diff --git a/devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/build_srpm.data b/devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/build_srpm.data index 024e3e138..8429863c3 100644 --- a/devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/build_srpm.data +++ b/devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/build_srpm.data @@ -1 +1 @@ -TIS_PATCH_VER=5 +TIS_PATCH_VER=6 diff --git a/devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/meta_patches/0005-escape-special-characters-in-bootstrap.patch b/devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/meta_patches/0005-escape-special-characters-in-bootstrap.patch new file mode 100644 index 000000000..a2cc29b5b --- /dev/null +++ b/devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/meta_patches/0005-escape-special-characters-in-bootstrap.patch @@ -0,0 +1,33 @@ +From f3282651cd75697bbf7be3a07c1093c03964b5e1 Mon Sep 17 00:00:00 2001 +From: Kam Nasim +Date: Mon, 2 Apr 2018 16:20:52 -0400 +Subject: [PATCH] meta patch for + 0004-escape-special-characters-in-bootstrap.patch + +--- + SPECS/puppet-keystone.spec | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/SPECS/puppet-keystone.spec b/SPECS/puppet-keystone.spec +index 36cf461..301002a 100644 +--- a/SPECS/puppet-keystone.spec ++++ b/SPECS/puppet-keystone.spec +@@ -13,6 +13,7 @@ Source0: https://tarballs.openstack.org/%{name}/%{name}-%{upstream_versio + Patch0001: 0001-pike-rebase-squash-titanium-patches.patch + Patch0002: 0002-remove-the-Keystone-admin-app.patch + Patch0003: 0003-remove-eventlet_bindhost-from-Keystoneconf.patch ++Patch0004: 0004-escape-special-characters-in-bootstrap.patch + + BuildArch: noarch + +@@ -33,6 +34,7 @@ Puppet module for OpenStack Keystone + %patch0001 -p1 + %patch0002 -p1 + %patch0003 -p1 ++%patch0004 -p1 + + find . -type f -name ".*" -exec rm {} + + find . -size 0 -exec rm {} + +-- +1.8.3.1 + diff --git a/devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/meta_patches/PATCH_ORDER b/devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/meta_patches/PATCH_ORDER index 631c6da41..10c69992f 100644 --- a/devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/meta_patches/PATCH_ORDER +++ b/devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/meta_patches/PATCH_ORDER @@ -2,3 +2,4 @@ 0002-squash-titanium-patches.patch 0003-remove-the-keystone-admin-app.patch 0004-remove-eventlet_and_bindhost-from-keystoneconf.patch +0005-escape-special-characters-in-bootstrap.patch diff --git a/devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/patches/0004-escape-special-characters-in-bootstrap.patch b/devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/patches/0004-escape-special-characters-in-bootstrap.patch new file mode 100644 index 000000000..edb52431f --- /dev/null +++ b/devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/patches/0004-escape-special-characters-in-bootstrap.patch @@ -0,0 +1,39 @@ +From 70d22113cc8d58b6546cb4917c27f9aae51787c5 Mon Sep 17 00:00:00 2001 +From: Kam Nasim +Date: Mon, 2 Apr 2018 16:13:31 -0400 +Subject: [PATCH] CGTS-9320: config_controller fails when admin pw containing $ + +Escape special characters when executing the keystone-manage bootstrap +command since the keystone CLI argparse will parse "Madawa$ka1" as +"Madawa" which will cause the Keystone ADMIN acct to be created with an +incorrect password. Puppet will detect this and attempt to course +correct by sending an UPDATE User request to Keystone, which does set +the right password but causes other failures in config_controller +--- + manifests/init.pp | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/manifests/init.pp b/manifests/init.pp +index d64638c..89af303 100644 +--- a/manifests/init.pp ++++ b/manifests/init.pp +@@ -1292,10 +1292,15 @@ running as a standalone service, or httpd for being run by a httpd server") + } + + if $enable_bootstrap { ++ #(NOTE: knasim-wrs): escape special characters in the password otherwise the ++ # keyword-manage bootstrap CLI may parse the password incorrectly, causing ++ # the admin account to be created with an incorrect password ++ $admin_password_escaped = shell_escape($admin_password_real) ++ + # this requires the database to be up and running and configured + # and is only run once, so we don't need to notify the service + exec { 'keystone-manage bootstrap': +- command => "keystone-manage bootstrap --bootstrap-password ${admin_password_real}", ++ command => "keystone-manage bootstrap --bootstrap-password ${admin_password_escaped}", + user => $keystone_user, + path => '/usr/bin', + refreshonly => true, +-- +1.8.3.1 +