tripleo

Passwords can easily be accidentally regenerated by users of python-tripleoclient

Bug #1541342 reported by Dougal Matthews on 2016-02-03

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Fix Released	High	Dougal Matthews

Bug Description

Description of problem:
The command `openstack overcloud deploy` generates passwords when it is first executed and stores them in a file. If the user then changes to another directory and re-runs the deploy, it will perform a stack update but generate the passwords again.

Steps to Reproduce:
1. openstack overcloud deploy
2. cd /tmp (or anywhere other than the current directory)
3. openstack overcloud deploy

Actual results:
Passwords are re-generated and sent to Heat again, which attempts to reconfigure the passwords on all services. This doesn't seem to be fully supported by tripleo-heat-templates at the moment.

Expected results:
Passwords should never be generated on a stack update, the command should complain loudly that the password file can't be found.

Tags:

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-02-03: Fix proposed to python-tripleoclient (master)

Fix proposed to branch: master
Review: https://review.openstack.org/275661

Changed in tripleo:
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-02-10: Fix merged to python-tripleoclient (master)

Reviewed: https://review.openstack.org/275661
Committed: https://git.openstack.org/cgit/openstack/python-tripleoclient/commit/?id=8f9b01e516d0dde43a840a847c257b19c20b5228
Submitter: Jenkins
Branch: master

commit 8f9b01e516d0dde43a840a847c257b19c20b5228
Author: Dougal Matthews <email address hidden>
Date: Wed Feb 3 11:35:43 2016 +0000

Don't regenerate the overcloud passwords if the Heat stack exists

    If the user is in the incorrect directory (one different from
    where they originally deployed), the function to generate
    passwords will create a new password file with random passwords.
    This will then be sent to Heat and it will attempt to reconfigure
    the passwords for all services (which currently isn't fully
    supported and can leave users with a non-functioning overcloud).
    The issue can be replicated with:

        openstack overcloud deploy --templates
        cd /tmp (or any other different directory)
        openstack overcloud deploy --templates

This changes the behaviour to display an error if the password
file can't be found, but the Heat stack already exists.

Closes-Bug: #1541342
Change-Id: I2ce63c254c10d6382d626b2f5436019971a26952

Changed in tripleo:
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.