Browse code
Merge "fixed_key: By default use a hardcoded fixed_key across devstack envs"
Zuul authored on 2018/03/09 17:37:35Showing 1 changed files
| ... | ... |
@@ -1259,16 +1259,17 @@ if is_service_enabled g-reg; then |
| 1259 | 1259 |
done |
| 1260 | 1260 |
fi |
| 1261 | 1261 |
|
| 1262 |
-# Create a randomized default value for the key manager's fixed_key |
|
| 1263 |
-# NOTE(lyarwood): This is currently set to 36 as a workaround to the following |
|
| 1264 |
-# libvirt bug that incorrectly pads passphrases that are a multiple of 16 bytes |
|
| 1265 |
-# in length. |
|
| 1266 |
-# Unable to use LUKS passphrase that is exactly 16 bytes long |
|
| 1267 |
-# https://bugzilla.redhat.com/show_bug.cgi?id=1447297 |
|
| 1262 |
+# NOTE(lyarwood): By default use a single hardcoded fixed_key across devstack |
|
| 1263 |
+# deployments. This ensures the keys match across nova and cinder across all |
|
| 1264 |
+# hosts. |
|
| 1265 |
+FIXED_KEY=${FIXED_KEY:-bae3516cc1c0eb18b05440eba8012a4a880a2ee04d584a9c1579445e675b12defdc716ec}
|
|
| 1268 | 1266 |
if is_service_enabled nova; then |
| 1269 |
- key=$(generate_hex_string 36) |
|
| 1270 |
- iniset $NOVA_CONF key_manager fixed_key "$key" |
|
| 1271 |
- iniset $NOVA_CPU_CONF key_manager fixed_key "$key" |
|
| 1267 |
+ iniset $NOVA_CONF key_manager fixed_key "$FIXED_KEY" |
|
| 1268 |
+ iniset $NOVA_CPU_CONF key_manager fixed_key "$FIXED_KEY" |
|
| 1269 |
+fi |
|
| 1270 |
+ |
|
| 1271 |
+if is_service_enabled cinder; then |
|
| 1272 |
+ iniset $CINDER_CONF key_manager fixed_key "$FIXED_KEY" |
|
| 1272 | 1273 |
fi |
| 1273 | 1274 |
|
| 1274 | 1275 |
# Launch the nova-api and wait for it to answer before continuing |