b648edfe40
Image changes: * base image ubuntu:18.04 * MAAS version 2.8.6-8602-g.07cdffcaa-0ubuntu1~18.04.1 from ppa/2.8 * default contents of /var/lib/maas are archived in /opt/maas * updated patches: - 2.3_bios_grub_partition.patch, changed in maas [0] - 2.3_partitiontable_does_not_exist.patch, changed in maas [1] [2] - 2.3_secure_headers.patch, updated for twisted 17.9.0 [3] * removed patches: - 2.3_bios_grub_preseed.patch, changed in maas, now N/A [0] - 2.3_hostheader.patch, fixed in maas [4] - 2.3_maas_enlist.patch, fixed in maas [5] - 2.3_mac_address.patch, fixed in maas [6] * new patches: - 2.8_maas_ipmi_autodetect_tool.patch, enlistment reliability * reformatted patches due to blackening change [1]: - 2.3_configure_ipmi_user.patch - 2.3_ipmi_error.patch - 2.3_kernel_package.patch, custom req to specify kernel package - 2.3_nic_filter.patch, custom req to ignore cali* interfaces - 2.3_region_secret_rotate.patch - 2.3_route.patch Chart changes: * maas-region podport is 5240 * maas config option http_boot is no longer configurable [7] * start script restores some default files into /var/lib/maas * register-rack-controller script removes old files in /etc/maas * enlist userdata now matches commissioning/curtin userdata [8] * force_gpt option is removed [9], as GPT is now the default * update to configure remote_syslog in import resources job [10] * enlist_commissioning is disabled for backwards compatibility [11] 0:d8e234eb091:db30bb39fa2:665feb75753: https://github.com/twisted/twisted/blob/twisted-17.9.0/src/twisted/web/server.py 4:573da697295:d390a1da6a6:34631c2fe57:0e94c26a538:22641cffcc9:97c25a048610:d67c359c7b11:51b9712c20Change-Id: I0685d76cf083ff5aa33c8db552059721289d5c53
22 lines
910 B
Diff
22 lines
910 B
Diff
diff --git a/src/maasserver/security.py b/src/maasserver/security.py
|
|
index f92529265..542970009 100644
|
|
--- a/src/maasserver/security.py
|
|
+++ b/src/maasserver/security.py
|
|
@@ -97,11 +97,11 @@ def get_shared_secret_txn():
|
|
elif secret_in_db == secret_on_fs:
|
|
secret = secret_in_db # or secret_on_fs.
|
|
else:
|
|
- raise AssertionError(
|
|
- "The secret stored in the database does not match the secret "
|
|
- "stored on the filesystem at %s. Please investigate."
|
|
- % get_shared_secret_filesystem_path()
|
|
- )
|
|
+ # (nk613n): When we rotate secrets we only update the filesystem
|
|
+ # so if the secrets don't match we will default to the FS
|
|
+ # secret and set it in the database (set_config function)
|
|
+ secret = secret_on_fs
|
|
+ Config.objects.set_config("rpc_shared_secret", to_hex(secret))
|
|
|
|
return secret
|
|
|