puppet-keystone

keystone incorrectly uses admin_token for the bootstrap password

Bug #1621959 reported by Alex Schultz on 2016-09-09

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	puppet-keystone	Fix Released	Medium	Alex Schultz

Bug Description

in the main keystone class, we are incorrectly using the admin_token for the keystone bootstrap process. This should be set to the admin password. Additionally if using the keystone::roles::admin class, this password should match what is used in the bootstrap process.

https://github.com/openstack/puppet-keystone/blob/master/manifests/init.pp#L1153

OpenStack Infra (hudson-openstack) on 2016-09-09

Changed in puppet-keystone:
assignee:	nobody → Matt Fischer (mfisch)
status:	New → In Progress

Emilien Macchi (emilienm) on 2016-09-11

Changed in puppet-keystone:
importance:	Undecided → Medium

OpenStack Infra (hudson-openstack) on 2016-09-19

Changed in puppet-keystone:
assignee:	Matt Fischer (mfisch) → Alex Schultz (alex-schultz)

Alex Schultz (alex-schultz) on 2016-09-19

Changed in puppet-keystone:
assignee:	Alex Schultz (alex-schultz) → Matt Fischer (mfisch)

OpenStack Infra (hudson-openstack) on 2016-09-20

Changed in puppet-keystone:
assignee:	Matt Fischer (mfisch) → Alex Schultz (alex-schultz)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-09-20: Fix merged to puppet-keystone (master)

Reviewed: https://review.openstack.org/368169
Committed: https://git.openstack.org/cgit/openstack/puppet-keystone/commit/?id=5a1b6400d6891f687e1014ea3825bc3ae3c363e5
Submitter: Jenkins
Branch: master

commit 5a1b6400d6891f687e1014ea3825bc3ae3c363e5
Author: Matt Fischer <email address hidden>
Date: Fri Sep 9 11:53:12 2016 -0600

Add admin_password parameter for use in bootstrap

    keystone-manage bootstrap should be taking the admin_password, not the
    admin token. The admin_token is deprecated in Keystone and will be
    deprecated in this module in a later release. For now we add an
    admin_password parameter which defaults to admin_token, but do not rely
    on the default value since admin_token will go away. Beyond the
    incorrect usage of admin_token that this fixes, admin_token is still
    used in other places and that is why it will be removed in a separate
    change.

Closes-Bug: #1621959

Change-Id: I7a706d93b43ec025bdb4b29667f64ff2f7dd52a0

Changed in puppet-keystone:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-09-27: Fix included in openstack/puppet-keystone 9.4.0

This issue was fixed in the openstack/puppet-keystone 9.4.0 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.