not skipping this means that we have to install
    cracklib-dicts for cryptsetup to work, which is
    unnecessary weight.

    Closes-Bug: #1861120

    Change-Id: Idc281be7cf88eeeeefe260877a1fc275d94f2bed
    (cherry picked from commit afb7beb7ce98824d5fb789ad8e7577cebae4e41c)
    (cherry picked from commit 6461c993bc24a07af0b4240aaccab50eaa018707)

tags: added: in-stable-stein

Reviewed: https://review.opendev.org/709186
Committed: https://git.openstack.org/cgit/openstack/os-brick/commit/?id=d640c73d9b68bdf200c3e71ddec65b166a571f4b
Submitter: Zuul
Branch: stable/rocky

commit d640c73d9b68bdf200c3e71ddec65b166a571f4b
Author: Eric Harney <email address hidden>
Date: Tue Jan 28 09:12:55 2020 -0500

    Skip cryptsetup password quality checking

    LUKS password quality checking is not useful
    since we only use long hex strings for passwords.

    Not skipping this means that we have to install
    cracklib-dicts for cryptsetup to work, which is
    unnecessary weight.

    Closes-Bug: #1861120

    Change-Id: Idc281be7cf88eeeeefe260877a1fc275d94f2bed
    (cherry picked from commit afb7beb7ce98824d5fb789ad8e7577cebae4e41c)
    (cherry picked from commit 6461c993bc24a07af0b4240aaccab50eaa018707)
    (cherry picked from commit 0db2285387e32230471c81eef057c74436a9c82f)

tags: added: in-stable-rocky

This issue was fixed in the openstack/os-brick 2.5.10 release.

This issue was fixed in the openstack/os-brick 2.10.2 release.

This issue was fixed in the openstack/os-brick 2.8.4 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers