Adds default value for fixed_key

Adds a default value for fixed_key, for use by a key manager
implementation that reads the key from the configuration settings.
This single, fixed key proffers no protection if the key is
compromised.  The current implementation of the key manager does
not work correctly if the key is not set, so including this option
is helpful for Tempest testing and volume encryption within
DevStack.

Implements: blueprint encrypt-cinder-volumes
Change-Id: Id83060afc862c793b79b5429355b213cb4c173fd
https://blueprints.launchpad.net/nova/+spec/encrypt-cinder-volumes
This commit is contained in:
Kaitlin Farr 2014-01-06 08:52:49 -05:00
parent 0150d7eb2a
commit def4c141f1

View File

@ -1098,6 +1098,15 @@ if is_service_enabled key && is_service_enabled swift3 && is_service_enabled nov
iniset $NOVA_CONF DEFAULT s3_affix_tenant "True" iniset $NOVA_CONF DEFAULT s3_affix_tenant "True"
fi fi
# Create a randomized default value for the keymgr's fixed_key
if is_service_enabled nova; then
FIXED_KEY=""
for i in $(seq 1 64);
do FIXED_KEY+=$(echo "obase=16; $(($RANDOM % 16))" | bc);
done;
iniset $NOVA_CONF keymgr fixed_key "$FIXED_KEY"
fi
if is_service_enabled zeromq; then if is_service_enabled zeromq; then
echo_summary "Starting zermomq receiver" echo_summary "Starting zermomq receiver"
screen_it zeromq "cd $NOVA_DIR && $NOVA_BIN_DIR/nova-rpc-zmq-receiver" screen_it zeromq "cd $NOVA_DIR && $NOVA_BIN_DIR/nova-rpc-zmq-receiver"