yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1758359] [NEW] nova set-password fails if password already set

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Remy van Elst <1758359@xxxxxxxxxxxxxxxxxx>
Date: Fri, 23 Mar 2018 15:02:42 -0000
Reply-to: Bug 1758359 <1758359@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Public bug reported:

If the nova password has been set, trying to set it again (with the
purpose of re-setting the password) fails. Both the nova set-password
command (couldn't find the counterpart in the openstack server help) as
posting the password from inside the instance.

This code seems to not have a retry, if the password is set it returns
an error

        if meta_data.password:
            raise exc.HTTPConflict()

https://github.com/openstack/nova/blob/master/nova/api/metadata/password.py#L65

I'm running libvirt with KVM/qemu on Ocata. This bug is not related:
https://bugs.launchpad.net/nova/+bug/1757061, that is the effect that
happens after a password set fails.

Could this be changed to allow password changing/resetting if a password
has already been set? For example by accepting an HTTP DELETE request or
allowing an empty password to trigger the reset? ('')

The api does have such an endpoint but it's admin-only by default:
https://developer.openstack.org/api-ref/compute/#clear-admin-password

** Affects: nova
     Importance: Undecided
         Status: New

** Description changed:

  If the nova password has been set, trying to set it again (with the
- purpose of re-setting the password) fails.
+ purpose of re-setting the password) fails. Both the nova set-password
+ command (couldn't find the counterpart in the openstack server help) as
+ posting the password from inside the instance.
  
  This code seems to not have a retry, if the password is set it returns
  an error
  
-         if meta_data.password:
-             raise exc.HTTPConflict()
+         if meta_data.password:
+             raise exc.HTTPConflict()
  
  https://github.com/openstack/nova/blob/master/nova/api/metadata/password.py#L65
  
  I'm running libvirt with KVM/qemu on Ocata. This bug is not related:
  https://bugs.launchpad.net/nova/+bug/1757061, that is the effect that
  happens after a password set fails.
  
  Could this be changed to allow password changing/resetting if a password
  has already been set? For example by accepting an HTTP DELETE request or
  allowing an empty password to trigger the reset? ('')

** Description changed:

  If the nova password has been set, trying to set it again (with the
  purpose of re-setting the password) fails. Both the nova set-password
  command (couldn't find the counterpart in the openstack server help) as
  posting the password from inside the instance.
  
  This code seems to not have a retry, if the password is set it returns
  an error
  
          if meta_data.password:
              raise exc.HTTPConflict()
  
  https://github.com/openstack/nova/blob/master/nova/api/metadata/password.py#L65
  
  I'm running libvirt with KVM/qemu on Ocata. This bug is not related:
  https://bugs.launchpad.net/nova/+bug/1757061, that is the effect that
  happens after a password set fails.
  
  Could this be changed to allow password changing/resetting if a password
  has already been set? For example by accepting an HTTP DELETE request or
  allowing an empty password to trigger the reset? ('')
+ 
+ The api does have such an endpoint but it's admin-only by default:
+ https://developer.openstack.org/api-ref/compute/#clear-admin-password

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1758359

Title:
  nova set-password fails if password already set

Status in OpenStack Compute (nova):
  New

Bug description:
  If the nova password has been set, trying to set it again (with the
  purpose of re-setting the password) fails. Both the nova set-password
  command (couldn't find the counterpart in the openstack server help)
  as posting the password from inside the instance.

  This code seems to not have a retry, if the password is set it returns
  an error

          if meta_data.password:
              raise exc.HTTPConflict()

  https://github.com/openstack/nova/blob/master/nova/api/metadata/password.py#L65

  I'm running libvirt with KVM/qemu on Ocata. This bug is not related:
  https://bugs.launchpad.net/nova/+bug/1757061, that is the effect that
  happens after a password set fails.

  Could this be changed to allow password changing/resetting if a
  password has already been set? For example by accepting an HTTP DELETE
  request or allowing an empty password to trigger the reset? ('')

  The api does have such an endpoint but it's admin-only by default:
  https://developer.openstack.org/api-ref/compute/#clear-admin-password

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1758359/+subscriptions
Follow ups

[Bug 1758359] Re: nova set-password fails if password already set
From: Matt Riedemann, 2018-03-27