Skip cryptsetup password quality checking

LUKS password quality checking is not useful since we only use long hex strings for passwords. Not skipping this means that we have to install cracklib-dicts for cryptsetup to work, which is unnecessary weight. Closes-Bug: #1861120 Change-Id: I1105c16caaf916e9101b6dca34a7f13936ce2240 (cherry picked from commit 7c3621311a)
2020-01-28 09:14:36 -05:00 · 2020-01-28 09:14:36 -05:00 · 32bb449730
parent 41c20b1585
commit 32bb449730
2 changed files with 3 additions and 0 deletions
--- a/cinder/tests/unit/volume/test_volume.py
+++ b/cinder/tests/unit/volume/test_volume.py
@ -1679,6 +1679,7 @@ class VolumeTestCase(base.BaseVolumeTestCase):
                mock_execute.assert_called_once_with(
                    'cryptsetup', 'luksChangeKey',
                    '/some/device/thing',
+                    '--force-password',
                    log_errors=processutils.LOG_ALL_ERRORS,
                    process_input='qwert\nasdfg\n',
                    run_as_root=True)
--- a/cinder/volume/flows/manager/create_volume.py
+++ b/cinder/volume/flows/manager/create_volume.py
@ -559,6 +559,7 @@ class CreateVolumeFromSpecTask(flow_utils.CinderTask):
                    'cryptsetup',
                    'luksChangeKey',
                    attach_info['device']['path'],
+                    '--force-password',
                    run_as_root=True,
                    process_input=key_str,
                    log_errors=processutils.LOG_ALL_ERRORS)
@ -583,6 +584,7 @@ class CreateVolumeFromSpecTask(flow_utils.CinderTask):
                    'cryptsetup',
                    '--batch-mode',
                    'luksFormat',
+                    '--force-password',
                    '--type', encryption['provider'],
                    '--cipher', encryption['cipher'],
                    '--key-size', str(encryption['key_size']),