Bug 1028619

Summary: Neutron Networker host group inherits admin_password from params.pp instead of password generated in FOreman
Product: Red Hat OpenStack Reporter: jliberma <jliberma>
Component: openstack-foreman-installerAssignee: Crag Wolfe <cwolfe>
Status: CLOSED ERRATA QA Contact: Ofer Blaut <oblaut>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.0CC: bholden, breeler, cwolfe, hateya, jguiditt, mlopes, morazi, rhos-maint, yeylon
Target Milestone: rcKeywords: OtherQA
Target Release: 4.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-foreman-installer-0.0.23-1.el6ost Doc Type: Bug Fix
Doc Text:
Previously, the Networking QuickStack manifest did not parameterise the Networking user password. As a result, a value from QuickStack's params.pp was configured in 'neutron.conf'. With this fix, the Neutron Networker manifest includes a '$neutron_user_password' parameter that can be overridden in the Neutron Networker Host Group. The Networking user password is now configurable in the Neutron Networker Host Group, and subsequently written to 'neutron.conf' on a Neutron Networker node.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-20 00:34:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description jliberma@redhat.com 2013-11-08 21:27:29 UTC 
Description of problem: Foreman deployed Neutron Networker host group does not use correct neutron admin password in /etc/neutron/neutron.conf. The Controller and Compute host groups use correct password. This host group inherits CHANGEME from params.pp. This causes nova boot commands to fail as instances cannot attach to network.

Version-Release number of selected component (if applicable):
10-28.2 openstack release
openstack-foreman-installer-0.0.21-1

How reproducible:
Every time

Steps to Reproduce:
1. Install Foreman installer
2. Install Neutron Controller node
3. Install Neutron Networker node
4. Install Neutron Compute node(s)
5. Compare admin_passwd in /etc/neutron/neutron.conf on all nodes.

Actual results:
admin_password = CHANGEME on networker

Expected results:
admin_password = same as compute and controller

Additional info:
I get Neutron client authentication errors when I attempt to launch an instance but correcting this password and restarting the services does not resolve it.
Comment 2 Crag Wolfe 2013-11-27 08:37:41 UTC 
This should get fixed with https://github.com/redhat-openstack/astapor/pull/59 .  To test, I overrode the neutron_user_password parameter in the neutron controller, compute and networker host groups, then spot checked that /etc/neutron/neutron.conf were consistent across the three associated host, e.g.:

$ grep admin_ /etc/neutron/neutron.conf
# admin_tenant_name = %SERVICE_TENANT_NAME%
admin_tenant_name = services
# admin_user = %SERVICE_USER%
admin_user = neutron
# admin_password = %SERVICE_PASSWORD%
admin_password = realdeal

Also relevant: the already merged https://github.com/redhat-openstack/astapor/pull/53 .  Between the 2 PR's, we are handling neutron_config (/etc/neutron/neutron.con) exactly the same for the compute.pp and networker.pp manifests.
Comment 7 errata-xmlrpc 2013-12-20 00:34:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2013-1859.html