)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"14a7d0b0580fc1bf13fee47bf9a6af8d9dbaa147","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"bc2a8794_45771e78","updated":"2023-12-12 16:00:50.000000000","message":"LGTM but I would like to improve the wording in the reno a bit, as I personally found it confusing. I added an example which might be a little more clear.","commit_id":"e901ae1ababe3fa28f31c6892daf60280136c355"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"2e5090a3467b5ed1bad4047455a87d235312fee7","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"8a2c5b81_b3bb5c18","updated":"2023-12-13 11:52:06.000000000","message":"thanks for updating the release notes, it\u0027s much more clear to me now!\nonly a few minor whitespace issues where found, almost there.","commit_id":"92ca97a2070fbcc6f66540b459d1a009ccbd8c20"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"5152924e52a34815bda61b8b1ce724c9be7638e8","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"326abada_11560a74","updated":"2024-01-30 09:02:15.000000000","message":"thx","commit_id":"ffd6e3bf329f59318317fba624bc7b1a88f3f7bb"}],"ansible/roles/magnum/defaults/main.yml":[{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"6ad7fc19dcd668824784822aaa60d8a0699b0b0a","unresolved":true,"context_lines":[{"line_number":147,"context_line":"# Whether or not to update the magnum keystone user password."},{"line_number":148,"context_line":"# \u0027on_create\u0027 will only set the password for newly created users."},{"line_number":149,"context_line":"# \u0027always\u0027 will re-apply the password from passwords.yml on every invocation."},{"line_number":150,"context_line":"magnum_update_keystone_password: \"always\""},{"line_number":151,"context_line":""},{"line_number":152,"context_line":"openstack_magnum_auth: \"{{ openstack_auth }}\""},{"line_number":153,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":4,"id":"faee01c1_37af5fad","line":150,"updated":"2023-12-22 11:55:53.000000000","message":"I don\u0027t really know how magnum works, but it seems strange that we need a special case just for this tiny usecase. Is there a strong reason that this cannot simply use the global variable?","commit_id":"5e44ff672ba3933e894c7d8ccf7852ba2d7e66d2"},{"author":{"_account_id":35264,"name":"Alex Welsh","email":"alex@stackhpc.com","username":"alex-welsh"},"change_message_id":"354b96f56c2d2826c2cb573fd7a34ebe36fa22ca","unresolved":false,"context_lines":[{"line_number":147,"context_line":"# Whether or not to update the magnum keystone user password."},{"line_number":148,"context_line":"# \u0027on_create\u0027 will only set the password for newly created users."},{"line_number":149,"context_line":"# \u0027always\u0027 will re-apply the password from passwords.yml on every invocation."},{"line_number":150,"context_line":"magnum_update_keystone_password: \"always\""},{"line_number":151,"context_line":""},{"line_number":152,"context_line":"openstack_magnum_auth: \"{{ openstack_auth }}\""},{"line_number":153,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":4,"id":"c34a794a_3b2c4aae","line":150,"in_reply_to":"faee01c1_37af5fad","updated":"2024-01-03 11:57:57.000000000","message":"Not really any strong reason. I just added the option since it\u0027s managed in a different way and it was easy to do. Looking back on it, I agree it doesn\u0027t fit.\n\nI\u0027ve refactored a bit and made it one variable. I wasn\u0027t 100% sure where to put it since it\u0027s used in two roles so let me know if I need to make any more changes","commit_id":"5e44ff672ba3933e894c7d8ccf7852ba2d7e66d2"}],"etc/kolla/globals.yml":[{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"52b3b7e2405a55574d0f40982540817e0a6ada8a","unresolved":true,"context_lines":[{"line_number":521,"context_line":""},{"line_number":522,"context_line":"# Whether or not to apply changes to service user passwords when services are"},{"line_number":523,"context_line":"# reconfigured"},{"line_number":524,"context_line":"#update_keystone_service_user_passwords \"true\""},{"line_number":525,"context_line":""},{"line_number":526,"context_line":"########################"},{"line_number":527,"context_line":"# Glance - Image Options"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"b9be72cb_d7992b52","line":524,"range":{"start_line":524,"start_character":1,"end_line":524,"end_character":39},"updated":"2024-01-26 16:01:39.000000000","message":"Nit: missing \":\"","commit_id":"f23f46c46e5cf0302899125718bcda05c715f1cb"},{"author":{"_account_id":35264,"name":"Alex Welsh","email":"alex@stackhpc.com","username":"alex-welsh"},"change_message_id":"6c61c1cc0943c2ea10333437cf7eb0657a4a9dfb","unresolved":false,"context_lines":[{"line_number":521,"context_line":""},{"line_number":522,"context_line":"# Whether or not to apply changes to service user passwords when services are"},{"line_number":523,"context_line":"# reconfigured"},{"line_number":524,"context_line":"#update_keystone_service_user_passwords \"true\""},{"line_number":525,"context_line":""},{"line_number":526,"context_line":"########################"},{"line_number":527,"context_line":"# Glance - Image Options"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"e59ebd5f_3bf2d1b1","line":524,"range":{"start_line":524,"start_character":1,"end_line":524,"end_character":39},"in_reply_to":"b9be72cb_d7992b52","updated":"2024-01-29 15:06:13.000000000","message":"Done","commit_id":"f23f46c46e5cf0302899125718bcda05c715f1cb"}],"releasenotes/notes/update-keystone-passwords-7507119213391652.yaml":[{"author":{"_account_id":35263,"name":"Matt Crees","email":"mattc@stackhpc.com","username":"mattcrees"},"change_message_id":"ca2ee292207d82945297b9f1dbb38dcbc8529111","unresolved":true,"context_lines":[{"line_number":2,"context_line":"fixes:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Service user passwords will now be updated in keystone if services are"},{"line_number":5,"context_line":"    reconfigured with new passwords. This behaviour can be ignored by setting"},{"line_number":6,"context_line":"    ``magnum_update_keystone_password`` to ``on_create`` for the Magnum Trustee"},{"line_number":7,"context_line":"    User or the same for ``service_ks_update_password`` for other users."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"62cd05eb_fc32eabf","line":5,"range":{"start_line":5,"start_character":37,"end_line":5,"end_character":77},"updated":"2023-12-08 15:51:28.000000000","message":"Probably want to mention how to disable this behaviour in an upgrade note too.","commit_id":"953a39bf3d21a718f050ae87d49f76d8ea678358"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"b0b56053dc82fface3371e2eb786c64fef3ead6d","unresolved":true,"context_lines":[{"line_number":2,"context_line":"fixes:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Service user passwords will now be updated in keystone if services are"},{"line_number":5,"context_line":"    reconfigured with new passwords. This behaviour can be ignored by setting"},{"line_number":6,"context_line":"    ``magnum_update_keystone_password`` to ``on_create`` for the Magnum Trustee"},{"line_number":7,"context_line":"    User or the same for ``service_ks_update_password`` for other users."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"8bff2d2d_e5ece03c","line":5,"range":{"start_line":5,"start_character":37,"end_line":5,"end_character":77},"in_reply_to":"3972ff7b_f6a17e81","updated":"2023-12-12 09:51:46.000000000","message":"+1 to backporting and adding an upgrade note.","commit_id":"953a39bf3d21a718f050ae87d49f76d8ea678358"},{"author":{"_account_id":35264,"name":"Alex Welsh","email":"alex@stackhpc.com","username":"alex-welsh"},"change_message_id":"b5f7ff1d448b382eb8fb7a421f6fa6673ae11222","unresolved":true,"context_lines":[{"line_number":2,"context_line":"fixes:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Service user passwords will now be updated in keystone if services are"},{"line_number":5,"context_line":"    reconfigured with new passwords. This behaviour can be ignored by setting"},{"line_number":6,"context_line":"    ``magnum_update_keystone_password`` to ``on_create`` for the Magnum Trustee"},{"line_number":7,"context_line":"    User or the same for ``service_ks_update_password`` for other users."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"b835bbb1_e58a2ace","line":5,"range":{"start_line":5,"start_character":37,"end_line":5,"end_character":77},"in_reply_to":"62cd05eb_fc32eabf","updated":"2023-12-08 16:13:34.000000000","message":"I\u0027d like to open wider discussion about changing the default value. I think we should change it and backport the change, because I consider the issue to be a bug rather than a missing feature.","commit_id":"953a39bf3d21a718f050ae87d49f76d8ea678358"},{"author":{"_account_id":35264,"name":"Alex Welsh","email":"alex@stackhpc.com","username":"alex-welsh"},"change_message_id":"136c14d3a3c806b0b3cf83c4b303662eda2a38c6","unresolved":false,"context_lines":[{"line_number":2,"context_line":"fixes:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Service user passwords will now be updated in keystone if services are"},{"line_number":5,"context_line":"    reconfigured with new passwords. This behaviour can be ignored by setting"},{"line_number":6,"context_line":"    ``magnum_update_keystone_password`` to ``on_create`` for the Magnum Trustee"},{"line_number":7,"context_line":"    User or the same for ``service_ks_update_password`` for other users."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"054dc7a6_1573c4f6","line":5,"range":{"start_line":5,"start_character":37,"end_line":5,"end_character":77},"in_reply_to":"8bff2d2d_e5ece03c","updated":"2023-12-12 10:23:03.000000000","message":"Done","commit_id":"953a39bf3d21a718f050ae87d49f76d8ea678358"},{"author":{"_account_id":35263,"name":"Matt Crees","email":"mattc@stackhpc.com","username":"mattcrees"},"change_message_id":"65243d6ffae89349b46163979c0333ef0e3cfad0","unresolved":true,"context_lines":[{"line_number":2,"context_line":"fixes:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Service user passwords will now be updated in keystone if services are"},{"line_number":5,"context_line":"    reconfigured with new passwords. This behaviour can be ignored by setting"},{"line_number":6,"context_line":"    ``magnum_update_keystone_password`` to ``on_create`` for the Magnum Trustee"},{"line_number":7,"context_line":"    User or the same for ``service_ks_update_password`` for other users."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"3972ff7b_f6a17e81","line":5,"range":{"start_line":5,"start_character":37,"end_line":5,"end_character":77},"in_reply_to":"b835bbb1_e58a2ace","updated":"2023-12-08 16:17:34.000000000","message":"I agree, especially as it\u0027s unlikely someone would be relying on passwords not being able to change before.","commit_id":"953a39bf3d21a718f050ae87d49f76d8ea678358"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"14a7d0b0580fc1bf13fee47bf9a6af8d9dbaa147","unresolved":true,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"fixes:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Service user passwords will now be updated in keystone if services are"},{"line_number":5,"context_line":"    reconfigured with new passwords. This behaviour can be ignored by setting"},{"line_number":6,"context_line":"    ``magnum_update_keystone_password`` to ``on_create`` for the Magnum Trustee"},{"line_number":7,"context_line":"    User or the same for ``service_ks_update_password`` for other users."},{"line_number":8,"context_line":"upgrade:"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"f31a28b7_422f5ce3","line":5,"range":{"start_line":4,"start_character":4,"end_line":5,"end_character":35},"updated":"2023-12-12 16:00:50.000000000","message":"the wording imho is a little bit ambiguous; I first read that as \"passwords will be updated when new passwords are configured\" which is not what is happening.\n\nMaybe it\u0027s just because I\u0027m not a native speaker, but I guess that puts me in the majority of our userbase. :)\n\nafaik something along the following lines would be more clear:\n\n\"Service user passwords will be rotated to new passwords in the keystone database by default, everytime ``kolla-ansible reconfigure`` is run. This can be changed by setting[..]\"\n\nWhat do you think?","commit_id":"e901ae1ababe3fa28f31c6892daf60280136c355"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"2e5090a3467b5ed1bad4047455a87d235312fee7","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"fixes:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Service user passwords will now be updated in keystone if services are"},{"line_number":5,"context_line":"    reconfigured with new passwords. This behaviour can be ignored by setting"},{"line_number":6,"context_line":"    ``magnum_update_keystone_password`` to ``on_create`` for the Magnum Trustee"},{"line_number":7,"context_line":"    User or the same for ``service_ks_update_password`` for other users."