tripleo

TLS everywhere hardcode lowercase network names

Bug #1830852 reported by Harald Jensås
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
High
Harald Jensås
tripleo train-1

Bug Description

In THT the lowercase network names are hardcoded:

https://github.com/openstack/tripleo-heat-templates/blob/master/extraconfig/nova_metadata/krb-service-principals/role.role.j2.yaml#L74-L78

{%- for network in networks if network.vip|default(false) and network.name in role.networks %}
{%- if network.name == 'External' %}
              external: {get_param: CloudName}
{%- elif network.name == 'InternalApi' %}
              internal_api: {get_param: CloudNameInternal}
{%- elif network.name == 'StorageMgmt' %}
              storage_mgmt: {get_param: CloudNameStorageManagement}
{%- else %}
              {{network.name_lower}}: {get_param: CloudName{{network.name}}}
{%- endif %}
{%- endfor %}

{{network.name_lower}} should always be used. It is possible a user change the 'network.name_lower' while not changeing the 'natwork.name'.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (master)

Fix proposed to branch: master
Review: https://review.opendev.org/661905

Changed in tripleo:
assignee: nobody → Harald Jensås (harald-jensas)
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (master)

Reviewed: https://review.opendev.org/661905
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=c0fcf8674d5f7c5c0cec1179fa56ef4536d5c5fb
Submitter: Zuul
Branch: master

commit c0fcf8674d5f7c5c0cec1179fa56ef4536d5c5fb
Author: Harald Jensås <email address hidden>
Date: Wed May 29 09:34:52 2019 +0200

    Fix custom network.name_lower in krb-service-principals

    The lowercase network names was hardcoded to 'external',
    'internal_api' and 'storage_mgmt'. Use jinja to get the
    network.name_lower value from network_data.yaml instead
    so that users can customize the lowercase network name.

    Closes-Bug: #1830852
    Change-Id: Ie9bd482782ff770d90dfc38a585237812ed81c06

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (stable/stein)

Fix proposed to branch: stable/stein
Review: https://review.opendev.org/662041

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.opendev.org/662048

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.opendev.org/662049

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to tripleo-heat-templates (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/662060

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to tripleo-heat-templates (master)

Reviewed: https://review.opendev.org/662060
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=f708ab7a827cc0db211b4709447f77126087347e
Submitter: Zuul
Branch: master

commit f708ab7a827cc0db211b4709447f77126087347e
Author: Harald Jensås <email address hidden>
Date: Wed May 29 20:20:43 2019 +0200

    krb-service-principals support service_net_map_replace

    Handle service_net_map_replace in the jinja2 logic so that
    service_net_map_replace works for both default networks and
    custom networks.

    Enables a user either to change 'name_lower' of a network
    and overriding the ServiceNetMap accordingly, as well as
    user changeing 'name_lower' and use 'service_net_map_replace'
    so that the default ServiceNetMap can be used.

    Related-Bug: #1830852
    Change-Id: Iae4341e9e7c888da4dd8d0dedd5ad28b7e0e6c40

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/stein)

Reviewed: https://review.opendev.org/662041
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=c1865bafb18f213be19a0b2c7bfca6e8f8e27ca1
Submitter: Zuul
Branch: stable/stein

commit c1865bafb18f213be19a0b2c7bfca6e8f8e27ca1
Author: Harald Jensås <email address hidden>
Date: Wed May 29 09:34:52 2019 +0200

    Fix custom network.name_lower in krb-service-principals

    The lowercase network names was hardcoded to 'external',
    'internal_api' and 'storage_mgmt'. Use jinja to get the
    network.name_lower value from network_data.yaml instead
    so that users can customize the lowercase network name.

    Handle service_net_map_replace in the jinja2 logic so that
    service_net_map_replace works for both default networks and
    custom networks.

    Enables a user either to change 'name_lower' of a network
    and overriding the ServiceNetMap accordingly, as well as
    user changeing 'name_lower' and use 'service_net_map_replace'
    so that the default ServiceNetMap can be used.

    Closes-Bug: #1830852
    Change-Id: Ie9bd482782ff770d90dfc38a585237812ed81c06
    (cherry picked from commit c0fcf8674d5f7c5c0cec1179fa56ef4536d5c5fb)
    (cherry picked from commit f708ab7a827cc0db211b4709447f77126087347e)

tags: added: in-stable-stein
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/rocky)

Reviewed: https://review.opendev.org/662048
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=379d6ad7682f962ce9b21d760906f87ea1c45ae3
Submitter: Zuul
Branch: stable/rocky

commit 379d6ad7682f962ce9b21d760906f87ea1c45ae3
Author: Harald Jensås <email address hidden>
Date: Wed May 29 09:34:52 2019 +0200

    Fix custom network.name_lower in krb-service-principals

    The lowercase network names was hardcoded to 'external',
    'internal_api' and 'storage_mgmt'. Use jinja to get the
    network.name_lower value from network_data.yaml instead
    so that users can customize the lowercase network name.

    Handle service_net_map_replace in the jinja2 logic so that
    service_net_map_replace works for both default networks and
    custom networks.

    Enables a user either to change 'name_lower' of a network
    and overriding the ServiceNetMap accordingly, as well as
    user changeing 'name_lower' and use 'service_net_map_replace'
    so that the default ServiceNetMap can be used.

    Closes-Bug: #1830852
    Change-Id: Ie9bd482782ff770d90dfc38a585237812ed81c06
    (cherry picked from commit c0fcf8674d5f7c5c0cec1179fa56ef4536d5c5fb)
    (cherry picked from commit f708ab7a827cc0db211b4709447f77126087347e)

tags: added: in-stable-rocky
tags: added: in-stable-queens
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/queens)

Reviewed: https://review.opendev.org/662049
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=5e5f2d0f3f3d2f01b0482f306e6bc2d62f90d512
Submitter: Zuul
Branch: stable/queens

commit 5e5f2d0f3f3d2f01b0482f306e6bc2d62f90d512
Author: Harald Jensås <email address hidden>
Date: Wed May 29 09:34:52 2019 +0200

    Fix custom network.name_lower in krb-service-principals

    The lowercase network names was hardcoded to 'external',
    'internal_api' and 'storage_mgmt'. Use jinja to get the
    network.name_lower value from network_data.yaml instead
    so that users can customize the lowercase network name.

    Handle service_net_map_replace in the jinja2 logic so that
    service_net_map_replace works for both default networks and
    custom networks.

    Enables a user either to change 'name_lower' of a network
    and overriding the ServiceNetMap accordingly, as well as
    user changeing 'name_lower' and use 'service_net_map_replace'
    so that the default ServiceNetMap can be used.

    Closes-Bug: #1830852
    Change-Id: Ie9bd482782ff770d90dfc38a585237812ed81c06
    (cherry picked from commit c0fcf8674d5f7c5c0cec1179fa56ef4536d5c5fb)
    (cherry picked from commit f708ab7a827cc0db211b4709447f77126087347e)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 11.0.0

This issue was fixed in the openstack/tripleo-heat-templates 11.0.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 9.4.0

This issue was fixed in the openstack/tripleo-heat-templates 9.4.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 8.4.0

This issue was fixed in the openstack/tripleo-heat-templates 8.4.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 10.6.0

This issue was fixed in the openstack/tripleo-heat-templates 10.6.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.