Fuel for OpenStack

Root password for masternode set in Fuelmenu is not applied as root password for other nodes (which deployed from Fuel masternode)

Bug #1537496 reported by Ilya Popov on 2016-01-24

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Fuel for OpenStack	Fix Released	High	Nikita Zubkov	Fuel for OpenStack 9.0
	8.0.x	Won't Fix	High	Fuel Python (Deprecated)	Fuel for OpenStack 8.0

Bug Description

MOS 7.0

How it works now:

When password is set In fuelmenu in "Root pasword" menu item - it affects only root password for masternode. All other nodes, deployed from fuel masternode, have default root pasword

How it should work:

All nodes, deployed from fuel masternode should have new password, which was set in n fuelmenu in "Root pasword" menu item. Default password shouldn't been used.

Tags:

Revision history for this message

Ilya Popov (ilya-p) wrote on 2016-01-24:

Documentation tells the same:

Root password

Here you may set new root password for your master node. This password serves as the default root password for all future OpenStack nodes.

https://docs.mirantis.com/openstack/fuel/fuel-7.0/user-guide.html#changing-pxe-network-parameters-during-installation

Ivan Ponomarev (ivanzipfer) on 2016-01-25

Changed in fuel:
importance:	Undecided → High
status:	New → Confirmed

Revision history for this message

Ivan Ponomarev (ivanzipfer) wrote on 2016-01-25:

Could you please provide step to reproduce( configuration, of your cluster)

Changed in fuel:
assignee:	nobody → Fuel Python Team (fuel-python)
tags:	added: area-python
Changed in fuel:
status:	Confirmed → Incomplete

slava valyavskiy (slava-val-al) on 2016-01-25

tags:	added: feature
Changed in fuel:
milestone:	none → 9.0
tags:	added: tricky

Revision history for this message

Ilya Popov (ilya-p) wrote on 2016-01-25:

Hello !

I have 1 masternode with Fuel and 3 ordinary nodes created on VM (qemu/kvm)

1. I installed masternode from iso MOS 7.0 image and set root password in fuel menu
2. I deployed cloud on 3 nodes (one conntroller, one storage and one compute) using Fuel web UI from masternode
3. I opened console on masternode and was able to login to shell using only root pasword I set on step 1 - it is correct.
4. I opened console on compute node and was able to login to shell using only DEFAULT root pasword r00tme - it is incorrect

Revision history for this message

slava valyavskiy (slava-val-al) wrote on 2016-01-25:

yep, Ilya is right. It looks like our tech debt to me. Implementation will require changes in fuel-web & fuel-library components, so, I would propose to fix this issue in documentation for 8.0 release, but, of course, It should be fixed in 9.0 release.

tags:	added: release-notes
Changed in fuel:
status:	Incomplete → Confirmed

Revision history for this message

Michele Fagan (michelefagan) wrote on 2016-01-25:

*tags*: added: area-docs

tags:

added: area-docs

Nikita Zubkov (zubchick) on 2016-02-03

Changed in fuel:
assignee:	Fuel Python Team (fuel-python) → Nikita Zubkov (zubchick)

Nikita Zubkov (zubchick) on 2016-02-05

Changed in fuel:
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-02-05: Fix proposed to fuel-menu (master)

Fix proposed to branch: master
Review: https://review.openstack.org/276700

Revision history for this message

Matthew Mosesohn (raytrac3r) wrote on 2016-02-05:

I don't think we should write a plain password to files. It's really a serious risk. If anything, we should save a hashed version of it.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-02-08: Fix proposed to fuel-agent (master)

Fix proposed to branch: master
Review: https://review.openstack.org/277353

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-02-15: Fix merged to fuel-menu (master)

Reviewed: https://review.openstack.org/276700
Committed: https://git.openstack.org/cgit/openstack/fuel-menu/commit/?id=a179d0e03eac35ea1ece158b457e96c6a7ac5d63
Submitter: Jenkins
Branch: master

commit a179d0e03eac35ea1ece158b457e96c6a7ac5d63
Author: Nikita Zubkov <email address hidden>
Date: Fri Feb 5 14:43:44 2016 +0300

Save root password to settings file

    This patch fixes save method of rootpw module to make possible to change
    root password not only on master node but on slaves. Save method puts
    hashed version of root password into the BOOTSTRAP section of the
    settings file.

Change-Id: I2092bfca78fb721a8df3c8c6e4e6fd18e64ba353
Partial-Bug: #1537496

Olga Gusarenko (ogusarenko) on 2016-02-25

tags:

added: 8.0 release-notes-done
removed: release-notes

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-03-22: Fix merged to fuel-agent (master)

#10

Reviewed: https://review.openstack.org/277353
Committed: https://git.openstack.org/cgit/openstack/fuel-agent/commit/?id=dcdd64a95245cdde57f1bd1e0a83720e6bf1f56a
Submitter: Jenkins
Branch: master

commit dcdd64a95245cdde57f1bd1e0a83720e6bf1f56a
Author: Nikita Zubkov <email address hidden>
Date: Mon Feb 8 14:47:06 2016 +0300

Get root password for build image from settings

Image building process reads from settings hashed version of root
password and apply it instead of default.

    Change-Id: Ibb614ddd1973c8fae25dae8217d207ffc92f1b15
    Partial-Bug: #1537496
    Depends-On: I2092bfca78fb721a8df3c8c6e4e6fd18e64ba353

Nikita Zubkov (zubchick) on 2016-03-29

Changed in fuel:
status:	In Progress → Fix Committed

Michele Fagan (michelefagan) on 2016-05-12

Changed in fuel:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.