From 068527d139b4b521782873fdd97ac46cb10b0885 Mon Sep 17 00:00:00 2001
From: Alex Schultz <aschultz@redhat.com>
Date: Mon, 4 Nov 2019 17:01:04 -0700
Subject: [PATCH] Move bootstrap password to an environment var

Currently if you try to use a space in the keystone password, the
bootstrap process fails due to the password being evaulated as command
line arguments. We can work around this by using an environment var to
pass the password to the script that needs to be run.

Change-Id: I03754206781bc8f62d143b2c541f594ca3207a0f
Closes-Bug: #1811005
---
 deployment/keystone/keystone-container-puppet.yaml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/deployment/keystone/keystone-container-puppet.yaml b/deployment/keystone/keystone-container-puppet.yaml
index f060d06aae..42cb8f4121 100644
--- a/deployment/keystone/keystone-container-puppet.yaml
+++ b/deployment/keystone/keystone-container-puppet.yaml
@@ -673,10 +673,15 @@ outputs:
             start_order: 3
             action: exec
             user: root
+            # NOTE(mwhahaha): We use $$ because we're executing in python to
+            # call as shell script and passing the command to run as arguments
+            # to that shell script. So when it is called via eval, the escaped
+            # $ properly evaulates
             command:
-              [ 'keystone', '/usr/bin/bootstrap_host_exec', 'keystone' ,'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ]
+              [ 'keystone', '/usr/bin/bootstrap_host_exec', 'keystone' ,'keystone-manage', 'bootstrap', '--bootstrap-password', '$$KEYSTONE_BOOTSTRAP_PASSWORD' ]
             environment:
               KOLLA_BOOTSTRAP: true
+              KEYSTONE_BOOTSTRAP_PASSWORD: {get_param: AdminPassword}
         step_4:
           # There are cases where we need to refresh keystone after the resource provisioning,
           # such as the case of using LDAP backends for domains. So we trigger a graceful