tripleo

  1. Bug #1960271
  2. Comment #1

Comment 1 for bug 1960271

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to tripleo-common (master)

Reviewed: https://review.opendev.org/c/openstack/tripleo-common/+/833615
Committed: https://opendev.org/openstack/tripleo-common/commit/0cf9c1270203dbd796212688b43ea890607403c3
Submitter: "Zuul (22348)"
Branch: master

commit 0cf9c1270203dbd796212688b43ea890607403c3
Author: Damien Ciabrini <email address hidden>
Date: Mon Mar 14 12:15:05 2022 +0100

    Generate database URI for ed25519 passwords

    In addition to generating base64-encoded passwords when
    EnableMysqlAuthEd25519 is set [1], we need to encode the
    password part of the database URI in a way that can be
    decoded by oslo.db. This is then used by tripleo heat
    templates [2] to generate appropriate hiera keys.

    Let tripleo-common generate a pair of keys
    <service>Password and <service>PasswordDatabase to
    generate base64-encoded passwords, and RFC-1738-encoded
    passwords for URI. The former is still used as before
    to create users in the database, and the latter is used
    by oslo.db for connection to the database.

    Tested by deploying a standalone, undercloud and HA overcloud
    with and without EnableMysqlAuthEd25519. Password rotation
    with tripleo_passwords_rotate is also supported.

    [1] I00d3d2a43d08d3d317a25c7ecb54d197e36a8f93
    [2] I2e2cd7256700b728453e2b5857967893996cf552

    Related-Bug: #1960271

    Change-Id: Ic7ff36a5f3f4eceeb6c8a338093e956b7db00533