},{"line_number":8,"context_line":"upgrade:"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"5a146d38_508794c8","line":5,"range":{"start_line":4,"start_character":4,"end_line":5,"end_character":35},"in_reply_to":"1e1904bb_f7fdac24","updated":"2023-12-13 11:52:06.000000000","message":"Done","commit_id":"e901ae1ababe3fa28f31c6892daf60280136c355"},{"author":{"_account_id":35264,"name":"Alex Welsh","email":"alex@stackhpc.com","username":"alex-welsh"},"change_message_id":"8b6db1385223a83532f5eb3344d3eb32ae2e7cd6","unresolved":true,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"fixes:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Service user passwords will now be updated in keystone if services are"},{"line_number":5,"context_line":"    reconfigured with new passwords. This behaviour can be ignored by setting"},{"line_number":6,"context_line":"    ``magnum_update_keystone_password`` to ``on_create`` for the Magnum Trustee"},{"line_number":7,"context_line":"    User or the same for ``service_ks_update_password`` for other users."},{"line_number":8,"context_line":"upgrade:"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"1e1904bb_f7fdac24","line":5,"range":{"start_line":4,"start_character":4,"end_line":5,"end_character":35},"in_reply_to":"f31a28b7_422f5ce3","updated":"2023-12-13 11:39:41.000000000","message":"I see what you mean and I agree, it wasn\u0027t very clear at all. I\u0027ve rewritten the release notes and also updated the comments.\n\nSo to be clear, it will not create new randomised passwords every time.\nAt the moment, if you update a service user password in your config (passwords.yml) and reconfigure services, then that change won\u0027t actually be applied to the user in keystone.\n\nWith this change, it will attempt to re-apply the password every time.\nIf you reconfigure with the same passwords.yml, nothing will change.\nIt\u0027s only if you update something in config e.g. cinder_keystone_password, then with this commit it will properly change the cinder user password in keystone to use the new value.","commit_id":"e901ae1ababe3fa28f31c6892daf60280136c355"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"14a7d0b0580fc1bf13fee47bf9a6af8d9dbaa147","unresolved":true,"context_lines":[{"line_number":7,"context_line":"    User or the same for ``service_ks_update_password`` for other users."},{"line_number":8,"context_line":"upgrade:"},{"line_number":9,"context_line":"  - |"},{"line_number":10,"context_line":"    Service user passwords will now be updated in keystone if services are"},{"line_number":11,"context_line":"    reconfigured with new passwords. This behaviour can be ignored by setting"},{"line_number":12,"context_line":"    ``magnum_update_keystone_password`` to ``on_create`` for the Magnum Trustee"},{"line_number":13,"context_line":"    User or the same for ``service_ks_update_password`` for other users."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"fa7f566a_1596bee6","line":11,"range":{"start_line":10,"start_character":4,"end_line":11,"end_character":36},"updated":"2023-12-12 16:00:50.000000000","message":"see above","commit_id":"e901ae1ababe3fa28f31c6892daf60280136c355"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"2e5090a3467b5ed1bad4047455a87d235312fee7","unresolved":false,"context_lines":[{"line_number":7,"context_line":"    User or the same for ``service_ks_update_password`` for other users."},{"line_number":8,"context_line":"upgrade:"},{"line_number":9,"context_line":"  - |"},{"line_number":10,"context_line":"    Service user passwords will now be updated in keystone if services are"},{"line_number":11,"context_line":"    reconfigured with new passwords. This behaviour can be ignored by setting"},{"line_number":12,"context_line":"    ``magnum_update_keystone_password`` to ``on_create`` for the Magnum Trustee"},{"line_number":13,"context_line":"    User or the same for ``service_ks_update_password`` for other users."}],"source_content_type":"text/x-yaml","patch_set":2,"id":"4ddad7d2_8e383195","line":11,"range":{"start_line":10,"start_character":4,"end_line":11,"end_character":36},"in_reply_to":"fa7f566a_1596bee6","updated":"2023-12-13 11:52:06.000000000","message":"Done","commit_id":"e901ae1ababe3fa28f31c6892daf60280136c355"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"2e5090a3467b5ed1bad4047455a87d235312fee7","unresolved":true,"context_lines":[{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Changes to service user passwords in ``passwords.yml`` will now be applied"},{"line_number":5,"context_line":"    when reconfiguring services."