tripleo

Passwords are re-generated when upgrading to a containerized undercloud

Bug #1753063 reported by Emilien Macchi
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
High
Emilien Macchi
tripleo rocky-1

Bug Description

Deploying a non-containerized undercloud on Pike, the password (undercloud-passwords.conf) file generated by instack-undercloud is on this format:

[auth]
undercloud_db_password=4bd19271b749b2a2f4937db8a97d59cd827fb099
undercloud_admin_token=3c43e3b3ce6412cbed3a0f4b8fdda75a50b31170
undercloud_admin_password=3624e581ce720c7b62a42694ba9aba07c03b0bb7

Stopping the services, upgrading all rpms to Queens, now we want to deploy a containerized undercloud.
undercloud-passwords.conf is regenerated in another format, and will all new passwords:

[auth]
undercloud_mysql_root_password: rhWtQgvMYjMfeZtD4Ddd7d3vG
undercloud_admin_token: 2tcxmyBVvZfdxJmrQnPQE7vjK
undercloud_admin_password: mp7mWzxDN8G7dUkawTtXRt6Ax

Also, tripleo-undercloud-passwords.yaml file is created with Heat parameters.

I think we need to modify the code to check if undercloud-passwords.conf already exist, check the format, and re-use the data when creating the new file used by the Heat stack. That way, we're backward compatible with previous passwords while upgrading.

Emilien Macchi (emilienm)
Changed in tripleo:
importance: Undecided → High
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to python-tripleoclient (master)

Fix proposed to branch: master
Review: https://review.openstack.org/549600

Changed in tripleo:
status: Triaged → In Progress
OpenStack Infra (hudson-openstack)
Changed in tripleo:
assignee: Emilien Macchi (emilienm) → Thomas Herve (therve)
OpenStack Infra (hudson-openstack)
Changed in tripleo:
assignee: Thomas Herve (therve) → Emilien Macchi (emilienm)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to python-tripleoclient (master)

Reviewed: https://review.openstack.org/549600
Committed: https://git.openstack.org/cgit/openstack/python-tripleoclient/commit/?id=bef8cfa55c73f87a37fa23abfdf4ee65b0188a32
Submitter: Zuul
Branch: master

commit bef8cfa55c73f87a37fa23abfdf4ee65b0188a32
Author: Emilien Macchi <email address hidden>
Date: Sat Mar 3 21:39:01 2018 +0000

    uc/deploy: try to keep passwords from undercloud-passwords.conf

    When upgrading a non-containerized undercloud to a containerized
    undercloud, we would like to keep the same passwords that were used
    before so our operators don't have to deal with new passwords and the
    upgrade is more transparent.

    This patch is doing the following:

    If undercloud-passwords.conf exists, undercloud-deploy will generate
    Heat parameters based on the existing passwords and override what was
    generated by the password workflow run by tripleo-common.

    Closes-Bug: #1753063
    Change-Id: Ib2d944c6ac7433461575ca6e9578e39404258b7b
    Co-Authored-By: Thomas Herve <email address hidden>

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/python-tripleoclient 10.0.0

This issue was fixed in the openstack/python-tripleoclient 10.0.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.