provide stable mechanism to retrieve admin credentials

Bug #1435906 reported by Alexander List
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Keystone Charm
Triaged
Low
Unassigned
keystone (Juju Charms Collection)
Invalid
Low
Unassigned

Bug Description

We were relying on a method like this to retrieve the keystone password:

keystone_machine=$(juju status keystone/0 | awk '$1 == "public-address:" {print $2; exit}')
export OS_PASSWORD=$(juju ssh keystone/0 "sudo cat /var/lib/keystone/keystone.passwd 2>/dev/null" | tr -d '[:space:]')

It looks like the behaviour of the keystone charm changed - /var/lib/keystone/keystone.passwd isn't being populated anymore.

We are running keystone in non-HA mode.

Charm source: lp:charms/trusty/keystone
Version: revno 123

The charm config explicitly suggests against setting the password via config except for testing. Also, the config setting is only respected if it's present before install autogenerates credentials.

We need a stable mechanism to extract keystone credentials (aka admin .novarc) to the controlling juju environment.

Revision history for this message
Alexander List (alexlist) wrote :

A workaround is to actively set the admin-password via juju-set. This also works post-deploy, contrary to earlier behaviour of the charm.

Revision history for this message
James Page (james-page) wrote :

I think the general approach to this would be to provide an action that can retrieve the leader generate admin password etc...

Changed in keystone (Juju Charms Collection):
status: New → Triaged
importance: Undecided → Low
James Page (james-page)
Changed in charm-keystone:
importance: Undecided → Low
status: New → Triaged
Changed in keystone (Juju Charms Collection):
status: Triaged → Invalid
Revision history for this message
Xav Paice (xavpaice) wrote :

One thing that seems to work OK:

export OS_PASSWORD=$(set -x; juju run --unit keystone/0 leader-get admin_passwd)

Also, I have reported LP: #1765222 regarding resetting the admin-password not making any changes.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.