},{"line_number":6,"context_line":"    "},{"line_number":7,"context_line":"    This behaviour can reverted by setting ``magnum_update_keystone_password``"},{"line_number":8,"context_line":"    to ``on_create`` for the Magnum Trustee User or the same for"},{"line_number":9,"context_line":"    ``service_ks_update_password`` for other users."}],"source_content_type":"text/x-yaml","patch_set":3,"id":"8a0c1114_c8836a65","line":6,"range":{"start_line":6,"start_character":0,"end_line":6,"end_character":4},"updated":"2023-12-13 11:52:06.000000000","message":"whitespace issue","commit_id":"92ca97a2070fbcc6f66540b459d1a009ccbd8c20"},{"author":{"_account_id":35264,"name":"Alex Welsh","email":"alex@stackhpc.com","username":"alex-welsh"},"change_message_id":"2cea1a3690d95fe37ee768c0dfe86d141d814fa3","unresolved":false,"context_lines":[{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Changes to service user passwords in ``passwords.yml`` will now be applied"},{"line_number":5,"context_line":"    when reconfiguring services."},{"line_number":6,"context_line":"    "},{"line_number":7,"context_line":"    This behaviour can reverted by setting ``magnum_update_keystone_password``"},{"line_number":8,"context_line":"    to ``on_create`` for the Magnum Trustee User or the same for"},{"line_number":9,"context_line":"    ``service_ks_update_password`` for other users."}],"source_content_type":"text/x-yaml","patch_set":3,"id":"2b884e08_60a42b80","line":6,"range":{"start_line":6,"start_character":0,"end_line":6,"end_character":4},"in_reply_to":"8a0c1114_c8836a65","updated":"2023-12-13 12:02:03.000000000","message":"Done","commit_id":"92ca97a2070fbcc6f66540b459d1a009ccbd8c20"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"18a7e78317c5ef1eaa6624a5b53f3699fdfeeb16","unresolved":false,"context_lines":[{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Changes to service user passwords in ``passwords.yml`` will now be applied"},{"line_number":5,"context_line":"    when reconfiguring services."},{"line_number":6,"context_line":"    "},{"line_number":7,"context_line":"    This behaviour can reverted by setting ``magnum_update_keystone_password``"},{"line_number":8,"context_line":"    to ``on_create`` for the Magnum Trustee User or the same for"},{"line_number":9,"context_line":"    ``service_ks_update_password`` for other users."}],"source_content_type":"text/x-yaml","patch_set":3,"id":"2e46db97_d8ab9915","line":6,"range":{"start_line":6,"start_character":0,"end_line":6,"end_character":4},"in_reply_to":"8a0c1114_c8836a65","updated":"2023-12-13 12:01:43.000000000","message":"Done","commit_id":"92ca97a2070fbcc6f66540b459d1a009ccbd8c20"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"2e5090a3467b5ed1bad4047455a87d235312fee7","unresolved":true,"context_lines":[{"line_number":11,"context_line":"  - |"},{"line_number":12,"context_line":"    Changes to service user passwords in ``passwords.yml`` will now be applied"},{"line_number":13,"context_line":"    when reconfiguring services."},{"line_number":14,"context_line":"    "},{"line_number":15,"context_line":"    This behaviour can reverted by setting ``magnum_update_keystone_password``"},{"line_number":16,"context_line":"    to ``on_create`` for the Magnum Trustee User or the same for"},{"line_number":17,"context_line":"    ``service_ks_update_password`` for other users."}],"source_content_type":"text/x-yaml","patch_set":3,"id":"07d36f52_1b3546f2","line":14,"range":{"start_line":14,"start_character":0,"end_line":14,"end_character":4},"updated":"2023-12-13 11:52:06.000000000","message":"whitespace issue","commit_id":"92ca97a2070fbcc6f66540b459d1a009ccbd8c20"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"18a7e78317c5ef1eaa6624a5b53f3699fdfeeb16","unresolved":false,"context_lines":[{"line_number":11,"context_line":"  - |"},{"line_number":12,"context_line":"    Changes to service user passwords in ``passwords.yml`` will now be applied"},{"line_number":13,"context_line":"    when reconfiguring services."},{"line_number":14,"context_line":"    "},{"line_number":15,"context_line":"    This behaviour can reverted by setting ``magnum_update_keystone_password``"},{"line_number":16,"context_line":"    to ``on_create`` for the Magnum Trustee User or the same for"},{"line_number":17,"context_line":"    ``service_ks_update_password`` for other users."