From 471995bc3e14f6ccccdd250659dcfe7da32931e7 Mon Sep 17 00:00:00 2001 From: Kam Nasim Date: Mon, 2 Apr 2018 17:52:20 -0400 Subject: [PATCH] Update puppet-keystone to handle $ in admin password Escape special characters when executing the keystone-manage bootstrap command since the keystone CLI argparse will parse "Madawa$ka1" as "Madawa" which will cause the Keystone ADMIN acct to be created with an incorrect password. Puppet will detect this and attempt to course correct by sending the UPDATE User request to Keystone, which does set the right password but causes other failures in later manifests. Change-Id: I407c6fdde8db01e8d2da0d8e8777667f97164076 Signed-off-by: Don Penney --- .../centos/build_srpm.data | 2 +- ...cape-special-characters-in-bootstrap.patch | 33 ++++++++++++++++ .../centos/meta_patches/PATCH_ORDER | 1 + ...cape-special-characters-in-bootstrap.patch | 39 +++++++++++++++++++ 4 files changed, 74 insertions(+), 1 deletion(-) create mode 100644 devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/meta_patches/0005-escape-special-characters-in-bootstrap.patch create mode 100644 devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/patches/0004-escape-special-characters-in-bootstrap.patch diff --git a/devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/build_srpm.data b/devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/build_srpm.data index 024e3e138..8429863c3 100644 --- a/devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/build_srpm.data +++ b/devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/build_srpm.data @@ -1 +1 @@ -TIS_PATCH_VER=5 +TIS_PATCH_VER=6 diff --git a/devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/meta_patches/0005-escape-special-characters-in-bootstrap.patch b/devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/meta_patches/0005-escape-special-characters-in-bootstrap.patch new file mode 100644 index 000000000..a2cc29b5b --- /dev/null +++ b/devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/meta_patches/0005-escape-special-characters-in-bootstrap.patch @@ -0,0 +1,33 @@ +From f3282651cd75697bbf7be3a07c1093c03964b5e1 Mon Sep 17 00:00:00 2001 +From: Kam Nasim +Date: Mon, 2 Apr 2018 16:20:52 -0400 +Subject: [PATCH] meta patch for + 0004-escape-special-characters-in-bootstrap.patch + +--- + SPECS/puppet-keystone.spec | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/SPECS/puppet-keystone.spec b/SPECS/puppet-keystone.spec +index 36cf461..301002a 100644 +--- a/SPECS/puppet-keystone.spec ++++ b/SPECS/puppet-keystone.spec +@@ -13,6 +13,7 @@ Source0: https://tarballs.openstack.org/%{name}/%{name}-%{upstream_versio + Patch0001: 0001-pike-rebase-squash-titanium-patches.patch + Patch0002: 0002-remove-the-Keystone-admin-app.patch + Patch0003: 0003-remove-eventlet_bindhost-from-Keystoneconf.patch ++Patch0004: 0004-escape-special-characters-in-bootstrap.patch + + BuildArch: noarch + +@@ -33,6 +34,7 @@ Puppet module for OpenStack Keystone + %patch0001 -p1 + %patch0002 -p1 + %patch0003 -p1 ++%patch0004 -p1 + + find . -type f -name ".*" -exec rm {} + + find . -size 0 -exec rm {} + +-- +1.8.3.1 + diff --git a/devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/meta_patches/PATCH_ORDER b/devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/meta_patches/PATCH_ORDER index 631c6da41..10c69992f 100644 --- a/devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/meta_patches/PATCH_ORDER +++ b/devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/meta_patches/PATCH_ORDER @@ -2,3 +2,4 @@ 0002-squash-titanium-patches.patch 0003-remove-the-keystone-admin-app.patch 0004-remove-eventlet_and_bindhost-from-keystoneconf.patch +0005-escape-special-characters-in-bootstrap.patch diff --git a/devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/patches/0004-escape-special-characters-in-bootstrap.patch b/devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/patches/0004-escape-special-characters-in-bootstrap.patch new file mode 100644 index 000000000..edb52431f --- /dev/null +++ b/devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/patches/0004-escape-special-characters-in-bootstrap.patch @@ -0,0 +1,39 @@ +From 70d22113cc8d58b6546cb4917c27f9aae51787c5 Mon Sep 17 00:00:00 2001 +From: Kam Nasim +Date: Mon, 2 Apr 2018 16:13:31 -0400 +Subject: [PATCH] CGTS-9320: config_controller fails when admin pw containing $ + +Escape special characters when executing the keystone-manage bootstrap +command since the keystone CLI argparse will parse "Madawa$ka1" as +"Madawa" which will cause the Keystone ADMIN acct to be created with an +incorrect password. Puppet will detect this and attempt to course +correct by sending an UPDATE User request to Keystone, which does set +the right password but causes other failures in config_controller +--- + manifests/init.pp | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/manifests/init.pp b/manifests/init.pp +index d64638c..89af303 100644 +--- a/manifests/init.pp ++++ b/manifests/init.pp +@@ -1292,10 +1292,15 @@ running as a standalone service, or httpd for being run by a httpd server") + } + + if $enable_bootstrap { ++ #(NOTE: knasim-wrs): escape special characters in the password otherwise the ++ # keyword-manage bootstrap CLI may parse the password incorrectly, causing ++ # the admin account to be created with an incorrect password ++ $admin_password_escaped = shell_escape($admin_password_real) ++ + # this requires the database to be up and running and configured + # and is only run once, so we don't need to notify the service + exec { 'keystone-manage bootstrap': +- command => "keystone-manage bootstrap --bootstrap-password ${admin_password_real}", ++ command => "keystone-manage bootstrap --bootstrap-password ${admin_password_escaped}", + user => $keystone_user, + path => '/usr/bin', + refreshonly => true, +-- +1.8.3.1 +