openstack app's admin account gets locked after change password
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Lin Shuicheng |
Bug Description
Brief Description
-----------------
After changing the password the keyring is still showing the old password. For a short while openstack commands work using the new password and then the account gets locked.
1853017 similar to this defect except that "keyring get CGCS admin" shows the old password
Severity
--------
Provide the severity of the defect.
Major
Steps to Reproduce
------------------
1. openstack user set --password "N3wpassword*" admin
2. keyring get CGCS admin (is still showing the old password)
3. edit clouds.yml with the new password
4. export OS_CLOUD=
5. openstack network list (will execute normaly for a short while and then The account is locked for user: c8aab57d3ffa447
Expected Behavior
------------------
keyring updated, commands working with the new password and account not getting locked
Actual Behavior
----------------
keyring is not updated and account is getting locked
Reproducibility
---------------
allways
System Configuration
-------
Multi-node system
Branch/Pull Time/Commit
-------
controller-0:~$ cat /etc/build.info
###
### StarlingX
### Built from master
###
OS="centos"
SW_VERSION="20.06"
BUILD_TARGET="Host Installer"
BUILD_TYPE="Formal"
BUILD_ID=
JOB="STX_
<email address hidden>"
BUILD_NUMBER="165"
BUILD_HOST=
BUILD_DATE=
FLOCK_OS="centos"
FLOCK_JOB=
<email address hidden>"
FLOCK_BUILD_
FLOCK_BUILD_
FLOCK_BUILD_
Last Pass
---------
Timestamp/Logs
--------------
https:/
Test Activity
-------------
Regression Testing
Workaround
----------
description: | updated |
tags: | added: stx.distro.openstack |
Changed in starlingx: | |
assignee: | nobody → Lin Shuicheng (shuicheng) |
Changed in starlingx: | |
importance: | Undecided → Medium |
tags: | added: stx.4.0 |
Changed in starlingx: | |
status: | New → Confirmed |
summary: |
- keyring password not updated and account gets locked + openstack app's admin account gets locked after change password |
The issue here is that there are 2 keystone admin users: one for the host keystone instance and the second for the containerized openstack keystone. However, platform services (ex: nfv-vim) do not distinguish between the two. This is a design gap since the introduction of containerized openstack. More investigation is required to determine the best option forward.