From da6de10f5dda20fc023a8215b13b873a068b6a37 Mon Sep 17 00:00:00 2001 From: Lee Yarwood Date: Mon, 22 Jan 2018 11:42:01 +0000 Subject: [PATCH] fixed_key: By default use a hardcoded fixed_key across devstack envs This change mimics how fixed_key would actually be deployed in a real world environment, with a single key shared across Nova and Cinder across all hosts. Change-Id: I50a48e2da57a1cc1ecd250150ea6e9c3745baaca --- stack.sh | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/stack.sh b/stack.sh index 32eb43f292..f72347557a 100755 --- a/stack.sh +++ b/stack.sh @@ -1241,16 +1241,17 @@ if is_service_enabled g-reg; then done fi -# Create a randomized default value for the key manager's fixed_key -# NOTE(lyarwood): This is currently set to 36 as a workaround to the following -# libvirt bug that incorrectly pads passphrases that are a multiple of 16 bytes -# in length. -# Unable to use LUKS passphrase that is exactly 16 bytes long -# https://bugzilla.redhat.com/show_bug.cgi?id=1447297 +# NOTE(lyarwood): By default use a single hardcoded fixed_key across devstack +# deployments. This ensures the keys match across nova and cinder across all +# hosts. +FIXED_KEY=${FIXED_KEY:-bae3516cc1c0eb18b05440eba8012a4a880a2ee04d584a9c1579445e675b12defdc716ec} if is_service_enabled nova; then - key=$(generate_hex_string 36) - iniset $NOVA_CONF key_manager fixed_key "$key" - iniset $NOVA_CPU_CONF key_manager fixed_key "$key" + iniset $NOVA_CONF key_manager fixed_key "$FIXED_KEY" + iniset $NOVA_CPU_CONF key_manager fixed_key "$FIXED_KEY" +fi + +if is_service_enabled cinder; then + iniset $CINDER_CONF key_manager fixed_key "$FIXED_KEY" fi # Launch the nova-api and wait for it to answer before continuing