OpenStack DBaaS (Trove)

Root Password Returned For non-Root Supported Datastores

Bug #1276858 reported by Auston McReynolds
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack DBaaS (Trove)
Fix Released
High
Auston McReynolds
OpenStack DBaaS (Trove) 2014.1 "icehouse"

Bug Description

if root_on_create=True (trove.conf), a root password is generated and returned in the instance-create response. The root_on_create functionality only exists (thus far) for MySQL, but a generated password is being incorrectly returned in the case of instance-create with datastores like Redis, MongoDB, Cassandra, etc.

Example:

$trove create Herschel 7 --size 1 --datastore mongodb --datastore_version mongodb-mongo

+-------------------+--------------------------------------+
| Property | Value |
+-------------------+--------------------------------------+
| created | 2014-02-04T23:02:53 |
| datastore | mongodb |
| datastore_version | mongodb-mongo |
| flavor | 7 |
| id | 53636b58-25dc-4566-8812-9e6e03351788 |
| ip | 10.0.0.2 |
| name | Herschel |
| password | gWGekbxz3a73xn3Q3e4vraxnRwNUhdgBEXxd |
| status | BUILD |
| updated | 2014-02-04T23:03:01 |
| volume | 1 |
+-------------------+--------------------------------------+

The fix requires amending https://github.com/openstack/trove/blob/41c6289dcf021542c656b9d2b748b61d2aec22d3/trove/instance/models.py#L552 to look at the datastore_version's manager.

Auston McReynolds (amcrn)
Changed in trove:
milestone: none → icehouse-3
Revision history for this message
Viswa Vutharkar (vvutharkar) wrote :

What about the UI impacts of this bug's root cause? The standard root password dialog that pops up in horizon when you create a DB. Does that not get launched if the root password field is Nil/Empty? Or is there a need for manager version checking code in horizon as well to skip popping that root password screen when manager is 'mongodb' (or others that don't support root password) ?

Revision history for this message
Sushil Kumar (sushil-kumar2) wrote :

Hey Vishwa, r u saying that user is supplying the root password, I did not see this functionality in APIs.

Revision history for this message
Sushil Kumar (sushil-kumar2) wrote :

@Auston, does that means we need to have list suggesting which datastores have implemented enable_root api and the list could be appended with new datastores.

Revision history for this message
Viswa Vutharkar (vvutharkar) wrote :

Sushil,

The primary problem Auston refers to is this : "if root_on_create=True (trove.conf), a root password is generated and returned in the instance-create response."

And he suggested the code area where the root password is generated to add a check and skip if the underlying datastore type does not support root user. I assume this will then prevent the "trove create" from popping up a root password in the CLI output.

My question was: Is that change enough to prevent the GUI also from popping up the root password information box in the horizon dasboard during the 'database creation work flow' or if further changes are needed on the horizon side?

Revision history for this message
Sushil Kumar (sushil-kumar2) wrote :

Cool, got that Vishwa.
I would hope if password generation is made datastore dependent then it would only generate the passwords in particular case and there won't be any passwords for other datastores, so it should not pop up on horizon's screen, unless GUI addresses the case differently itself.

Revision history for this message
Auston McReynolds (amcrn) wrote :

@viswa: "My question was: Is that change enough to prevent the GUI also from popping up the root password information box in the horizon dasboard during the 'database creation work flow' or if further changes are needed on the horizon side?"

>> this is an internal enhancement we have for trove's horizon dashboard, it's not public. if the password is not returned from instance-create, the workflow will not redirect to that page, so we're fine.

Michael Basnight (hubcap)
Changed in trove:
importance: Undecided → High
Ramashri Umale (ramashri)
Changed in trove:
assignee: nobody → Ramashri Umale (rumale-4)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to trove (master)

Fix proposed to branch: master
Review: https://review.openstack.org/77275

Changed in trove:
status: New → In Progress
Nikhil Manchanda (slicknik)
Changed in trove:
milestone: icehouse-3 → icehouse-rc1
OpenStack Infra (hudson-openstack)
Changed in trove:
assignee: Ramashri Umale (rumale-4) → Auston McReynolds (amcrn)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to trove (master)

Reviewed: https://review.openstack.org/77275
Committed: https://git.openstack.org/cgit/openstack/trove/commit/?id=ce6e24bb86de1360de930491ab226079dd84ce33
Submitter: Jenkins
Branch: master

commit ce6e24bb86de1360de930491ab226079dd84ce33
Author: Ramashri Umale <email address hidden>
Date: Sun Mar 9 17:54:06 2014 -0700

    Root_on_create per datastore

    Reason: Not each datastore has root user entity;

    Changes: root_on_create flag per datastore.
    fixed test case root_on_create;

    Change-Id: I5b2f665cfdb36e9f88d57d04b5e9470085b3362a
    Closes-Bug: #1276858

Changed in trove:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in trove:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in trove:
milestone: icehouse-rc1 → 2014.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.