OpenStack Identity (keystone)

keystone-manage ssl_setup does not overwrite existing files

Bug #1308778 reported by Bill Lubanovic
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Medium
wanghong
OpenStack Identity (keystone) 2015.1.0 "kilo"

Bug Description

If you run "keystone-manage ssl_setup" more than once, it does not overwrite existing files under /etc/keystone/ssl, and does not print or log an error message.

Dolph Mathews (dolph)
tags: added: ux
tags: added: user-experience
removed: ux
Changed in keystone:
status: New → Triaged
importance: Undecided → Medium
wanghong (w-wanghong)
Changed in keystone:
assignee: nobody → wanghong (w-wanghong)
Revision history for this message
Openstack Gerrit (openstack-gerrit) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/88207

Changed in keystone:
status: Triaged → In Progress
Revision history for this message
David Stanek (dstanek) wrote :

We should definitely be printing out a list of files that would need to be removed so that they can be replaced. I'm not sure I like the idea of having the script doing the deleting. It seems like it would be easy to make mistakes and we are not a configuration management tool.

It's also important to note that we'll be discouraging the use of pkg_setup in a future commit. https://review.openstack.org/#/c/80819/

Revision history for this message
Adam Young (ayoung) wrote : Re: [Bug 1308778] Re: keystone-manage ssl_setup does not overwrite existing files

On 04/21/2014 12:07 PM, David Stanek wrote:
> We should definitely be printing out a list of files that would need to
> be removed so that they can be replaced. I'm not sure I like the idea of
> having the script doing the deleting. It seems like it would be easy to
> make mistakes and we are not a configuration management tool.
>
> It's also important to note that we'll be discouraging the use of
> pkg_setup in a future commit. https://review.openstack.org/#/c/80819/
>
 We should not be using keystone_manage ssl: it is only for a
development setup. In a real setup, you need real certificates.

David Stanek (dstanek)
Changed in keystone:
assignee: wanghong (w-wanghong) → David Stanek (dstanek)
OpenStack Infra (hudson-openstack)
Changed in keystone:
assignee: David Stanek (dstanek) → wanghong (w-wanghong)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/88207
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=cc3e2355eac51d92f1436704f1873554b11e2da2
Submitter: Jenkins
Branch: master

commit cc3e2355eac51d92f1436704f1873554b11e2da2
Author: wanghong <email address hidden>
Date: Thu Apr 17 16:05:51 2014 +0800

    add --rebuild option for ssl/pki_setup

    Currently, if you run "keystone-manage ssl_setup" more than once,
    it does not overwrite existing files under /etc/keystone/ssl, and
    does not print or log an error message. Now, we add --rebuild option
    for ssl/pki_setup to clean up the exist generated files and rebuild
    the configure files. Also, if you run "keystone-manage ssl_setup"
    more than once, it will print prompt message to tell you take
    --rebuild option to rebuild configure files.

    Change-Id: Ia1e6830c4c81d5a53317a522c526b79b67de1bce
    Closes-Bug: #1308778

Changed in keystone:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in keystone:
milestone: none → juno-rc1
status: Fix Committed → Fix Released
status: Fix Released → Fix Committed
milestone: juno-rc1 → none
Thierry Carrez (ttx)
Changed in keystone:
milestone: none → juno-rc1
status: Fix Committed → Fix Released
milestone: juno-rc1 → none
status: Fix Released → Fix Committed
Morgan Fainberg (mdrnstm)
Changed in keystone:
milestone: none → kilo-1
Thierry Carrez (ttx)
Changed in keystone:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in keystone:
milestone: kilo-1 → 2015.1.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.