}],"source_content_type":"text/x-yaml","patch_set":3,"id":"0124ec03_aecfd9af","line":14,"range":{"start_line":14,"start_character":0,"end_line":14,"end_character":4},"in_reply_to":"07d36f52_1b3546f2","updated":"2023-12-13 12:01:43.000000000","message":"Done","commit_id":"92ca97a2070fbcc6f66540b459d1a009ccbd8c20"},{"author":{"_account_id":35264,"name":"Alex Welsh","email":"alex@stackhpc.com","username":"alex-welsh"},"change_message_id":"2cea1a3690d95fe37ee768c0dfe86d141d814fa3","unresolved":false,"context_lines":[{"line_number":11,"context_line":"  - |"},{"line_number":12,"context_line":"    Changes to service user passwords in ``passwords.yml`` will now be applied"},{"line_number":13,"context_line":"    when reconfiguring services."},{"line_number":14,"context_line":"    "},{"line_number":15,"context_line":"    This behaviour can reverted by setting ``magnum_update_keystone_password``"},{"line_number":16,"context_line":"    to ``on_create`` for the Magnum Trustee User or the same for"},{"line_number":17,"context_line":"    ``service_ks_update_password`` for other users."}],"source_content_type":"text/x-yaml","patch_set":3,"id":"06403ef4_325a0688","line":14,"range":{"start_line":14,"start_character":0,"end_line":14,"end_character":4},"in_reply_to":"07d36f52_1b3546f2","updated":"2023-12-13 12:02:03.000000000","message":"Done","commit_id":"92ca97a2070fbcc6f66540b459d1a009ccbd8c20"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"6ad7fc19dcd668824784822aaa60d8a0699b0b0a","unresolved":true,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"fixes:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Changes to service user passwords in ``passwords.yml`` will now be applied"},{"line_number":5,"context_line":"    when reconfiguring services."},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"    This behaviour can reverted by setting ``magnum_update_keystone_password``"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"b966d933_4f641494","line":4,"updated":"2023-12-22 11:55:53.000000000","message":"This is a bit misleading I think, what this patch does is change the actual live password in keystone for the affected account. A change in passwords.yml would still have been applied to any config file where it is being referenced, leading to broken authentication, right? It might be helpful to be more verbose about this.","commit_id":"5e44ff672ba3933e894c7d8ccf7852ba2d7e66d2"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"4ae5e2c80e499b477acd8bd1b70610163dfb3d61","unresolved":true,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"fixes:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Changes to service user passwords in ``passwords.yml`` will now be applied"},{"line_number":5,"context_line":"    when reconfiguring services."},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"    This behaviour can reverted by setting ``magnum_update_keystone_password``"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"d39a7b8e_52568f65","line":4,"in_reply_to":"b966d933_4f641494","updated":"2023-12-22 12:45:50.000000000","message":"\u003e A change in passwords.yml would still have been applied to any config file where it is being referenced, leading to broken authentication, right? \n\nI don\u0027t quite understand this. Do you mean that auth is broken if the old unchanged password is referenced in configuration files that are not part of the k-a deployment?\n\nwouldn\u0027t that either be a bug in k-a or out of scope?\n\nWe could add a line with regards to that: \"If you have configured these credentials elsewhere outside of k-a, make sure to update these as well\".\n\nBut I\u0027m not sure if you are referring to that. I can\u0027t think of any other case where auth is broken though? If you change the passwords.yml and then reconfigure all passwords are updated, once for the live service and second on disk in the config files, no? What am I missing?","commit_id":"5e44ff672ba3933e894c7d8ccf7852ba2d7e66d2"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"52b3b7e2405a55574d0f40982540817e0a6ada8a","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"fixes:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Changes to service user passwords in ``passwords.yml`` will now be applied"},{"line_number":5,"context_line":"    when reconfiguring services."