cryptsetup should be called with --force-password

Bug #1861120 reported by Eric Harney
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Cinder
Undecided
Eric Harney
os-brick
Undecided
Unassigned

Bug Description

Currently cinder and os-brick perform password quality checking when setting luks passwords -- this is unproductive since we only use long hex strings for passwords.

Skip this checking with "cryptsetup --force-password", since not skipping it means that cinder/brick installations have to rely on cracklib-dicts.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (master)

Fix proposed to branch: master
Review: https://review.opendev.org/704578

Changed in cinder:
assignee: nobody → Eric Harney (eharney)
status: New → In Progress
Revision history for this message
Eric Harney (eharney) wrote :
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to os-brick (master)

Reviewed: https://review.opendev.org/704577
Committed: https://git.openstack.org/cgit/openstack/os-brick/commit/?id=afb7beb7ce98824d5fb789ad8e7577cebae4e41c
Submitter: Zuul
Branch: master

commit afb7beb7ce98824d5fb789ad8e7577cebae4e41c
Author: Eric Harney <email address hidden>
Date: Tue Jan 28 09:12:55 2020 -0500

    Skip cryptsetup password quality checking

    LUKS password quality checking is not useful
    since we only use long hex strings for passwords.

    Not skipping this means that we have to install
    cracklib-dicts for cryptsetup to work, which is
    unnecessary weight.

    Closes-Bug: #1861120

    Change-Id: Idc281be7cf88eeeeefe260877a1fc275d94f2bed

Changed in os-brick:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (master)

Reviewed: https://review.opendev.org/704578
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=7c3621311a320344a2b158a325fb5f797aa16a4a
Submitter: Zuul
Branch: master

commit 7c3621311a320344a2b158a325fb5f797aa16a4a
Author: Eric Harney <email address hidden>
Date: Tue Jan 28 09:14:36 2020 -0500

    Skip cryptsetup password quality checking

    LUKS password quality checking is not useful
    since we only use long hex strings for passwords.

    Not skipping this means that we have to install
    cracklib-dicts for cryptsetup to work, which is
    unnecessary weight.

    Closes-Bug: #1861120

    Change-Id: I1105c16caaf916e9101b6dca34a7f13936ce2240

Changed in cinder:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/707643

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to os-brick (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/707644

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/cinder 16.0.0.0b1

This issue was fixed in the openstack/cinder 16.0.0.0b1 development milestone.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (stable/train)

Reviewed: https://review.opendev.org/707643
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=32bb44973085b48249138e2359be9c843a371a9d
Submitter: Zuul
Branch: stable/train

commit 32bb44973085b48249138e2359be9c843a371a9d
Author: Eric Harney <email address hidden>
Date: Tue Jan 28 09:14:36 2020 -0500

    Skip cryptsetup password quality checking

    LUKS password quality checking is not useful
    since we only use long hex strings for passwords.

    Not skipping this means that we have to install
    cracklib-dicts for cryptsetup to work, which is
    unnecessary weight.

    Closes-Bug: #1861120

    Change-Id: I1105c16caaf916e9101b6dca34a7f13936ce2240
    (cherry picked from commit 7c3621311a320344a2b158a325fb5f797aa16a4a)

tags: added: in-stable-train
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to os-brick (stable/train)

Reviewed: https://review.opendev.org/707644
Committed: https://git.openstack.org/cgit/openstack/os-brick/commit/?id=6461c993bc24a07af0b4240aaccab50eaa018707
Submitter: Zuul
Branch: stable/train

commit 6461c993bc24a07af0b4240aaccab50eaa018707
Author: Eric Harney <email address hidden>
Date: Tue Jan 28 09:12:55 2020 -0500

    Skip cryptsetup password quality checking

    LUKS password quality checking is not useful
    since we only use long hex strings for passwords.

    Not skipping this means that we have to install
    cracklib-dicts for cryptsetup to work, which is
    unnecessary weight.

    Closes-Bug: #1861120

    Change-Id: Idc281be7cf88eeeeefe260877a1fc275d94f2bed
    (cherry picked from commit afb7beb7ce98824d5fb789ad8e7577cebae4e41c)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to os-brick (stable/stein)

Fix proposed to branch: stable/stein
Review: https://review.opendev.org/708696

Changed in os-brick:
milestone: none → 3.0.0
Changed in cinder:
milestone: none → ussuri-3
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/os-brick 3.0.0

This issue was fixed in the openstack/os-brick 3.0.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to os-brick (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.opendev.org/709186

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to os-brick (stable/stein)

Reviewed: https://review.opendev.org/708696
Committed: https://git.openstack.org/cgit/openstack/os-brick/commit/?id=0db2285387e32230471c81eef057c74436a9c82f
Submitter: Zuul
Branch: stable/stein

commit 0db2285387e32230471c81eef057c74436a9c82f
Author: Eric Harney <email address hidden>
Date: Tue Jan 28 09:12:55 2020 -0500

    Skip cryptsetup password quality checking

    LUKS password quality checking is not useful
    since we only use long hex strings for passwords.

    Not skipping this means that we have to install
    cracklib-dicts for cryptsetup to work, which is
    unnecessary weight.

    Closes-Bug: #1861120

    Change-Id: Idc281be7cf88eeeeefe260877a1fc275d94f2bed
    (cherry picked from commit afb7beb7ce98824d5fb789ad8e7577cebae4e41c)
    (cherry picked from commit 6461c993bc24a07af0b4240aaccab50eaa018707)

tags: added: in-stable-stein
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to os-brick (stable/rocky)

Reviewed: https://review.opendev.org/709186
Committed: https://git.openstack.org/cgit/openstack/os-brick/commit/?id=d640c73d9b68bdf200c3e71ddec65b166a571f4b
Submitter: Zuul
Branch: stable/rocky

commit d640c73d9b68bdf200c3e71ddec65b166a571f4b
Author: Eric Harney <email address hidden>
Date: Tue Jan 28 09:12:55 2020 -0500

    Skip cryptsetup password quality checking

    LUKS password quality checking is not useful
    since we only use long hex strings for passwords.

    Not skipping this means that we have to install
    cracklib-dicts for cryptsetup to work, which is
    unnecessary weight.

    Closes-Bug: #1861120

    Change-Id: Idc281be7cf88eeeeefe260877a1fc275d94f2bed
    (cherry picked from commit afb7beb7ce98824d5fb789ad8e7577cebae4e41c)
    (cherry picked from commit 6461c993bc24a07af0b4240aaccab50eaa018707)
    (cherry picked from commit 0db2285387e32230471c81eef057c74436a9c82f)

tags: added: in-stable-rocky
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/os-brick 2.5.10

This issue was fixed in the openstack/os-brick 2.5.10 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/os-brick 2.10.2

This issue was fixed in the openstack/os-brick 2.10.2 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/os-brick 2.8.4

This issue was fixed in the openstack/os-brick 2.8.4 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/cinder 15.1.0

This issue was fixed in the openstack/cinder 15.1.0 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers