Description of problem: I used `nova set-password` to set root password. Password has been set for root user, I could login with the root user with that password. But when I try to execute `nova get-password`, It always returns a blank like. I have attached the debug output of following commands: # nova --debug set-password rhel2 # nova --debug get-password rhel2 # nova --debug get-password rhel2 my_key.pem Version-Release number of selected component (if applicable): Red Hat Openstack Platform 10 (Packstack Environment) How reproducible: Always
Created attachment 1391843 [details] Nova commands debug output
Hello, It turns out that this issue is reproducible at least in OSP10 and OSP11 environments. The picture is the same everywhere: - it is possible to change root password with ``nova set-password INSTANCE_UUID`` command - it is impossible to get updated password. I have checked different articles on the internet and it seems that they are outdated: - adminPass is not stored in DB anymore; - adminPass is not printed in the instance's logs; - SELinux no longer affects this feature; - there is no openstack analogs. It turns out that for some reason nova doesn't change admin password that is stored in metadata service during password update procedure anymore. But if you update this password manually, you will be able to get the password with ``nova get-password INSTANCE_UUID`` command. Please check the following output (I have used VM to change password in metadata service): [root@stup-test1 ~]# curl -s http://169.254.169.254/openstack/latest/password [root@stup-test1 ~]# [root@stup-test1 ~]# PASSWORD='123456'; curl -X POST http://169.254.169.254/openstack/latest/password -d $PASSWORD || true [root@stup-test1 ~]# [root@stup-test1 ~]# curl -s http://169.254.169.254/openstack/latest/password 123456[root@stup-test1 ~]# Result: [stack@undercloud-0 ~]$ nova get-password 6c923057-fd5c-4daa-ba63-7b7bd1eeb25d 123456
Created attachment 1393424 [details] Nova logs from controller and nova config file
Thanks for all the detailed info. We had a look through the code and it looks like setting of the password in the metadata service for the libvirt driver is missing and has never been implemented (unlike the xen driver, which *does* set the password in the metadata service). So, we need to fix that for the libvirt driver.
It looks like patch was merged in upstream master and was backported to upstream queens and pike releases.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:1595