},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"    This behaviour can reverted by setting ``magnum_update_keystone_password``"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"25275008_2f259049","line":4,"in_reply_to":"d39a7b8e_52568f65","updated":"2024-01-26 16:01:39.000000000","message":"Nevermind, let\u0027s just stick to this.","commit_id":"5e44ff672ba3933e894c7d8ccf7852ba2d7e66d2"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"6ad7fc19dcd668824784822aaa60d8a0699b0b0a","unresolved":true,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"    This behaviour can reverted by setting ``magnum_update_keystone_password``"},{"line_number":8,"context_line":"    to ``on_create`` for the Magnum Trustee User or the same for"},{"line_number":9,"context_line":"    ``service_ks_update_password`` for other users."},{"line_number":10,"context_line":"upgrade:"},{"line_number":11,"context_line":"  - |"},{"line_number":12,"context_line":"    Changes to service user passwords in ``passwords.yml`` will now be applied"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"6f45db2d_7ff498e9","line":9,"updated":"2023-12-22 11:55:53.000000000","message":"This should have a link to the bug report.\n\nI\u0027d also suggest to mention the global var first and the magnum special case second (unless we can drop it).","commit_id":"5e44ff672ba3933e894c7d8ccf7852ba2d7e66d2"},{"author":{"_account_id":35264,"name":"Alex Welsh","email":"alex@stackhpc.com","username":"alex-welsh"},"change_message_id":"354b96f56c2d2826c2cb573fd7a34ebe36fa22ca","unresolved":false,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"    This behaviour can reverted by setting ``magnum_update_keystone_password``"},{"line_number":8,"context_line":"    to ``on_create`` for the Magnum Trustee User or the same for"},{"line_number":9,"context_line":"    ``service_ks_update_password`` for other users."},{"line_number":10,"context_line":"upgrade:"},{"line_number":11,"context_line":"  - |"},{"line_number":12,"context_line":"    Changes to service user passwords in ``passwords.yml`` will now be applied"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"c4ff40d5_64bebdbd","line":9,"in_reply_to":"3d036cde_6daca655","updated":"2024-01-03 11:57:57.000000000","message":"Done","commit_id":"5e44ff672ba3933e894c7d8ccf7852ba2d7e66d2"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"4ae5e2c80e499b477acd8bd1b70610163dfb3d61","unresolved":true,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"    This behaviour can reverted by setting ``magnum_update_keystone_password``"},{"line_number":8,"context_line":"    to ``on_create`` for the Magnum Trustee User or the same for"},{"line_number":9,"context_line":"    ``service_ks_update_password`` for other users."},{"line_number":10,"context_line":"upgrade:"},{"line_number":11,"context_line":"  - |"},{"line_number":12,"context_line":"    Changes to service user passwords in ``passwords.yml`` will now be applied"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"3d036cde_6daca655","line":9,"in_reply_to":"6f45db2d_7ff498e9","updated":"2023-12-22 12:45:50.000000000","message":"I agree, don\u0027t know how I missed that.","commit_id":"5e44ff672ba3933e894c7d8ccf7852ba2d7e66d2"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"4ae5e2c80e499b477acd8bd1b70610163dfb3d61","unresolved":true,"context_lines":[{"line_number":12,"context_line":"    Changes to service user passwords in ``passwords.yml`` will now be applied"},{"line_number":13,"context_line":"    when reconfiguring services."},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"    This behaviour can reverted by setting ``magnum_update_keystone_password``"},{"line_number":16,"context_line":"    to ``on_create`` for the Magnum Trustee User or the same for"},{"line_number":17,"context_line":"    ``service_ks_update_password`` for other users."}],"source_content_type":"text/x-yaml","patch_set":4,"id":"13790477_563f9f8b","line":15,"range":{"start_line":15,"start_character":19,"end_line":15,"end_character":31},"updated":"2023-12-22 12:45:50.000000000","message":"nit: can be reverted","commit_id":"5e44ff672ba3933e894c7d8ccf7852ba2d7e66d2"},{"author":{"_account_id":35264,"name":"Alex Welsh","email":"alex@stackhpc.com","username":"alex-welsh"},"change_message_id":"354b96f56c2d2826c2cb573fd7a34ebe36fa22ca","unresolved":false,"context_lines":[{"line_number":12,"context_line":"    Changes to service user passwords in ``passwords.yml`` will now be applied"},{"line_number":13,"context_line":"    when reconfiguring services."