Bug 964005

Summary: keystonerc_admin stored in /root requiring running OpenStack software as root user
Product: [Community] RDO Reporter: Steven Dake <sdake>
Component: openstack-packstackAssignee: Martin Magr <mmagr>
Status: CLOSED CURRENTRELEASE QA Contact: yeylon <yeylon>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: aortega, bsettle, derekh, mmagr, srevivo
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: openstack-packstack-2013.2.1-0.11.dev806.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-03-30 23:04:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Steven Dake 2013-05-17 02:53:18 UTC 
Description of problem:
The keystonerc_admin tool is stored in /root by packstack.  This requires running OpenStack software as the root user.  Further, it isn't possible to use the default ssh keys to create keys via nova
eg:
nova keypair-add --pub_key ~/.ssh/id_rsa.pub sdake_key
doesn't work.

Version-Release number of selected component (if applicable):
openstack-packstack-2013.1.1-0.5.dev538.el6.noarch.rpm   

How reproducible:
100%

Steps to Reproduce:
1. run packstack --allinone as specified in the quickstart guide on the RDO site
2. in order to use openstack, must run as root, eg sudo -i
3.
  
Actual results:
OpenStack services (like the nova command line) must be run as root.

Expected results:
OpenStack services should be runnable as the user that installed packstack.

Additional info:
One simple workaround is to copy the credentials eg:
[sdake@rhel64-packstack home]$ sudo cp /root/keystonerc_admin .

Note the /home directories on RHEL6.4 default to 700 so, at least in the
RHEL case, it should be secure to just store the packstack credentials
in the user directory that originated the packstack --allinone
operation.  Not all distributions behave in this way however.

This is a problem because packstack creates an ssh keypair in the user's
directory that installed OpenStack rather then /root - so adding a
keypair using the installer's key doesn't work and root users should not
be running OpenStack services.