admin-password from include-file has line-feed
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Keystone Charm |
Fix Released
|
Low
|
Billy Olsen |
Bug Description
With an eye towards keeping secrets out of my bundle, I used and include-file to for the admin-password, such as:
applications:
keystone:
charm: cs:keystone
num_units: 3
options:
The include file was created with:
echo "mypassword" > secrets/
After deployment, I was getting "The request you have made requires authentication. (HTTP 401)" when my OS_PASSWORD=
However, if I embed a newline in my password, it works:
export OS_PASSWORD=
"
As a work-around, I can create the include file without a line-feed:
echo -n "mypassword" > secrets/
A better solution would be for the charm to strip whitespace and newlines from the end of the config value.
Changed in charm-keystone: | |
status: | New → In Progress |
importance: | Undecided → Low |
assignee: | nobody → Billy Olsen (billy-olsen) |
milestone: | none → 21.04 |
Changed in charm-keystone: | |
milestone: | 21.04 → none |
Changed in charm-keystone: | |
milestone: | none → 21.10 |
Changed in charm-keystone: | |
status: | Fix Committed → Fix Released |
Generally, it is recommended to not set the admin-password for the keystone charm at all, and let the charm generate one. If that password is needed for post-deployment activity by a Juju operator, it can be recovered with:
juju run --unit keystone/leader 'leader-get admin_passwd'