From def4c141f1d917705ac1dbdbfe7525f47382dada Mon Sep 17 00:00:00 2001
From: Kaitlin Farr <kaitlin.farr@jhuapl.edu>
Date: Mon, 6 Jan 2014 08:52:49 -0500
Subject: [PATCH] Adds default value for fixed_key

Adds a default value for fixed_key, for use by a key manager
implementation that reads the key from the configuration settings.
This single, fixed key proffers no protection if the key is
compromised.  The current implementation of the key manager does
not work correctly if the key is not set, so including this option
is helpful for Tempest testing and volume encryption within
DevStack.

Implements: blueprint encrypt-cinder-volumes
Change-Id: Id83060afc862c793b79b5429355b213cb4c173fd
https://blueprints.launchpad.net/nova/+spec/encrypt-cinder-volumes
---
 stack.sh | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/stack.sh b/stack.sh
index 2438f9fffc..558f71a3a4 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1098,6 +1098,15 @@ if is_service_enabled key && is_service_enabled swift3 && is_service_enabled nov
     iniset $NOVA_CONF DEFAULT s3_affix_tenant "True"
 fi
 
+# Create a randomized default value for the keymgr's fixed_key
+if is_service_enabled nova; then
+    FIXED_KEY=""
+    for i in $(seq 1 64);
+        do FIXED_KEY+=$(echo "obase=16; $(($RANDOM % 16))" | bc);
+    done;
+    iniset $NOVA_CONF keymgr fixed_key "$FIXED_KEY"
+fi
+
 if is_service_enabled zeromq; then
     echo_summary "Starting zermomq receiver"
     screen_it zeromq "cd $NOVA_DIR && $NOVA_BIN_DIR/nova-rpc-zmq-receiver"