Juniper Openstack

3.1 Contrail analytics utilities (contrail-stats, contrail-logs, contrail-flows) should take the username password from a user specified config file.

Bug #1658821 reported by vivekananda shenoy
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R3.1
Fix Committed
Medium
Zhiqiang Cui
Juniper Openstack r3.1.3.0
R3.2
Fix Committed
Medium
Zhiqiang Cui
Juniper Openstack r3.2.1.0
Trunk
Fix Committed
Medium
Zhiqiang Cui
Juniper Openstack r4.0.0.0-fcs "r4.0.0.0"

Bug Description

Hi Megh,

As discussed last Friday.

Regards,
Vivek

Tags: analytics nttc
Raj Reddy (rajreddy)
Changed in juniperopenstack:
assignee: Megh Bhatt (meghb) → Zhiqiang Cui (zcui)
importance: Undecided → Medium
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.1

Review in progress for https://review.opencontrail.org/28647
Submitter: Zhiqiang Cui (<email address hidden>)

Revision history for this message
Takeshi Matsuda (matsuda-2357) wrote :

Is there any reason why you don't set default conf file?
Is /etc/contrail/contrail-keystone-auth.conf bad?

Revision history for this message
Zhiqiang Cui (zcui) wrote :

Hi~ Takeshi:

From discuss, our customer want set conf file by themselves, if not set, we use default admin/admin-password or according to user's --admin/--admin-password.

If we set default to /etc/contrail/contrail-keystone-auth.conf. We will not identify user's aim when they input --admin/--admin-password since we think input conf-file is high priority than others.

Revision history for this message
Zhiqiang Cui (zcui) wrote :

Hi~ Takeshi:

More explanation, we permit user input --admin/--admin-password/--conf-file at same time. To this scenario, we think --conf-file as highest priority. If we set --conf-file default to /etc/contrail/contrail-keystone-auth.conf, we code flow, can't identify this conf-file is input by user or default path. That means user input --admin-password only, we will read default conf-file too. That means a new bug is imported ---- --admin-password does not work.

Hope this explanation can be clear.

Thank you very very much.
Zhiqiang.

Revision history for this message
Takeshi Matsuda (matsuda-2357) wrote :

Hi Zhiqiang,

Thank you for your explanation.
What customer want are:
- to use these utilities as they use in R2.21.x (from the view point of convenience)
    -> Reading from /etc/contrail/contrail-keystone-auth.conf by default is customer's suggestion.
- not to exposure the credential on the terminal (from the view point of security)

I think that the default values of "--admin" and "--admin-password" (admin/contrail123) are worthless because no customer should use this credential.
So, how do you think about the following idea?

(1) giving the highest priority to --admin/--admin-password only when they are specified in the command line.
(2) if --admin/--admin-password are not specified and --conf-file is specified, read the file specified by --conf-file.
(3) if any of --admin/--admin-password/--conf-file are not specified, read the default conf file.
(4) if any options are not specified and the credential cannot be read from the default conf file, try without credential(authentication should fail).

Regards,
Takeshi Matsuda

Revision history for this message
Zhiqiang Cui (zcui) wrote :

Hi~ Takeshi:

Thanks a lot. I can try to do this.

Zhiqiang.

Revision history for this message
Zhiqiang Cui (zcui) wrote :

Hi~ Takeshi:

I have upload the latest version according to your requirement. Please check.
And I do not know why I can't add you to reviewer list.

Thanks a lot.

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Review in progress for https://review.opencontrail.org/28647
Submitter: Zhiqiang Cui (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.2

Review in progress for https://review.opencontrail.org/28919
Submitter: Zhiqiang Cui (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.1

Review in progress for https://review.opencontrail.org/28647
Submitter: Zhiqiang Cui (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/28647
Committed: http://github.org/Juniper/contrail-controller/commit/803d6f8b93caa5ef5db877cf601bde04e755ef3d
Submitter: Zuul (<email address hidden>)
Branch: R3.1

commit 803d6f8b93caa5ef5db877cf601bde04e755ef3d
Author: zcui <email address hidden>
Date: Thu Feb 9 10:10:59 2017 -0800

Requirement: add admin_user/admin_password conf file

Description:
Customer require a way to read admin/admin password from given path/file
--admin-user and --admin-password command is not secret since it would be displayed.The expected change to contrail-logs, contrail-stats, contrail-flow.
Solution:
Add a new command --admin-conf-file and follow these rules:
(1) giving the highest priority to --admin/--admin-password only when they are specified in the command line.
(2) if --admin/--admin-password are not specified and --conf-file is specified, read the file specified by --conf-file.
(3) if any of --admin/--admin-password/--conf-file are not specified, read the default conf file.
(4) if any options are not specified and the credential cannot be read from the default conf file, use default user and password.

Closes-Bug: 1658821
Change-Id: If9d7c2640fafd085395e950e69825eaedeb49347

Sundaresan Rajangam (srajanga)
information type: Proprietary → Public
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.2

Review in progress for https://review.opencontrail.org/28995
Submitter: Zhiqiang Cui (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/29110
Submitter: Zhiqiang Cui (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/28995
Committed: http://github.org/Juniper/contrail-controller/commit/599749a8573dea64a67320c91e25d4f5c1d51dad
Submitter: Zuul (<email address hidden>)
Branch: R3.2

commit 599749a8573dea64a67320c91e25d4f5c1d51dad
Author: zcui <email address hidden>
Date: Tue Feb 21 14:33:24 2017 -0800

Requirement: add admin_user/admin_password conf file

Description:
Customer require a way to read admin/admin password from given path/file
--admin-user and --admin-password command is not secret since it would be displayed.The expected change to contrail-logs, contrail-stats, contrail-flow.
Solution:
Add a new command --admin-conf-file and follow these rules:
(1) giving the highest priority to --admin/--admin-password only when they are specified in the command line.
(2) if --admin/--admin-password are not specified and --conf-file is specified, read the file specified by --conf-file.
(3) if any of --admin/--admin-password/--conf-file are not specified, read the default conf file.
(4) if any options are not specified and the credential cannot be read from the default conf file, use default user and password.

Change-Id: I7f7da2108cdf3b1382c0835fd7d52851d606445a
Closes-Bug: 1658821

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/29110
Committed: http://github.org/Juniper/contrail-controller/commit/a07d54afbc3ab369e39676f861b4c40cc351cef7
Submitter: Zuul (<email address hidden>)
Branch: master

commit a07d54afbc3ab369e39676f861b4c40cc351cef7
Author: zcui <email address hidden>
Date: Tue Feb 21 14:33:24 2017 -0800

Requirement: add admin_user/admin_password conf file

Description:
Customer require a way to read admin/admin password from given path/file
--admin-user and --admin-password command is not secret since it would be displayed.The expected change to contrail-logs, contrail-stats, contrail-flow.
Solution:
Add a new command --admin-conf-file and follow these rules:
(1) giving the highest priority to --admin/--admin-password only when they are specified in the command line.
(2) if --admin/--admin-password are not specified and --conf-file is specified, read the file specified by --conf-file.
(3) if any of --admin/--admin-password/--conf-file are not specified, read the default conf file.
(4) if any options are not specified and the credential cannot be read from the default conf file, use default user and password.

Closes-Bug: 1658821

Conflicts:
 src/opserver/log.py

Change-Id: I7b4fbc0dd5f06fe6b740d6f3251839f26116627d

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.