Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 911459

Summary: Relying on a file in /tmp for storing and retrieving authtoken is not reliable.
Product: Red Hat OpenStack Reporter: Bruce Reeler <breeler>
Component: doc-Getting_Started_GuideAssignee: Stephen Gordon <sgordon>
Status: CLOSED CURRENTRELEASE QA Contact: ecs-bugs
Severity: high Docs Contact:
Priority: high    
Version: 2.1CC: breeler, kseifried, rlandman, sgordon
Target Milestone: ---Keywords: Documentation, Triaged
Target Release: 2.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Red_Hat_OpenStack-Getting_Started_Guide-2-en-US-1.0-31.el6eng Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-06-28 14:42:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Bruce Reeler 2013-02-15 05:02:00 UTC 
Extracted this into a new bug from BZ876763.
This may no longer be a bug, because Sunil T tried the changed instructions and they did not work, so I have replaced getting the password from a file, e.g.
 $ sudo openstack-config --set /etc/glance/glance-api.conf \
       keystone_authtoken admin_password $(cat /tmp/ks_admin_token)

with a directly enterd password, e.g. 
 $ sudo openstack-config --set /etc/glance/glance-api.conf \
   keystone_authtoken admin_password secret

Description of problem:

But for completeness, here is Steve G's suggestion, Comment 5 in BZ876763:
Looking at these [instructions] it also looks like we're very reliant on the fact that:
a) The user read and followed the directions for configuring Keystone first (reasonable).
b) The file in /tmp they created in that procedure is still around (not so reasonable).

I think it would be preferable to, in each procedure where it is required, add a step advising the user to retrieve the token from /etc/keystone/keystone.conf.

Unfortunately openstack-config doesn't provide a --get option so it looks like the only way to do this at the moment is manually.

$ grep "admin_token = " /etc/keystone/keystone.conf 
# admin_token = ADMIN
admin_token = 06c09b8b1f874cb88ffa3194ef40adec

Version-Release number of selected component (if applicable):
2.0
Comment 3 Stephen Gordon 2013-04-16 19:10:03 UTC 
commit f4c1c7536e7d82e9ab4cf9632a7488b2ebeffbd9
Author: Stephen Gordon <sgordon>
Date:   Tue Apr 16 15:06:49 2013 -0400

    BZ#911459 - Cleaned up unnecessary usage of /tmp/
    
    Multiple instances where /tmp/ was being unnecessarily or
    insecurely removed/modified. Additionally packstack log location
    updated to match location where log is actually stored.
    
    Change-Id: Ib0fc7e37a0b94044da51a105870918a3dc37dc78
Comment 4 Kurt Seifried 2013-04-23 19:08:37 UTC 
*** Bug 955775 has been marked as a duplicate of this bug. ***