puppet-openstack-integration

Key manager is always overridden to ConfKeyManager

Bug #1621109 reported by Kaitlin Farr
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Cinder
Fix Released
High
Kaitlin Farr
Cinder ocata-1 "o1"
puppet-openstack-integration
Fix Released
High
Unassigned

Bug Description

When key_manager.api_class is set in the cinder config file, the changes will not be reflected in the service and the service will always try to use ConfKeyManager.

cinder/keymgr/__init__.py includes some logic to maintain backwards compatibility, and sets the key manager to be ConfKeyManager if none is set. This code worked correctly at first because it used oslo config objects that had been properly initialized with values from the config file. However, as the key manager code was used in other areas of the project, it seems as though the logic to handle backwards compatibility is called on config objects too early in the service initialization process. Using a python debugger, it seems as though the first time the key manager initialization is called, the oslo config object passed in to the does not yet have the api_class option read in from the config file, and so the key manager initialization will override the option with the ConfKeyManager.

Kaitlin Farr (kaitlin-farr)
Changed in cinder:
assignee: nobody → Kaitlin Farr (kaitlin-farr)
OpenStack Infra (hudson-openstack)
Changed in cinder:
status: New → In Progress
Emilien Macchi (emilienm)
Changed in puppet-openstack-integration:
status: New → Confirmed
importance: Undecided → High
Revision history for this message
Eric Harney (eharney) wrote :

https://review.openstack.org/#/c/366750/

Changed in cinder:
importance: Undecided → High
milestone: none → newton-rc1
Revision history for this message
Sean McGinnis (sean-mcginnis) wrote :

Didn't get linked for some reason - here is the Cinder review:

https://review.openstack.org/#/c/366750/

Revision history for this message
Sean McGinnis (sean-mcginnis) wrote :

Must have had a stale view from that last comment.

Sean McGinnis (sean-mcginnis)
Changed in cinder:
milestone: newton-rc1 → ocata-1
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (stable/newton)

Fix proposed to branch: stable/newton
Review: https://review.openstack.org/376992

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (master)

Reviewed: https://review.openstack.org/366750
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=b66d4d997cf371d4d451aa9e57d351f4e045fc8d
Submitter: Jenkins
Branch: master

commit b66d4d997cf371d4d451aa9e57d351f4e045fc8d
Author: Kaitlin Farr <email address hidden>
Date: Wed Sep 7 13:21:33 2016 -0400

    Modifies override logic for key_manager

    Makes the logic for overriding config options for the key_manager
    more robust.

    Before this patch, the override logic seemed to be called before the global
    CONF object has been populated with values from the configuration file.
    ConfKeyManager, the default for if no value had been specified, would be
    used to override the value for api_class. Then when CONF was populated
    with the actual values, the ConfKeyManager override value would still be
    set.

    This patch makes the logic a little bit more robust so that the value
    is only overriden if explicitly passed into the function, not at the
    global scope outside of the function.

    SecurityImpact

    Closes-Bug: 1621109
    Change-Id: Id5f83f69fd3a877459fab924c005047e55f98c7b

Changed in cinder:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (stable/newton)

Reviewed: https://review.openstack.org/376992
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=96948e48b140a9a47d26bf805230df41a44c9c00
Submitter: Jenkins
Branch: stable/newton

commit 96948e48b140a9a47d26bf805230df41a44c9c00
Author: Kaitlin Farr <email address hidden>
Date: Wed Sep 7 13:21:33 2016 -0400

    Modifies override logic for key_manager

    Makes the logic for overriding config options for the key_manager
    more robust.

    Before this patch, the override logic seemed to be called before the global
    CONF object has been populated with values from the configuration file.
    ConfKeyManager, the default for if no value had been specified, would be
    used to override the value for api_class. Then when CONF was populated
    with the actual values, the ConfKeyManager override value would still be
    set.

    This patch makes the logic a little bit more robust so that the value
    is only overriden if explicitly passed into the function, not at the
    global scope outside of the function.

    SecurityImpact

    Closes-Bug: 1621109
    Change-Id: Id5f83f69fd3a877459fab924c005047e55f98c7b
    (cherry picked from commit b66d4d997cf371d4d451aa9e57d351f4e045fc8d)

tags: added: in-stable-newton
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/cinder 9.1.0

This issue was fixed in the openstack/cinder 9.1.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/cinder 10.0.0.0b1

This issue was fixed in the openstack/cinder 10.0.0.0b1 development milestone.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/cinder 9.1.0

This issue was fixed in the openstack/cinder 9.1.0 release.

Tobias Urdin (tobias-urdin)
Changed in puppet-openstack-integration:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.