yahoo-eng-team team mailing list archive

[Morgan Fainberg <morgan.fainberg@xxxxxxxxx>]

Mitaka is EOL

** Changed in: keystone/mitaka
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1588860

Title:
  keystone-manage bootstrap cannot recover admin account

Status in OpenStack Identity (keystone):
  Fix Released
Status in OpenStack Identity (keystone) mitaka series:
  Fix Released

Bug description:
  The keystone-manage bootstrap command is intended to supersede the
  admin_token middleware. However, one of the common use cases for the
  admin_token middleware was to provide a recovery mechanism for cloud
  operators that had accidentally disabled themselves or lost their
  password.

  However, even after attempting to "re-bootstrap" an existing admin
  with a known password (effectively performing a password reset), the
  admin is still not able to authenticate. The same is true if the admin
  was disabled.

  This was originally reported in #openstack-ansible by odyssey4me:

  [Fri 09:29] <odyssey4me> dolphm lbragstad is keystone-manage bootstrap meant to skip the bootstrap if there are already settings in place? what is the right way to fix up creds that are lost somehow for the keystone admin?
  [Fri 09:30] <dolphm> odyssey4me: bootstrap should be idempotent, but i don't think it'll change an admin's password if you specify something different
  [Fri 09:31] <odyssey4me> dolphm so the options are, I guess, to delete the admin account in the db or to use the auth_token middleware?

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1588860/+subscriptions