Move bootstrap password to an environment var

Currently if you try to use a space in the keystone password, the
bootstrap process fails due to the password being evaulated as command
line arguments. We can work around this by using an environment var to
pass the password to the script that needs to be run.

Conflicts:
        puppet/services/keystone.yaml

Change-Id: I03754206781bc8f62d143b2c541f594ca3207a0f
Closes-Bug: #1811005
(cherry picked from commit 068527d139)
This commit is contained in:
Alex Schultz 2019-11-04 17:01:04 -07:00
parent 674a79c7e8
commit 669f602604
1 changed files with 7 additions and 1 deletions

View File

@ -173,8 +173,14 @@ outputs:
start_order: 3 start_order: 3
action: exec action: exec
user: root user: root
# NOTE(mwhahaha): We use $$ because we're executing in python to
# call as shell script and passing the command to run as arguments
# to that shell script. So when it is called via eval, the escaped
# $ properly evaulates
command: command:
[ 'keystone', '/usr/bin/bootstrap_host_exec', 'keystone' ,'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ] [ 'keystone', '/usr/bin/bootstrap_host_exec', 'keystone' ,'keystone-manage', 'bootstrap', '--bootstrap-password', '$$KEYSTONE_BOOTSTRAP_PASSWORD' ]
environment:
KEYSTONE_BOOTSTRAP_PASSWORD: {get_param: AdminPassword}
keystone_cron: keystone_cron:
start_order: 4 start_order: 4
image: *keystone_image image: *keystone_image