Bug 1489514

Summary: Migrate encryption keys from conf key mgr to Barbican
Product: Red Hat OpenStack Reporter: Eric Harney <eharney>
Component: openstack-cinderAssignee: Alan Bishop <abishop>
Status: CLOSED ERRATA QA Contact: Avi Avraham <aavraham>
Severity: high Docs Contact:
Priority: high    
Version: 13.0 (Queens)CC: abishop, jschluet, pgrist, srevivo
Target Milestone: Upstream M2Keywords: Triaged
Target Release: 13.0 (Queens)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-cinder-12.0.0-0.20180227162609.7d27804.el7ost python-castellan-0.17.0-0.20180211160720.8e2929b.el7ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-06-27 13:36:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1412823    

Description Eric Harney 2017-09-07 15:16:24 UTC 
Cinder needs to migrate conf key manager keys to Barbican, to handle deployments using volume encryption with conf key manager.
Comment 5 Alan Bishop 2017-12-15 07:59:44 UTC 
Patches upstream have been merged.
Comment 6 Eric Harney 2017-12-18 22:25:26 UTC 
Need to ensure that the Cinder RPM depends on Castellan >= 0.16.0 for this change.
Comment 7 Alan Bishop 2017-12-19 00:18:20 UTC 
(In reply to Eric Harney from comment #6)
> Need to ensure that the Cinder RPM depends on Castellan >= 0.16.0 for this
> change.

Added reference to OpenStack gerrit that addresses this [1].

[1] https://review.openstack.org/528833
Comment 9 Avi Avraham 2018-05-03 11:49:35 UTC 
Verified manually 
RPM package version: 
#docker exec -ti openstack-cinder-volume-docker-0 bash -c "rpm -q openstack-cinder" 
openstack-cinder-12.0.1-0.20180418194613.c476898.el7ost.noarch

The following tests been preformed 

single volume migration
multiple volumes migration 
backups migration
Comment 11 errata-xmlrpc 2018-06-27 13:36:15 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:2086