Legacy nova/cinder key manager not specified when it needs to be

Bug #1706389 reported by Alan Bishop on 2017-07-25
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
High
Alan Bishop

Bug Description

TripleO configures the proper Cinder/Nova key manager for Barbican deployments, but no key manager is
specified when Barbican isn't deployed. However, Cinder's and Nova's key manager no longer defaults to their legacy (fixed key) implementations [0],[1].

In order for non-Barbican deployments to work, TripleO must proactively enable the legacy key managers in Cinder and Nova.

[0] https://review.openstack.org/484501
[1] https://review.openstack.org/485322

Changed in tripleo:
assignee: nobody → Alan Bishop (alan-bishop)
Changed in tripleo:
status: New → Triaged
importance: Undecided → Medium
milestone: none → pike-rc1
importance: Medium → High
Changed in tripleo:
status: Triaged → In Progress
tags: added: upgrade

Reviewed: https://review.openstack.org/488509
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=5ae3fab74381403cc76525ba3ff63a60836c17c1
Submitter: Jenkins
Branch: master

commit 5ae3fab74381403cc76525ba3ff63a60836c17c1
Author: Alan Bishop <email address hidden>
Date: Fri Jul 28 10:30:27 2017 -0400

    Fix legacy nova/cinder encryption key manager configuration

    Recent changes in Nova [0] and Cinder [1] result in Barbican being selected
    as the default encryption key manager, even when TripleO is not deploying
    Barbican.

    This change ensures the legacy key manager is enabled when no key manager
    (such as Barbican) has been specified. This restores the previous behavior,
    where the legacy key manager was enabled by default.

    [0] https://review.openstack.org/484501
    [1] https://review.openstack.org/485322

    Closes-Bug: #1706389
    Change-Id: Idc92f7a77cde757538eaac51c4ad8dc397f9c3d3

Changed in tripleo:
status: In Progress → Fix Released

This issue was fixed in the openstack/puppet-tripleo 7.3.0 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers