Red Hat Bugzilla – Bug 964005
keystonerc_admin stored in /root requiring running OpenStack software as root user
Last modified: 2016-04-26 23:39:28 EDT
Description of problem:
The keystonerc_admin tool is stored in /root by packstack. This requires running OpenStack software as the root user. Further, it isn't possible to use the default ssh keys to create keys via nova
nova keypair-add --pub_key ~/.ssh/id_rsa.pub sdake_key
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. run packstack --allinone as specified in the quickstart guide on the RDO site
2. in order to use openstack, must run as root, eg sudo -i
OpenStack services (like the nova command line) must be run as root.
OpenStack services should be runnable as the user that installed packstack.
One simple workaround is to copy the credentials eg:
[sdake@rhel64-packstack home]$ sudo cp /root/keystonerc_admin .
Note the /home directories on RHEL6.4 default to 700 so, at least in the
RHEL case, it should be secure to just store the packstack credentials
in the user directory that originated the packstack --allinone
operation. Not all distributions behave in this way however.
This is a problem because packstack creates an ssh keypair in the user's
directory that installed OpenStack rather then /root - so adding a
keypair using the installer's key doesn't work and root users should not
be running OpenStack services.