kolla-ansible

Service user passwords aren't updated when reconfiguring services

Bug #2045990 reported by Alex Welsh on 2023-12-08

This bug affects 1 person

	Status	Importance	Assigned to
kolla-ansible	Status tracked in Caracal
Antelope	Fix Released	Undecided	Unassigned
Bobcat	Fix Released	Undecided	Unassigned
Caracal	Fix Released	Undecided	Alex Welsh
Zed	Fix Released	Undecided	Unassigned

Bug Description

It isn't currently possible to rotate keystone passwords for service users.

Re-deploying or re-configuring services with updated passwords will just ignore the change.

The user creation ansible module that Kolla Ansible uses has an option to update user passwords when they are changed, but it's not used. The default is to only update the password when a user is first created.

The reconfiguration will not fail but it will stop affected services from working properly.

Alex Welsh (alex-welsh) on 2023-12-08

Changed in kolla-ansible:
assignee:	nobody → Alex Welsh (alex-welsh)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-12-08: Fix proposed to kolla-ansible (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/903178

Changed in kolla-ansible:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-02-07: Fix merged to kolla-ansible (master)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/903178
Committed: https://opendev.org/openstack/kolla-ansible/commit/ffd6e3bf329f59318317fba624bc7b1a88f3f7bb
Submitter: "Zuul (22348)"
Branch: master

commit ffd6e3bf329f59318317fba624bc7b1a88f3f7bb
Author: Alex-Welsh <email address hidden>
Date: Fri Dec 8 15:28:27 2023 +0000

Update keystone service user passwords

    Service user passwords will now be updated in keystone if services are
    reconfigured with new passwords set in config. This behaviour can be
    overridden.

Closes-Bug: #2045990
Change-Id: I91671dda2242255e789b521d19348b0cccec266f

Changed in kolla-ansible:
status:	In Progress → Fix Released

Revision history for this message

Maksim Malchuk (mmalchuk) wrote on 2024-02-08:

Yoga unmaintained

no longer affects:

kolla-ansible/yoga

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-02-08: Fix proposed to kolla-ansible (stable/2023.2)

Fix proposed to branch: stable/2023.2
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/908271

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-02-08: Fix proposed to kolla-ansible (stable/2023.1)

Fix proposed to branch: stable/2023.1
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/908272

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-02-08: Fix proposed to kolla-ansible (stable/zed)

Fix proposed to branch: stable/zed
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/908273

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-02-19: Fix merged to kolla-ansible (stable/zed)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/908273
Committed: https://opendev.org/openstack/kolla-ansible/commit/3c3f5a2924af6775dd9a5605aead6f79f6ed969e
Submitter: "Zuul (22348)"
Branch: stable/zed

commit 3c3f5a2924af6775dd9a5605aead6f79f6ed969e
Author: Alex-Welsh <email address hidden>
Date: Fri Dec 8 15:28:27 2023 +0000

Update keystone service user passwords

    Service user passwords will now be updated in keystone if services are
    reconfigured with new passwords set in config. This behaviour can be
    overridden.

    Closes-Bug: #2045990
    Change-Id: I91671dda2242255e789b521d19348b0cccec266f
    (cherry picked from commit ffd6e3bf329f59318317fba624bc7b1a88f3f7bb)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-02-19: Fix merged to kolla-ansible (stable/2023.2)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/908271
Committed: https://opendev.org/openstack/kolla-ansible/commit/3fda8eb56e18ef88904457d587b2fbb6c463d356
Submitter: "Zuul (22348)"
Branch: stable/2023.2

commit 3fda8eb56e18ef88904457d587b2fbb6c463d356
Author: Alex-Welsh <email address hidden>
Date: Fri Dec 8 15:28:27 2023 +0000

Update keystone service user passwords

    Service user passwords will now be updated in keystone if services are
    reconfigured with new passwords set in config. This behaviour can be
    overridden.

    Closes-Bug: #2045990
    Change-Id: I91671dda2242255e789b521d19348b0cccec266f
    (cherry picked from commit ffd6e3bf329f59318317fba624bc7b1a88f3f7bb)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-02-19: Fix merged to kolla-ansible (stable/2023.1)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/908272
Committed: https://opendev.org/openstack/kolla-ansible/commit/07fad991d80ef7c88147fb336bb7a65397946b84
Submitter: "Zuul (22348)"
Branch: stable/2023.1

commit 07fad991d80ef7c88147fb336bb7a65397946b84
Author: Alex-Welsh <email address hidden>
Date: Fri Dec 8 15:28:27 2023 +0000

Update keystone service user passwords

    Service user passwords will now be updated in keystone if services are
    reconfigured with new passwords set in config. This behaviour can be
    overridden.

    Closes-Bug: #2045990
    Change-Id: I91671dda2242255e789b521d19348b0cccec266f
    (cherry picked from commit ffd6e3bf329f59318317fba624bc7b1a88f3f7bb)