commit 05f677d0993604a0b1a1e40b2d64f91c24c43c5c
Author: Tee Ngo <email address hidden>
Date: Sat Aug 3 07:52:53 2019 -0400
Prevent admin password regeneration upon bootstrap replay
Currently admin password is regenerated in bootstrap replay if
the initial bootstrap failed for whatever reason. This results in
Authorization failure after controller-0 unlock as the admin
password, which got regenerated in the replay and stored via
python keyring, no longer matches with the admin password postgres
was bootstrapped with.
In this commit, admin password is not regenerated in a replay after
the bootstrap puppet manifest has been applied regardless of the
initial bootstrap status.
This logic will be revised once the decision has been made to
continue storing the admin password using python keyring or to switch
to barbican as the required changes to support password generation/
regeneration in the bootstrap playbook differ considerably between
the two storage methods. In the meantime, the user can always change
the admin password at any time after the system is up (e.g. via
Horizon).
Reviewed: https:/ /review. opendev. org/677506 /git.openstack. org/cgit/ starlingx/ ansible- playbooks/ commit/ ?id=05f677d0993 604a0b1a1e40b2d 64f91c24c43c5c
Committed: https:/
Submitter: Zuul
Branch: r/stx.2.0
commit 05f677d0993604a 0b1a1e40b2d64f9 1c24c43c5c
Author: Tee Ngo <email address hidden>
Date: Sat Aug 3 07:52:53 2019 -0400
Prevent admin password regeneration upon bootstrap replay
Currently admin password is regenerated in bootstrap replay if
the initial bootstrap failed for whatever reason. This results in
Authorization failure after controller-0 unlock as the admin
password, which got regenerated in the replay and stored via
python keyring, no longer matches with the admin password postgres
was bootstrapped with.
In this commit, admin password is not regenerated in a replay after
the bootstrap puppet manifest has been applied regardless of the
initial bootstrap status.
This logic will be revised once the decision has been made to
continue storing the admin password using python keyring or to switch
to barbican as the required changes to support password generation/
regeneration in the bootstrap playbook differ considerably between
the two storage methods. In the meantime, the user can always change
the admin password at any time after the system is up (e.g. via
Horizon).
Closes-Bug: 1837696 33732b3c979188c 5db9b560296
Closes-Bug: 1838805
Change-Id: I672a7e97a9183f
Signed-off by: Tee Ngo <email address hidden>