[openstack-dev] Keystone sample_data.sh bug 1166182 fix request for comments

Hyerle, Robert hyerle at hp.com
Mon Apr 22 20:59:30 UTC 2013


No, I've not done the patch yet (forthcoming and depending on further comment).

The "gentle reminder" is from the previous version and in the bug report<https://bugs.launchpad.net/keystone/+bug/1166182>:

# Please set these, they are ONLY SAMPLE PASSWORDS!
ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
if [[ "$ADMIN_PASSWORD" == "secrete" ]]; then
    echo "The default admin password has been detected. Please consider"
    echo "setting an actual password in environment variable ADMIN_PASSWORD"
fi
SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD}
if [[ "$SERVICE_PASSWORD" == "$ADMIN_PASSWORD" ]]; then
    echo "The default service password has been detected. Please consider"
    echo "setting an actual password in environment variable SERVICE_PASSWORD"
fi

From: Dolph Mathews [mailto:dolph.mathews at gmail.com]
Sent: Monday, April 22, 2013 10:11 AM
To: OpenStack Development Mailing List
Subject: Re: [openstack-dev] Keystone sample_data.sh bug 1166182 fix request for comments

Sounds good, is there a patch up somewhere? If there is, it's not linked to launchpad.

Is this not the "gentle suggestion" you are referring to? https://github.com/openstack/keystone/blob/master/tools/sample_data.sh#L66


-Dolph

On Sun, Apr 21, 2013 at 10:09 AM, Hyerle, Robert <hyerle at hp.com<mailto:hyerle at hp.com>> wrote:
I've taken https://bugs.launchpad.net/keystone/+bug/1166182, and the proposed fix in the bug report seems quite reasonable: returns script<https://github.com/openstack/keystone/blob/master/tools/sample_data.sh> to functionality from previous versions (and before application of https://bugs.launchpad.net/keystone/+bug/1073291) allowing environment variables to override the admin password used as an example in the install and deploy docs<http://docs.openstack.org/trunk/openstack-compute/install/yum/content/setting-up-tenants-users-and-roles-manually.html>. The fix will not break the work done for 1073291, bringing the script into compliance with the installation docs.

Previous versions of the script provided a gentle suggestion that the default password should be changed in a production environment and the fix to 1073291 removed this warning along with removing the override feature.  I propose adding this warning back, but welcome other suggestions.

-- robert/ranger6

_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org<mailto:OpenStack-dev at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130422/7142c364/attachment.html>


More information about the OpenStack-dev mailing list