Browse code
fixed_key: By default use a hardcoded fixed_key across devstack envs
This change mimics how fixed_key would actually be deployed in a real
world environment, with a single key shared across Nova and Cinder
across all hosts.
Change-Id: I50a48e2da57a1cc1ecd250150ea6e9c3745baaca
Lee Yarwood authored on 2018/01/22 20:42:01Showing 1 changed files
| ... | ... |
@@ -1241,16 +1241,17 @@ if is_service_enabled g-reg; then |
| 1241 | 1241 |
done |
| 1242 | 1242 |
fi |
| 1243 | 1243 |
|
| 1244 |
-# Create a randomized default value for the key manager's fixed_key |
|
| 1245 |
-# NOTE(lyarwood): This is currently set to 36 as a workaround to the following |
|
| 1246 |
-# libvirt bug that incorrectly pads passphrases that are a multiple of 16 bytes |
|
| 1247 |
-# in length. |
|
| 1248 |
-# Unable to use LUKS passphrase that is exactly 16 bytes long |
|
| 1249 |
-# https://bugzilla.redhat.com/show_bug.cgi?id=1447297 |
|
| 1244 |
+# NOTE(lyarwood): By default use a single hardcoded fixed_key across devstack |
|
| 1245 |
+# deployments. This ensures the keys match across nova and cinder across all |
|
| 1246 |
+# hosts. |
|
| 1247 |
+FIXED_KEY=${FIXED_KEY:-bae3516cc1c0eb18b05440eba8012a4a880a2ee04d584a9c1579445e675b12defdc716ec}
|
|
| 1250 | 1248 |
if is_service_enabled nova; then |
| 1251 |
- key=$(generate_hex_string 36) |
|
| 1252 |
- iniset $NOVA_CONF key_manager fixed_key "$key" |
|
| 1253 |
- iniset $NOVA_CPU_CONF key_manager fixed_key "$key" |
|
| 1249 |
+ iniset $NOVA_CONF key_manager fixed_key "$FIXED_KEY" |
|
| 1250 |
+ iniset $NOVA_CPU_CONF key_manager fixed_key "$FIXED_KEY" |
|
| 1251 |
+fi |
|
| 1252 |
+ |
|
| 1253 |
+if is_service_enabled cinder; then |
|
| 1254 |
+ iniset $CINDER_CONF key_manager fixed_key "$FIXED_KEY" |
|
| 1254 | 1255 |
fi |
| 1255 | 1256 |
|
| 1256 | 1257 |
# Launch the nova-api and wait for it to answer before continuing |