novajoin

OTP returned to Nova incorrect due to caching

Bug #1796415 reported by Harald Jensås
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
novajoin
Fix Released
Undecided
Unassigned

Bug Description

Change-Id: Id107000b3a667f5724331e281912560cff6f92f0 implemented caching in the IPAClient class.

When a host is in the cache it returns True[1].
When True is returned the new `ipaotp`[2] is returned to the Nova metadata service. However, the new `ipaotp` password was never set for the host in FreeIPA.

Result: The `ipaotp` password in the metadata provided to the host does'nt match the password set for the host in FreeIPA and the client install errors: " Joining realm failed: Incorrect password. "

[1] https://github.com/openstack/novajoin/blob/master/novajoin/ipa.py#L261-L263
[2] https://github.com/openstack/novajoin/blob/master/novajoin/join.py#L201-L203

Revision history for this message
Harald Jensås (harald-jensas) wrote :

Proposed fix: https://review.openstack.org/608378

Changed in novajoin:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to novajoin (master)

Reviewed: https://review.openstack.org/608378
Committed: https://git.openstack.org/cgit/openstack/novajoin/commit/?id=96ab6fd525ffcdfbde41bfd7a399d1aae2467c04
Submitter: Zuul
Branch: master

commit 96ab6fd525ffcdfbde41bfd7a399d1aae2467c04
Author: Harald Jensås <email address hidden>
Date: Sat Oct 6 00:28:48 2018 +0200

    Fix - Invalid ipaotp returned if host in cache

    Change: Id107000b3a667f5724331e281912560cff6f92f0 implemented
    caching in the IPAClient. We need to store the OTP in the cache
    and return the cached OTP, not the one generated on the join
    request in case there is a cache hit, since we do not update
    the OTP in FreeIPA when the host is in the cache.

    Closes-Bug: #1796415
    Change-Id: Ic19ee7c2228d275397bc4be04432126fd2f228ec

Changed in novajoin:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.