Description of problem: undercloud.conf.sample states: # Heat db encryption key(must be 8,16 or 32 characters. If left unset, # one will be automatically generated. (string value) #undercloud_heat_encryption_key = <None> If the key is set to an 8 character string, then "openstack undercloud install" fails with: ERROR: openstack ('%s failed. See log for details.', 'os-refresh-config') If you then run "sudo os-refresh-config", it fails with the following error: Error: 8 is not a correct size for auth_encryption_key parameter, it must be either 16, 24, 32 bytes long. at /etc/puppet/modules/heat/manifests/engine.pp:106 on node undercloud.local.dev The undercloud.sample.conf file needs to be updated to state that the undercloud_heat_encryption_key must be 16, 24, or 32 characters long. Version-Release number of selected component (if applicable): How reproducible: In undercloud.conf, set undercloud_heat_encryption_key to an 8 character string, then do an undercloud deployment. Steps to Reproduce: 1. Edit undercloud.conf and set undercloud_heat_encryption_key to an 8 character string 2. Run "openstack undercloud install" Actual results: Installation fails with: ERROR: openstack ('%s failed. See log for details.', 'os-refresh-config') Expected results: Comments in undercloud.conf.sample should state that the key must be 16, 24, or 32 bits. Additional info:
upstream bug @ https://bugs.launchpad.net/heat/+bug/1415887 heat fix https://review.openstack.org/#/c/168779/ puppet-heat fix https://review.openstack.org/#/c/178478/ so clearly Chris Dearborn isn't lying. Fixup for the comment in the sample.conf file is at https://review.gerrithub.io/#/c/242215/
Nope, not lying. Just too lazy to type 16 characters instead of 8. It's twice as much work! ;-)
*** Bug 1250926 has been marked as a duplicate of this bug. ***
[stack@instack ~]$ rpm -qa | grep instack-undercloud instack-undercloud-2.1.2-25.el7ost.noarch [stack@instack ~]$ grep -A2 'Heat db encryption key' undercloud.conf # Heat db encryption key(must be 16, 24, or 32 characters. If left # unset, one will be automatically generated. (string value) #undercloud_heat_encryption_key = <None>
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2015:1862