*********************** Description of problem: *********************** password_expire option in keystone.conf works on the undercloud and not on the overcloud. A bug has been opened upstream - https://bugs.launchpad.net/keystone/+bug/1715684 ************************************************************* Version-Release number of selected component (if applicable): ************************************************************* openstack-keystone.noarch 1:12.0.1-0.20170830123737.6a67918.el7ost puppet-keystone.noarch 11.3.1-0.20170829134651.131b8d8.el7ost python-keystone.noarch 1:12.0.1-0.20170830123737.6a67918.el7ost python-keystoneauth1.noarch 3.1.0-0.20170811112938.81363ec.el7ost python-keystoneclient.noarch 1:3.13.0-0.20170811140641.a8de72a.el7ost python-keystonemiddleware.noarch 4.17.0-0.20170821160714.4a72cd6.el7ost ***************** How reproducible: ***************** Always ******************* Steps to Reproduce: ******************* Set password_regex to the pattern below (Note that this pattern is from the note section in keystone.conf above 'password_regex' - pattern for at least 1 letter, 1 digit, and have a minimum length of 7 characters) 1) $ sudo grep "password_regex" /etc/keystone/keystone.conf password_regex = ^(?=.*\d)(?=.*[a-zA-Z]).{7,}$ 2) Restart httpd $ sudo service httpd restart 3) $ openstack user create --password-prompt panbalag User Password:a Repeat User Password:a +----------+----------------------------------+ | Field | Value | +----------+----------------------------------+ | email | None | | enabled | True | | id | 12665ec14f73478fa7acc74271f119bd | | name | panbalag | | options | {} | | username | panbalag | +----------+----------------------------------+ *************** Actual results: *************** User created successfully ***************** Expected results: ***************** "The password does not match the requirements: None. (HTTP 400)"
Works as expected after changing the keystone.conf file in the correct location (as it is a containerized deployment) (overcloud) [heat-admin@controller-0 ~]$ openstack user create --project members --password-prompt user3 User Password: Repeat User Password: The passwords entered were not the same User Password: Repeat User Password: The password does not match the requirements: None. (HTTP 400) (Request-ID: req-8ee9bf87-76ef-4788-b6af-5dbba53e43a8)