yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #80448
[Bug 1708505] Re: create encrypted volume fails
Reviewed: https://review.opendev.org/689871
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=85a1dddf126691921924edcecaee5c054c7df6c2
Submitter: Zuul
Branch: master
commit 85a1dddf126691921924edcecaee5c054c7df6c2
Author: Keith Berger <kberger@xxxxxxxx>
Date: Mon Oct 21 16:20:51 2019 -0400
Fix aes-xts key length in Horizon Admin Guide / Manage Volumes
When using aes-xts-plain64, a 512 bit key produces an error as this
is not a supported barbican key length for aes-xts-plain64. This patch
updates the horzion admin doc to remove the reference of a 512 bit key.
Change-Id: Ie36e05a1e59eb88b779c9f3249a714c20b5f5fe0
Closes-Bug: #1708505
Closes-Bug: #1849196
** Changed in: horizon
Status: New => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1708505
Title:
create encrypted volume fails
Status in Cinder:
Opinion
Status in OpenStack Dashboard (Horizon):
Fix Released
Bug description:
stack with current devstack as of 8/3/2017 (Pike)
enable barbican in local.conf
[[local|localrc]]
enable_plugin barbican https://git.openstack.org/openstack/barbican
once devstack finishes and services are up you can see /etc/cinder/cinder.conf
...
[key_manager]
api_class = castellan.key_manager.barbican_key_manager.BarbicanKeyManager
from cmdln
master-vm vagrant master ~ devstack cinder list
cinder type+----+--------+------+------+-------------+----------+-------------+
| ID | Status | Name | Size | Volume Type | Bootable | Attached to |
+----+--------+------+------+-------------+----------+-------------+
+----+--------+------+------+-------------+----------+-------------+
- master-vm vagrant master ~ devstack cinder type-list
+--------------------------------------+------+-------------+-----------+
| ID | Name | Description | Is_Public |
+--------------------------------------+------+-------------+-----------+
| 0be4eb35-7835-4a3b-89f8-fc71e9c303a2 | lvm | - | True |
| ba936fd6-d01a-40f9-82fc-933b9bd9da75 | nfs | - | True |
+--------------------------------------+------+-------------+-----------+
master-vm vagrant master ~ devstack cinder type-create LUKS
+--------------------------------------+------+-------------+-----------+
| ID | Name | Description | Is_Public |
+--------------------------------------+------+-------------+-----------+
| d1e9a6bc-c2bf-4d57-b1c7-0b6440833606 | LUKS | - | True |
+--------------------------------------+------+-------------+-----------+
master-vm vagrant master ~ devstack cinder type-key LUKS set volume_backend_name=lvm
master-vm vagrant master ~ devstack cinder encryption-type-create --cipher aes-xts-plain64 --key_size 512 \
--control_location front-end LUKS nova.volume.encryptors.luks.LuksEncryptor
+--------------------------------------+-------------------------------------------+-----------------+----------+------------------+
| Volume Type ID | Provider | Cipher | Key Size | Control Location |
+--------------------------------------+-------------------------------------------+-----------------+----------+------------------+
| d1e9a6bc-c2bf-4d57-b1c7-0b6440833606 | nova.volume.encryptors.luks.LuksEncryptor | aes-xts-plain64 | 512 | front-end |
+--------------------------------------+-------------------------------------------+-----------------+----------+------------------+
master-vm vagrant master ~ devstack
master-vm vagrant master ~ devstack cinder create --volume-type LUKS --name test 1
ERROR: Key manager error (HTTP 400) (Request-ID: req-b49e8300-5076-4c62-9831-9dbfec61e2ee)
cinder-api.log
Aug 03 17:56:47 master-vm devstack@c-api.service[13448]: ERROR castellan.key_manager.barbican_key_manager [None req-b49e8300-5076-4c62-9831-9dbfec61e2ee admin admin] Order is in ERROR status - status code: 500, status reason: Process TypeOrder failure seen - please contact site administrator.
Aug 03 17:56:47 master-vm devstack@c-api.service[13448]: ERROR cinder.volume.flows.api.create_volume [None req-b49e8300-5076-4c62-9831-9dbfec61e2ee admin admin] Key manager error: KeyManagerError: Key manager error: Order is in ERROR status - status code: 500, status reason: Process TypeOrder failure seen - please contact site administrator.
Aug 03 17:56:47 master-vm devstack@c-api.service[13448]: ERROR cinder.volume.flows.api.create_volume Traceback (most recent call last):
Aug 03 17:56:47 master-vm devstack@c-api.service[13448]: ERROR cinder.volume.flows.api.create_volume File "/opt/stack/cinder/cinder/volume/flows/api/create_volume.py", line 400, in _get_encryption_key_id
Aug 03 17:56:47 master-vm devstack@c-api.service[13448]: ERROR cinder.volume.flows.api.create_volume length=length)
Aug 03 17:56:47 master-vm devstack@c-api.service[13448]: ERROR cinder.volume.flows.api.create_volume File "/usr/local/lib/python2.7/dist-packages/castellan/key_manager/barbican_key_manager.py", line 229, in create_key
Aug 03 17:56:47 master-vm devstack@c-api.service[13448]: ERROR cinder.volume.flows.api.create_volume order = self._get_active_order(barbican_client, order_ref)
Aug 03 17:56:47 master-vm devstack@c-api.service[13448]: ERROR cinder.volume.flows.api.create_volume File "/usr/local/lib/python2.7/dist-packages/castellan/key_manager/barbican_key_manager.py", line 388, in _get_active_order
Aug 03 17:56:47 master-vm devstack@c-api.service[13448]: ERROR cinder.volume.flows.api.create_volume raise exception.KeyManagerError(reason=msg)
Aug 03 17:56:47 master-vm devstack@c-api.service[13448]: ERROR cinder.volume.flows.api.create_volume KeyManagerError: Key manager error: Order is in ERROR status - status code: 500, status reason: Process TypeOrder failure seen - please contact site administrator.
Aug 03 17:56:47 master-vm devstack@c-api.service[13448]: ERROR cinder.volume.flows.api.create_volume
To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1708505/+subscriptions
