Bug 964005 - keystonerc_admin stored in /root requiring running OpenStack software as root user
keystonerc_admin stored in /root requiring running OpenStack software as root...
Status: CLOSED CURRENTRELEASE
Product: RDO
Classification: Community
Component: openstack-packstack (Show other bugs)
unspecified
x86_64 Linux
unspecified Severity unspecified
: ---
: ---
Assigned To: Martin Magr
yeylon@redhat.com
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-05-16 22:53 EDT by Steven Dake
Modified: 2016-04-26 23:39 EDT (History)
5 users (show)

See Also:
Fixed In Version: openstack-packstack-2013.2.1-0.11.dev806.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-03-30 19:04:02 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
OpenStack gerrit 48473 None None None Never

  None (edit)
Description Steven Dake 2013-05-16 22:53:18 EDT
Description of problem:
The keystonerc_admin tool is stored in /root by packstack.  This requires running OpenStack software as the root user.  Further, it isn't possible to use the default ssh keys to create keys via nova
eg:
nova keypair-add --pub_key ~/.ssh/id_rsa.pub sdake_key
doesn't work.

Version-Release number of selected component (if applicable):
openstack-packstack-2013.1.1-0.5.dev538.el6.noarch.rpm   

How reproducible:
100%

Steps to Reproduce:
1. run packstack --allinone as specified in the quickstart guide on the RDO site
2. in order to use openstack, must run as root, eg sudo -i
3.
  
Actual results:
OpenStack services (like the nova command line) must be run as root.

Expected results:
OpenStack services should be runnable as the user that installed packstack.

Additional info:
One simple workaround is to copy the credentials eg:
[sdake@rhel64-packstack home]$ sudo cp /root/keystonerc_admin .

Note the /home directories on RHEL6.4 default to 700 so, at least in the
RHEL case, it should be secure to just store the packstack credentials
in the user directory that originated the packstack --allinone
operation.  Not all distributions behave in this way however.

This is a problem because packstack creates an ssh keypair in the user's
directory that installed OpenStack rather then /root - so adding a
keypair using the installer's key doesn't work and root users should not
be running OpenStack services.

Note You need to log in before you can comment on or make changes to this bug.