Fuel for OpenStack

Murano has hardcoded keystone user 'admin'

Bug #1261457 reported by Dmitry Ilyin on 2013-12-16

6

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Fuel for OpenStack	Fix Released	Critical	Dmitry Teselkin	Fuel for OpenStack 4.0

Bug Description

Murano uses 'admin' as their user to access keystone.
If this user changes password Murano will stop to function because they will not be able to authorize.

We should create personal users with random passwords for both services and give these uses sufficent access.

See original description

Tags:

Vladimir Kuklin (vkuklin) on 2013-12-16

Changed in fuel:
assignee:	nobody → Timur Nurlygayanov (tnurlygayanov)
importance:	Low → High
milestone:	4.1 → 4.0
summary:	- Murano and Savanna have hardcoded keystone user 'admin' + Murano has hardcoded keystone user 'admin'
description:	updated

Timur Nurlygayanov (tnurlygayanov) on 2013-12-16

tags:

added: murano

Vladimir Kuklin (vkuklin) on 2013-12-16

Changed in fuel:
importance:	High → Critical

Timur Nurlygayanov (tnurlygayanov) on 2013-12-16

Changed in fuel:
assignee:	Timur Nurlygayanov (tnurlygayanov) → nobody
assignee:	nobody → Dmitry Teselkin (teselkin-d)

Timur Nurlygayanov (tnurlygayanov) on 2013-12-17

Changed in fuel:
status:	New → In Progress

Revision history for this message

Igor Marnat (imarnat) wrote on 2013-12-17:

#1

This bug doesn't block QA process/release process. I'd decrease importance from Critical to High.

Revision history for this message

Dmitry Ilyin (idv1985) wrote on 2013-12-17:

#2

This should be done in Puppet manifests and Heat can be used as example. It creates its own user 'heat' and uses it for keystone access.

Changed in fuel:
assignee:	Dmitry Teselkin (teselkin-d) → Dmitry Ilyin (idv1985)

Revision history for this message

Dmitry Ilyin (idv1985) wrote on 2013-12-17:

#3

There are also plans to implement getting Murano's api and metadata URLs from Keystone endpoints.
Adding required records and creating special users could be done together.

Revision history for this message

Dmitry Ilyin (idv1985) wrote on 2013-12-17:

#4

There is also a lot of refactoring in Murano's Puppet module, some fuctions have been moved to package post-install scripts and we have added syslog support to Murano services.

Perhaps it would be better to postpone all these changes untill 4.1 release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-12-17: Fix proposed to fuel-library (master)

#5

Fix proposed to branch: master
Review: https://review.openstack.org/62704

Changed in fuel:
assignee:	Dmitry Ilyin (idv1985) → Dmitry Teselkin (teselkin-d)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-12-17: Fix merged to fuel-library (master)

#6

Reviewed: https://review.openstack.org/62704
Committed: https://git.openstack.org/cgit/stackforge/fuel-library/commit/?id=ebdf51405a73f982c9449806671fdab2e8d9f4c6
Submitter: Jenkins
Branch: master

commit ebdf51405a73f982c9449806671fdab2e8d9f4c6
Author: Dmitry Teselkin <email address hidden>
Date: Tue Dec 17 20:24:13 2013 +0400

Custom OpenStack credentials for murano servies.

Closes-bug: 1261457

Change-Id: I8218ead7c6280b4a5808ab3d33463f857038ea16

Changed in fuel:
status:	In Progress → Fix Committed

Dmitry Pyzhov (dpyzhov) on 2014-01-16

Changed in fuel:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.