911459 – Relying on a file in /tmp for storing and retrieving authtoken is not reliable.

Bug 911459 - Relying on a file in /tmp for storing and retrieving authtoken is not reliable.

Summary: Relying on a file in /tmp for storing and retrieving authtoken is not reliable.

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	doc-Getting_Started_Guide
Sub Component:
Version:	2.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	2.1
Assignee:	Stephen Gordon
QA Contact:	ecs-bugs
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	955775 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-02-15 05:02 UTC by Bruce Reeler
Modified:	2014-10-30 22:29 UTC (History)
CC List:	4 users (show)
Fixed In Version:	Red_Hat_OpenStack-Getting_Started_Guide-2-en-US-1.0-31.el6eng
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-06-28 14:42:02 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Bruce Reeler 2013-02-15 05:02:00 UTC

Extracted this into a new bug from BZ876763.
This may no longer be a bug, because Sunil T tried the changed instructions and they did not work, so I have replaced getting the password from a file, e.g.
 $ sudo openstack-config --set /etc/glance/glance-api.conf \
       keystone_authtoken admin_password $(cat /tmp/ks_admin_token)

with a directly enterd password, e.g. 
 $ sudo openstack-config --set /etc/glance/glance-api.conf \
   keystone_authtoken admin_password secret

Description of problem:

But for completeness, here is Steve G's suggestion, Comment 5 in BZ876763:
Looking at these [instructions] it also looks like we're very reliant on the fact that:
a) The user read and followed the directions for configuring Keystone first (reasonable).
b) The file in /tmp they created in that procedure is still around (not so reasonable).

I think it would be preferable to, in each procedure where it is required, add a step advising the user to retrieve the token from /etc/keystone/keystone.conf.

Unfortunately openstack-config doesn't provide a --get option so it looks like the only way to do this at the moment is manually.

$ grep "admin_token = " /etc/keystone/keystone.conf 
# admin_token = ADMIN
admin_token = 06c09b8b1f874cb88ffa3194ef40adec

Version-Release number of selected component (if applicable):
2.0

Comment 3 Stephen Gordon 2013-04-16 19:10:03 UTC

commit f4c1c7536e7d82e9ab4cf9632a7488b2ebeffbd9
Author: Stephen Gordon <sgordon>
Date:   Tue Apr 16 15:06:49 2013 -0400

    BZ#911459 - Cleaned up unnecessary usage of /tmp/
    
    Multiple instances where /tmp/ was being unnecessarily or
    insecurely removed/modified. Additionally packstack log location
    updated to match location where log is actually stored.
    
    Change-Id: Ib0fc7e37a0b94044da51a105870918a3dc37dc78

Comment 4 Kurt Seifried 2013-04-23 19:08:37 UTC

*** Bug 955775 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.