Bug 1236707 - undercloud.conf.sample incorrectly states that heat db encryption key can be 8,16, or 32 chars
Summary: undercloud.conf.sample incorrectly states that heat db encryption key can be ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: instack-undercloud
Version: Director
Hardware: Unspecified
OS: Linux
high
medium
Target Milestone: y1
: 7.0 (Kilo)
Assignee: James Slagle
QA Contact: Marius Cornea
URL:
Whiteboard:
: 1250926 (view as bug list)
Depends On:
Blocks: 1238779
TreeView+ depends on / blocked
 
Reported: 2015-06-29 18:48 UTC by Chris Dearborn
Modified: 2015-10-08 12:10 UTC (History)
19 users (show)

Fixed In Version: instack-undercloud-2.1.2-24.el7ost
Doc Type: Bug Fix
Doc Text:
undercloud_heat_encryption_key was incorrectly documented in undercloud.conf.sample as accepting values of size 8, 16, or 32 characters. Only values of size 16, 24, or 32 characters are actually accepted. If a value that had the non-accepted size was used, the Undercloud configuration script would fail with an error similar to: Error: 8 is not a correct size for auth_encryption_key parameter, it must be either 16, 24, 32 bytes long. at /etc/puppet/modules/heat/manifests/engine.pp:106 on node undercloud.local.dev This fix updates the undercloud.conf.sample with the correct documentation to indicate the accepted sizes of this parameter.
Clone Of:
Environment:
Last Closed: 2015-10-08 12:10:18 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Gerrithub.io 242215 0 None None None Never
Red Hat Product Errata RHSA-2015:1862 0 normal SHIPPED_LIVE Moderate: Red Hat Enterprise Linux OpenStack Platform 7 director update 2015-10-08 16:05:50 UTC

Description Chris Dearborn 2015-06-29 18:48:30 UTC 
Description of problem:
undercloud.conf.sample states:

# Heat db encryption key(must be 8,16 or 32 characters. If left unset,
# one will be automatically generated. (string value)
#undercloud_heat_encryption_key = <None>

If the key is set to an 8 character string, then "openstack undercloud install" fails with:
ERROR: openstack ('%s failed. See log for details.', 'os-refresh-config')

If you then run "sudo os-refresh-config", it fails with the following error:
Error: 8 is not a correct size for auth_encryption_key parameter, it must be either 16, 24, 32 bytes long. at /etc/puppet/modules/heat/manifests/engine.pp:106 on node undercloud.local.dev

The undercloud.sample.conf file needs to be updated to state that the undercloud_heat_encryption_key must be 16, 24, or 32 characters long.


Version-Release number of selected component (if applicable):


How reproducible:
In undercloud.conf, set undercloud_heat_encryption_key to an 8 character string, then do an undercloud deployment.

Steps to Reproduce:
1. Edit undercloud.conf and set undercloud_heat_encryption_key to an 8 character string
2. Run "openstack undercloud install"

Actual results:
Installation fails with:
ERROR: openstack ('%s failed. See log for details.', 'os-refresh-config')

Expected results:
Comments in undercloud.conf.sample should state that the key must be 16, 24, or 32 bits.

Additional info:
Comment 6 Marios Andreou 2015-08-05 08:13:03 UTC 
upstream bug @ https://bugs.launchpad.net/heat/+bug/1415887
heat fix https://review.openstack.org/#/c/168779/
puppet-heat fix https://review.openstack.org/#/c/178478/

so clearly Chris Dearborn isn't lying. Fixup for the comment in the sample.conf file is at https://review.gerrithub.io/#/c/242215/
Comment 7 Chris Dearborn 2015-08-05 13:04:40 UTC 
Nope, not lying.  Just too lazy to type 16 characters instead of 8.  It's twice as much work!  ;-)
Comment 8 Dariusz Smigiel 2015-08-06 10:49:10 UTC 
*** Bug 1250926 has been marked as a duplicate of this bug. ***
Comment 10 Marius Cornea 2015-09-14 17:21:47 UTC 
[stack@instack ~]$ rpm -qa | grep  instack-undercloud
instack-undercloud-2.1.2-25.el7ost.noarch
[stack@instack ~]$ grep -A2 'Heat db encryption key' undercloud.conf 
# Heat db encryption key(must be 16, 24, or 32 characters. If left
# unset, one will be automatically generated. (string value)
#undercloud_heat_encryption_key = <None>
Comment 12 errata-xmlrpc 2015-10-08 12:10:18 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2015:1862
Note You need to log in before you can comment on or make changes to this bug.