Bug 1542342
| Summary: | [OSP 10] nova get-password returns blank line | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Rahul Chincholkar <rchincho> | ||||||
| Component: | openstack-nova | Assignee: | melanie witt <mwitt> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Archit Modi <amodi> | ||||||
| Severity: | high | Docs Contact: | |||||||
| Priority: | high | ||||||||
| Version: | 10.0 (Newton) | CC: | amodi, astupnik, berrange, dasmith, eglynn, kchamart, mwitt, pcaruana, sbauza, sferdjao, sgordon, srevivo, vromanso | ||||||
| Target Milestone: | z8 | Keywords: | Triaged, ZStream | ||||||
| Target Release: | 10.0 (Newton) | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | openstack-nova-14.1.0-16.el7 | Doc Type: | If docs needed, set a value | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | |||||||||
| : | 1558701 1558706 1558707 1561762 (view as bug list) | Environment: | |||||||
| Last Closed: | 2018-05-17 15:33:13 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 1558701, 1558706, 1561762 | ||||||||
| Attachments: |
|
||||||||
|
Description
Rahul Chincholkar
2018-02-06 06:27:53 UTC
Created attachment 1391843 [details]
Nova commands debug output
Hello, It turns out that this issue is reproducible at least in OSP10 and OSP11 environments. The picture is the same everywhere: - it is possible to change root password with ``nova set-password INSTANCE_UUID`` command - it is impossible to get updated password. I have checked different articles on the internet and it seems that they are outdated: - adminPass is not stored in DB anymore; - adminPass is not printed in the instance's logs; - SELinux no longer affects this feature; - there is no openstack analogs. It turns out that for some reason nova doesn't change admin password that is stored in metadata service during password update procedure anymore. But if you update this password manually, you will be able to get the password with ``nova get-password INSTANCE_UUID`` command. Please check the following output (I have used VM to change password in metadata service): [root@stup-test1 ~]# curl -s http://169.254.169.254/openstack/latest/password [root@stup-test1 ~]# [root@stup-test1 ~]# PASSWORD='123456'; curl -X POST http://169.254.169.254/openstack/latest/password -d $PASSWORD || true [root@stup-test1 ~]# [root@stup-test1 ~]# curl -s http://169.254.169.254/openstack/latest/password 123456[root@stup-test1 ~]# Result: [stack@undercloud-0 ~]$ nova get-password 6c923057-fd5c-4daa-ba63-7b7bd1eeb25d 123456 Created attachment 1393424 [details]
Nova logs from controller and nova config file
Thanks for all the detailed info. We had a look through the code and it looks like setting of the password in the metadata service for the libvirt driver is missing and has never been implemented (unlike the xen driver, which *does* set the password in the metadata service). So, we need to fix that for the libvirt driver. It looks like patch was merged in upstream master and was backported to upstream queens and pike releases. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:1595 |