** Changed in: tripleo
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1619758
Title:
Credential Encryption breaks deployments without Fernet
Status in OpenStack Identity (keystone):
Fix Released
Status in tripleo:
Fix Released
Bug description:
A recent change to encrypt credetials broke RDO/Tripleo deployments:
2016-09-02 17:16:55.074 17619 ERROR keystone.common.fernet_utils
[req-31d60075-7e0e-401e-a93f-58297cd5439b f2caffbaf10d4e3da294c6366fe19a36
fd71b607cfa84539bf0440915ea2d94b - default default] Either [fernet_tokens]
key_repository does not exist or Keystone does not have sufficient permission
to access it: /etc/keystone/credential-keys/
2016-09-02 17:16:55.074 17619 ERROR keystone.common.wsgi
[req-31d60075-7e0e-401e-a93f-58297cd5439b f2caffbaf10d4e3da294c6366fe19a36
fd71b607cfa84539bf0440915ea2d94b - default default] MultiFernet requires at
least one Fernet instance
2016-09-02 17:16:55.074 17619 ERROR keystone.common.wsgi Traceback (most
recent call last):
2016-09-02 17:16:55.074 17619 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 225, in
__call__
2016-09-02 17:16:55.074 17619 ERROR keystone.common.wsgi result =
method(req, **params)
2016-09-02 17:16:55.074 17619 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 164, in
inner
2016-09-02 17:16:55.074 17619 ERROR keystone.common.wsgi return f(self,
request, *args, **kwargs)
2016-09-02 17:16:55.074 17619 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/site-packages/keystone/credential/controllers.py", line 69,
in create_credential
2016-09-02 17:16:55.074 17619 ERROR keystone.common.wsgi ref =
self.credential_api.create_credential(ref['id'], ref)
2016-09-02 17:16:55.074 17619 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/site-packages/keystone/common/manager.py", line 124, in
wrapped
2016-09-02 17:16:55.074 17619 ERROR keystone.common.wsgi __ret_val =
__f(*args, **kwargs)
2016-09-02 17:16:55.074 17619 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/site-packages/keystone/credential/core.py", line 106, in
create_credential
2016-09-02 17:16:55.074 17619 ERROR keystone.common.wsgi credential_copy
= self._encrypt_credential(credential)
2016-09-02 17:16:55.074 17619 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/site-packages/keystone/credential/core.py", line 72, in
_encrypt_credential
2016-09-02 17:16:55.074 17619 ERROR keystone.common.wsgi
json.dumps(credential['blob'])
2016-09-02 17:16:55.074 17619 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/site-packages/keystone/credential/providers/fernet/core.py",
line 68, in encrypt
2016-09-02 17:16:55.074 17619 ERROR keystone.common.wsgi crypto, keys =
get_multi_fernet_keys()
2016-09-02 17:16:55.074 17619 ERROR keystone.common.wsgi File
"/usr/lib/python2.7/site-packages/keystone/credential/providers/fernet/core.py",
line 49, in get_multi_fernet_keys
2016-09-02 17:16:55.074 17619 ERROR keystone.common.wsgi crypto =
fernet.MultiFernet(fernet_keys)
2016-09-02 17:16:55.074 17619 ERROR keystone.common.wsgi File
"/usr/lib64/python2.7/site-packages/cryptography/fernet.py", line 128, in
__init__
2016-09-02 17:16:55.074 17619 ERROR keystone.common.wsgi "MultiFernet
requires at least one Fernet instance"
2016-09-02 17:16:55.074 17619 ERROR keystone.common.wsgi ValueError:
MultiFernet requires at least one Fernet instance
2016-09-02 17:16:55.074 17619 ERROR keystone.common.wsgi
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1619758/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
