kolla-ansible

Bifrost's autogenerated passwords are not persisted

Bug #1983356 reported by Mark Goddard on 2022-08-02

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	kolla-ansible	Fix Released	Medium	Unassigned

Bug Description

By default Bifrost generates passwords for use by services, and stores them in files in /root/.config/bifrost/ in the container. This directory is not persistent, so the passwords are lost if the container is recreated. This is generally not a problem, because recreating the container is generally done when redeploying Bifrost, and new passwords will be generated and written to configuration files. However, if you access the Ironic or
Inspector APIs outside of the Bifrost playbooks, the credentials will have changed.

Mark Goddard (mgoddard) on 2022-08-02

Changed in kolla-ansible:
importance:	Undecided → Medium

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-08-02: Fix proposed to kolla-ansible (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/851837

Changed in kolla-ansible:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-08-24: Fix merged to kolla-ansible (master)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/851837
Committed: https://opendev.org/openstack/kolla-ansible/commit/d95e237f3df6671a156a5ba807ae18d033db6796
Submitter: "Zuul (22348)"
Branch: master

commit d95e237f3df6671a156a5ba807ae18d033db6796
Author: Mark Goddard <email address hidden>
Date: Tue Aug 2 11:20:29 2022 +0100

Persist Bifrost's autogenerated passwords

    By default Bifrost generates passwords for use by services, and stores
    them in files in /root/.config/bifrost/ in the container. This directory
    is not persistent, so the passwords are lost if the container is
    recreated. This is generally not a problem, because recreating the
    container is generally done when redeploying Bifrost, and new passwords
    will be generated and written to configuration files. However, if you
    access the Ironic or Inspector APIs outside of the Bifrost playbooks,
    the credentials will have changed.

    This change fixes the issue by persisting the credentials directory in a
    Docker volume. Note that applying this change will cause existing
    credentials to be removed.

Closes-Bug: #1983356

Change-Id: I45a899e228b7634ba86fab5822139252c48a7f07

Changed in kolla-ansible:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-12-09: Fix included in openstack/kolla-ansible 15.0.0.0rc1

This issue was fixed in the openstack/kolla-ansible 15.0.0.0rc1 release candidate.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.