},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"    This behaviour can reverted by setting ``magnum_update_keystone_password``"},{"line_number":16,"context_line":"    to ``on_create`` for the Magnum Trustee User or the same for"},{"line_number":17,"context_line":"    ``service_ks_update_password`` for other users."}],"source_content_type":"text/x-yaml","patch_set":4,"id":"dc1af258_74b98a2b","line":15,"range":{"start_line":15,"start_character":19,"end_line":15,"end_character":31},"in_reply_to":"13790477_563f9f8b","updated":"2024-01-03 11:57:57.000000000","message":"Refactored, no longer relevant","commit_id":"5e44ff672ba3933e894c7d8ccf7852ba2d7e66d2"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"6ad7fc19dcd668824784822aaa60d8a0699b0b0a","unresolved":true,"context_lines":[{"line_number":14,"context_line":""},{"line_number":15,"context_line":"    This behaviour can reverted by setting ``magnum_update_keystone_password``"},{"line_number":16,"context_line":"    to ``on_create`` for the Magnum Trustee User or the same for"},{"line_number":17,"context_line":"    ``service_ks_update_password`` for other users."}],"source_content_type":"text/x-yaml","patch_set":4,"id":"993f5f38_aff2b592","line":17,"updated":"2023-12-22 11:55:53.000000000","message":"I\u0027m not sure whether repeating the same text in two sections is helpful. But I agree that having some kind of note in either section would be good. Sorry for writing this comment without having a good idea with how to resolve it, maybe someone else has better advice?","commit_id":"5e44ff672ba3933e894c7d8ccf7852ba2d7e66d2"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"4ae5e2c80e499b477acd8bd1b70610163dfb3d61","unresolved":true,"context_lines":[{"line_number":14,"context_line":""},{"line_number":15,"context_line":"    This behaviour can reverted by setting ``magnum_update_keystone_password``"},{"line_number":16,"context_line":"    to ``on_create`` for the Magnum Trustee User or the same for"},{"line_number":17,"context_line":"    ``service_ks_update_password`` for other users."}],"source_content_type":"text/x-yaml","patch_set":4,"id":"ad068ff0_8e4a58af","line":17,"in_reply_to":"993f5f38_aff2b592","updated":"2023-12-22 12:45:50.000000000","message":"Let me try:\n\"If credentials are updated in ``passwords.yml`` kolla-ansible is now able to update\nthese credentials in the keystone database and in the on disk config files.\n\nThe changes to ``passwords.yml`` are applied once ``kolla-ansible -i INVENTORY reconfigure`` has been run.\n\nIf you want to revert to the old behavior - credentials not automatically updating during reconfigure if they changed in ``passwords.yml`` - you can specify this by setting ``service_ks_update_password`` to ``on_create`` instead of ``always`` in your ``globals.yml``.\n\nThe same applies to the Magnum Trustee User, which has it\u0027s own setting ``magnum_update_keystone_passoword``. Set it to ``on_create`` to revert to the old behavior, the new default is ``always``.\n\nNotice that passwords are just changed if you change them in ``passwords.yml``. This\nmechanism is no complete solution for automatic credential rollover. No passwords are changed if you don\u0027t change them inside ``passwords.yml``.\n\"","commit_id":"5e44ff672ba3933e894c7d8ccf7852ba2d7e66d2"},{"author":{"_account_id":35264,"name":"Alex Welsh","email":"alex@stackhpc.com","username":"alex-welsh"},"change_message_id":"354b96f56c2d2826c2cb573fd7a34ebe36fa22ca","unresolved":false,"context_lines":[{"line_number":14,"context_line":""},{"line_number":15,"context_line":"    This behaviour can reverted by setting ``magnum_update_keystone_password``"},{"line_number":16,"context_line":"    to ``on_create`` for the Magnum Trustee User or the same for"},{"line_number":17,"context_line":"    ``service_ks_update_password`` for other users."}],"source_content_type":"text/x-yaml","patch_set":4,"id":"30c88c8b_59bbb614","line":17,"in_reply_to":"ad068ff0_8e4a58af","updated":"2024-01-03 11:57:57.000000000","message":"Done","commit_id":"5e44ff672ba3933e894c7d8ccf7852ba2d7e66d2"}]}