Merge "Update puppet-keystone to handle $ in admin password"

This commit is contained in:
Zuul 2018-06-27 20:40:59 +00:00 committed by Gerrit Code Review
commit e51e090e1e
4 changed files with 74 additions and 1 deletions

View File

@ -1 +1 @@
TIS_PATCH_VER=5 TIS_PATCH_VER=6

View File

@ -0,0 +1,33 @@
From f3282651cd75697bbf7be3a07c1093c03964b5e1 Mon Sep 17 00:00:00 2001
From: Kam Nasim <kam.nasim@windriver.com>
Date: Mon, 2 Apr 2018 16:20:52 -0400
Subject: [PATCH] meta patch for
0004-escape-special-characters-in-bootstrap.patch
---
SPECS/puppet-keystone.spec | 2 ++
1 file changed, 2 insertions(+)
diff --git a/SPECS/puppet-keystone.spec b/SPECS/puppet-keystone.spec
index 36cf461..301002a 100644
--- a/SPECS/puppet-keystone.spec
+++ b/SPECS/puppet-keystone.spec
@@ -13,6 +13,7 @@ Source0: https://tarballs.openstack.org/%{name}/%{name}-%{upstream_versio
Patch0001: 0001-pike-rebase-squash-titanium-patches.patch
Patch0002: 0002-remove-the-Keystone-admin-app.patch
Patch0003: 0003-remove-eventlet_bindhost-from-Keystoneconf.patch
+Patch0004: 0004-escape-special-characters-in-bootstrap.patch
BuildArch: noarch
@@ -33,6 +34,7 @@ Puppet module for OpenStack Keystone
%patch0001 -p1
%patch0002 -p1
%patch0003 -p1
+%patch0004 -p1
find . -type f -name ".*" -exec rm {} +
find . -size 0 -exec rm {} +
--
1.8.3.1

View File

@ -2,3 +2,4 @@
0002-squash-titanium-patches.patch 0002-squash-titanium-patches.patch
0003-remove-the-keystone-admin-app.patch 0003-remove-the-keystone-admin-app.patch
0004-remove-eventlet_and_bindhost-from-keystoneconf.patch 0004-remove-eventlet_and_bindhost-from-keystoneconf.patch
0005-escape-special-characters-in-bootstrap.patch

View File

@ -0,0 +1,39 @@
From 70d22113cc8d58b6546cb4917c27f9aae51787c5 Mon Sep 17 00:00:00 2001
From: Kam Nasim <kam.nasim@windriver.com>
Date: Mon, 2 Apr 2018 16:13:31 -0400
Subject: [PATCH] CGTS-9320: config_controller fails when admin pw containing $
Escape special characters when executing the keystone-manage bootstrap
command since the keystone CLI argparse will parse "Madawa$ka1" as
"Madawa" which will cause the Keystone ADMIN acct to be created with an
incorrect password. Puppet will detect this and attempt to course
correct by sending an UPDATE User request to Keystone, which does set
the right password but causes other failures in config_controller
---
manifests/init.pp | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/manifests/init.pp b/manifests/init.pp
index d64638c..89af303 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1292,10 +1292,15 @@ running as a standalone service, or httpd for being run by a httpd server")
}
if $enable_bootstrap {
+ #(NOTE: knasim-wrs): escape special characters in the password otherwise the
+ # keyword-manage bootstrap CLI may parse the password incorrectly, causing
+ # the admin account to be created with an incorrect password
+ $admin_password_escaped = shell_escape($admin_password_real)
+
# this requires the database to be up and running and configured
# and is only run once, so we don't need to notify the service
exec { 'keystone-manage bootstrap':
- command => "keystone-manage bootstrap --bootstrap-password ${admin_password_real}",
+ command => "keystone-manage bootstrap --bootstrap-password ${admin_password_escaped}",
user => $keystone_user,
path => '/usr/bin',
refreshonly => true,
--
1.8.3.1