commit 64b953ec3b44a9888979cb18788b9481cba9a133
Author: Tee Ngo <email address hidden>
Date: Sat Aug 3 07:52:53 2019 -0400
Prevent admin password regeneration upon bootstrap replay
Currently admin password is regenerated in bootstrap replay if
the initial bootstrap failed for whatever reason. This results in
Authorization failure after controller-0 unlock as the admin
password, which got regenerated in the replay and stored via
python keyring, no longer matches with the admin password postgres
was bootstrapped with.
In this commit, admin password is not regenerated in a replay after
the bootstrap puppet manifest has been applied regardless of the
initial bootstrap status.
This logic will be revised once the decision has been made to
continue storing the admin password using python keyring or to switch
to barbican as the required changes to support password generation/
regeneration in the bootstrap playbook differ considerably between
the two storage methods. In the meantime, the user can always change
the admin password at any time after the system is up (e.g. via
Horizon).
Reviewed: https:/ /review. opendev. org/674472 /git.openstack. org/cgit/ starlingx/ ansible- playbooks/ commit/ ?id=64b953ec3b4 4a9888979cb1878 8b9481cba9a133
Committed: https:/
Submitter: Zuul
Branch: master
commit 64b953ec3b44a98 88979cb18788b94 81cba9a133
Author: Tee Ngo <email address hidden>
Date: Sat Aug 3 07:52:53 2019 -0400
Prevent admin password regeneration upon bootstrap replay
Currently admin password is regenerated in bootstrap replay if
the initial bootstrap failed for whatever reason. This results in
Authorization failure after controller-0 unlock as the admin
password, which got regenerated in the replay and stored via
python keyring, no longer matches with the admin password postgres
was bootstrapped with.
In this commit, admin password is not regenerated in a replay after
the bootstrap puppet manifest has been applied regardless of the
initial bootstrap status.
This logic will be revised once the decision has been made to
continue storing the admin password using python keyring or to switch
to barbican as the required changes to support password generation/
regeneration in the bootstrap playbook differ considerably between
the two storage methods. In the meantime, the user can always change
the admin password at any time after the system is up (e.g. via
Horizon).
Closes-Bug: 1837696 33732b3c979188c 5db9b560296
Closes-Bug: 1838805
Change-Id: I672a7e97a9183f
Signed-off by: Tee Ngo <email address hidden>