StarlingX

fm cmd not working after sysadmin password changed

Bug #1842443 reported by Peng Peng on 2019-09-03

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Invalid	High	Austin Sun

Bug Description

Brief Description
-----------------
After sysadmin password changed, fm cmd failed by timeout. The exception shows ssh permission denied.

Severity
--------
Major

Steps to Reproduce
------------------
change sysadmin password by "passwd"
execute fm cmd

TC-name: security/test_linux_user_password_aging.py::test_sysadmin_password_propagation

Expected Behavior
------------------
fm cmd working properly

Actual Behavior
----------------
fm cmd timeout

Reproducibility
---------------
Reproducible (2 out of 2 attempts)

System Configuration
--------------------
Multi-node system

Lab-name: Ip_1-4

Branch/Pull Time/Commit
-----------------------
stx master as of 2019-09-01_00-10-00

Last Pass
---------
2019-08-23_20-59-00

Timestamp/Logs
--------------
[2019-09-02 02:59:42,236] 779 INFO MainThread security_helper.change_linux_user_password:: Send 'passwd'

[2019-09-02 02:59:42,565] 301 DEBUG MainThread ssh.send :: Send 'q8G03ukdm1h#8'
[2019-09-02 02:59:42,666] 782 INFO MainThread security_helper.change_linux_user_password:: Expect: [': all authentication tokens updated successfully.', '.*controller\\-[01][:| ].*\\$ ']

[2019-09-02 02:59:42,686] 423 DEBUG MainThread ssh.expect :: Output:
passwd: all authentication tokens updated successfully.
controller-0:~$

[2019-09-02 02:59:55,702] 301 DEBUG MainThread ssh.send :: Send 'fm --os-username 'admin' --os-password 'Li69nux*' --os-project-name admin --os-auth-url http://192.168.204.2:5000/v3 --os-user-domain-name Default --os-project-domain-name Default --os-endpoint-type internalURL --os-region-name RegionOne alarm-list --nowrap --uuid'
[2019-09-02 03:09:55,822] 394 WARNING MainThread ssh.expect :: No match found for ['\\[.*@controller\\-[01] .*\$keystone_admin\$\\]\\$ '].
expect timeout.
[2019-09-02 03:09:55,822] 779 DEBUG MainThread ssh.send_control:: Sending ctrl+c

[2019-09-02 03:10:42,482] 151 INFO MainThread ssh.connect :: Attempt to connect to host - 128.224.151.212
[2019-09-02 03:10:45,519] 225 ERROR MainThread ssh.connect :: Login credentials denied by 128.224.151.212. User: sysadmin Password: Li69nux*
[2019-09-02 03:10:45,606] 60 DEBUG MainThread conftest.update_results:: ***Failure at test teardown: /usr/local/lib/python3.4/site-packages/pexpect/pxssh.py:313: pexpect.pxssh.ExceptionPxssh: permission denied

Test Activity
-------------
Regression Testing

See original description

Tags:

Revision history for this message

Ghada Khalil (gkhalil) wrote on 2019-09-04: Re: ssh permission denied after sysadmin password changed

Marking as stx.3.0 high priority as the system is not functional after sysadmin password change. The current assumption right now is that this is not an issue in the r/stx.2.0 branch. If it is, we need to consider re-gating this to stx.2.0 and providing a fix in the next mtce release.

description:	updated
summary:	- ssh permission denied after password changed + ssh permission denied after sysadmin password changed
Changed in starlingx:
importance:	Undecided → High
status:	New → Triaged
tags:	added: stx.3.0 stx.security

Ghada Khalil (gkhalil) on 2019-09-04

Changed in starlingx:
assignee:	nobody → Cindy Xie (xxie1)
summary:	- ssh permission denied after sysadmin password changed + fm cmd not working after sysadmin password changed

Yang Liu (yliu12) on 2019-09-09

tags:

added: stx.retestneeded

Cindy Xie (xxie1) on 2019-09-09

Changed in starlingx:
assignee:	Cindy Xie (xxie1) → Austin Sun (sunausti)

Revision history for this message

Austin Sun (sunausti) wrote on 2019-09-10:

Hi, Liu Yang:
     in multi-node 9/7 code base, manual test passed.
steps:
    1) change controller-0 password with passwd command .
    2) run command ' source /etc/platform/openrc; fm alarm-list"

from your describe , the ssh deny should be due to script to connect controller , this is not related with fm function. could you double check if any test script change recently?

Thanks.

Changed in starlingx:
status:	Triaged → Incomplete

Revision history for this message

Bill Zvonar (billzvonar) wrote on 2019-09-24:

Hi Yang, can you check Austin's comment?

Revision history for this message

Austin Sun (sunausti) wrote on 2019-10-12:

Hi PengPeng and Yang:
would you double check ?
Thanks.
BR
Austin Sun.

Revision history for this message

Yang Liu (yliu12) wrote on 2019-10-18:

I did not see this issue when manually execute this on 20191017 load.

I looked at automation code as well, it did not change recently, but it definitely has issue. Will look into updating automation for sysadmin password test cases.

Suggest to close this LP.

Changed in starlingx:
status:	Incomplete → Invalid
tags:	removed: stx.retestneeded

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.