AdminPassword with special character fails deployment.

Bug #1811005 reported by Yossi Ovadia
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
High
Alex Schultz

Bug Description

Rocky, container based deployment.

Description
===========

When using AdminPassword containing - ( or ) or & ( probably more ) deployment will fail with:

"Error running ['docker', 'exec', '--user=root', u'keystone', '/usr/bin/bootstrap_host_exec', 'keystone', 'keystone-manage', 'bootstrap', '--bootstrap-password', 'h@r1z&n']. [127]",
"stderr: /usr/bin/bootstrap_host_exec: line 16: n: command not found",

This line comes from:

docker/services/keystone.yaml, line 188 -
          keystone_bootstrap:
            start_order: 3
            action: exec
            user: root
            command:
              [ 'keystone', '/usr/bin/bootstrap_host_exec', 'keystone' ,'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ]

Manually executing the command above fails same of course:
[stack@undercloud (stackrc) ~]$ sudo docker exec --user=root keystone /usr/bin/bootstrap_host_exec keystone keystone-manage bootstrap --bootstrap-password 'h@r1z&n'
/usr/bin/bootstrap_host_exec: line 16: n: command not found

Using escape e.g h\@r1z\&n, on cli solves the problem.

Steps to reproduce
=====================
1. use password with special chars.
2. deploy

Changed in tripleo:
status: New → Triaged
importance: Undecided → High
milestone: none → stein-2
Changed in tripleo:
milestone: stein-2 → stein-3
Changed in tripleo:
milestone: stein-3 → stein-rc1
Changed in tripleo:
milestone: stein-rc1 → train-1
Changed in tripleo:
milestone: train-1 → train-2
Changed in tripleo:
milestone: train-2 → train-3
Changed in tripleo:
milestone: train-3 → ussuri-1
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (master)

Fix proposed to branch: master
Review: https://review.opendev.org/692932

Changed in tripleo:
assignee: nobody → Alex Schultz (alex-schultz)
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (master)

Reviewed: https://review.opendev.org/692932
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=068527d139b4b521782873fdd97ac46cb10b0885
Submitter: Zuul
Branch: master

commit 068527d139b4b521782873fdd97ac46cb10b0885
Author: Alex Schultz <email address hidden>
Date: Mon Nov 4 17:01:04 2019 -0700

    Move bootstrap password to an environment var

    Currently if you try to use a space in the keystone password, the
    bootstrap process fails due to the password being evaulated as command
    line arguments. We can work around this by using an environment var to
    pass the password to the script that needs to be run.

    Change-Id: I03754206781bc8f62d143b2c541f594ca3207a0f
    Closes-Bug: #1811005

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/693187

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (stable/stein)

Fix proposed to branch: stable/stein
Review: https://review.opendev.org/693188

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.opendev.org/693191

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.opendev.org/693193

tags: added: stein-backport-potential
tags: added: queens-backport-potential rocky-backport-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/rocky)

Reviewed: https://review.opendev.org/693191
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=a7cafbc50007690681d3d4eebcb169fcd6e17ed2
Submitter: Zuul
Branch: stable/rocky

commit a7cafbc50007690681d3d4eebcb169fcd6e17ed2
Author: Alex Schultz <email address hidden>
Date: Mon Nov 4 17:01:04 2019 -0700

    Move bootstrap password to an environment var

    Currently if you try to use a space in the keystone password, the
    bootstrap process fails due to the password being evaulated as command
    line arguments. We can work around this by using an environment var to
    pass the password to the script that needs to be run.

    Conflicts:
            puppet/services/keystone.yaml

    Change-Id: I03754206781bc8f62d143b2c541f594ca3207a0f
    Closes-Bug: #1811005
    (cherry picked from commit 068527d139b4b521782873fdd97ac46cb10b0885)

tags: added: in-stable-rocky
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/queens)

Reviewed: https://review.opendev.org/693193
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=669f60260440914d60d55453c07ba2b0751e8cb2
Submitter: Zuul
Branch: stable/queens

commit 669f60260440914d60d55453c07ba2b0751e8cb2
Author: Alex Schultz <email address hidden>
Date: Mon Nov 4 17:01:04 2019 -0700

    Move bootstrap password to an environment var

    Currently if you try to use a space in the keystone password, the
    bootstrap process fails due to the password being evaulated as command
    line arguments. We can work around this by using an environment var to
    pass the password to the script that needs to be run.

    Conflicts:
            puppet/services/keystone.yaml

    Change-Id: I03754206781bc8f62d143b2c541f594ca3207a0f
    Closes-Bug: #1811005
    (cherry picked from commit 068527d139b4b521782873fdd97ac46cb10b0885)

tags: added: in-stable-queens
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/train)

Reviewed: https://review.opendev.org/693187
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=fdc08ebba17f2c4859647bf358649bc9522c97b1
Submitter: Zuul
Branch: stable/train

commit fdc08ebba17f2c4859647bf358649bc9522c97b1
Author: Alex Schultz <email address hidden>
Date: Mon Nov 4 17:01:04 2019 -0700

    Move bootstrap password to an environment var

    Currently if you try to use a space in the keystone password, the
    bootstrap process fails due to the password being evaulated as command
    line arguments. We can work around this by using an environment var to
    pass the password to the script that needs to be run.

    Change-Id: I03754206781bc8f62d143b2c541f594ca3207a0f
    Closes-Bug: #1811005
    (cherry picked from commit 068527d139b4b521782873fdd97ac46cb10b0885)

tags: added: in-stable-train
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/stein)

Reviewed: https://review.opendev.org/693188
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=f29003fa18d301803cc66734616af5e374bfe7fa
Submitter: Zuul
Branch: stable/stein

commit f29003fa18d301803cc66734616af5e374bfe7fa
Author: Alex Schultz <email address hidden>
Date: Mon Nov 4 17:01:04 2019 -0700

    Move bootstrap password to an environment var

    Currently if you try to use a space in the keystone password, the
    bootstrap process fails due to the password being evaulated as command
    line arguments. We can work around this by using an environment var to
    pass the password to the script that needs to be run.

    Conflicts:
            deployment/keystone/keystone-container-puppet.yaml

    Change-Id: I03754206781bc8f62d143b2c541f594ca3207a0f
    Closes-Bug: #1811005
    (cherry picked from commit 068527d139b4b521782873fdd97ac46cb10b0885)

tags: added: in-stable-stein
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 12.0.0

This issue was fixed in the openstack/tripleo-heat-templates 12.0.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 10.6.2

This issue was fixed in the openstack/tripleo-heat-templates 10.6.2 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 11.3.1

This issue was fixed in the openstack/tripleo-heat-templates 11.3.1 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates rocky-eol

This issue was fixed in the openstack/tripleo-heat-templates rocky-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates queens-eol

This issue was fixed in the openstack/tripleo-heat-templates queens-eol release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.