Proposed fix appears to have the desired effect.
** Changed in: vaultlocker
Status: In Progress => Fix Committed
** Description changed:
+ [Impact]
+ decrypt of vaultlocker encrypted block devices blocks the
network-online.target; this means that if vault is hosted on the same hardware
which is using vaultlocker for encryption at rest, the server will fail to boot
fully in the event that all servers are rebooted at the same time.
+
+ [Test Case]
+ Deploy ceph+vaultlocker+vault
+ Power cycle all servers
+ Servers never get to multiuser.target as vaultlocker-decrypt services block
network-online.target so LXD containers never get started.
+
+ [Regression Potential]
+ The proposed fix drops the Before=network-online.target stanza from the
vaultlocker-decrypt systemd unit so minimal impact.
+
+ [Original bug report]
If ceph is using vault secrets to encrypt its volumes and vault is not
available, booting is not possible without manual intervention, as the
ceph-volume and vaultlocker-decrypt services will hang forever.
In case of a full cloud outage, bootstrapping the mysql and vault nodes will
require quite a bit of manual intervention, as all required nodes will have to
be booted in single user mode to bypass the volume decryption services.
Decryption of the ceph volumes should instead timeout, and allow the
rest of the machine to complete the boot sequence.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1818680
Title:
booting should succeed even if vault is unavailable
To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-ceph-osd/+bug/1818680/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
