Issue #7499
closedpulp_installer is unpredictable about when it resets the admin password
Description
As mentioned in #7493 and https://github.com/pulp/pulp_installer/pull/427 , it is unpredictable about when it is run. From a user's perspective.
#7493 is about to make it run more often.
The current thinking is to not run change the password after initial install ever.
However, we still need pulp_default_admin_password to be defined in pulp_devel and pulp_health_check . The beginning of pulp_database_config also makes sure it is defined, we may remove that.
Related issues
Updated by mdepaulo@redhat.com over 4 years ago
- Related to Issue #7493: Installer: remove auth migration task added
Updated by mdepaulo@redhat.com over 4 years ago
My proposed solution is this:
- For initial install, always set it.
- For upgrades or re-running the installer for any other reason, let it be determined by a variable like "pulp_always_reset_admin_pw"
- Ignore whether or not migrations were run.
Updated by mdellweg over 4 years ago
Since the health check tests seem to need the password, it looks like we assume that the installer needs to know the current pulp admin password anyway.
So we could go a step further and say, that the password is managed by the installer. We can than add a test whether the password still works and (re-)set it. I'd say the variable should be named pulp_admin_password
in that case.
On the other hand, i don't think the status endpoint (used in the health check) needs the password. So we could use the set-only-if-touched-file-is-absent approach. We would instruct the user to delete that file in order to reset the password via the installer.
Updated by pulpbot over 4 years ago
- Status changed from NEW to POST
Added by mdellweg over 4 years ago
Added by mdellweg over 4 years ago
Revision b8c456ca | View on GitHub
Add a check to only set password on first install
Also make the health check independend from knowing the password.
Updated by mdellweg over 4 years ago
- Status changed from POST to MODIFIED
Applied in changeset ansible-pulp|b8c456cada26f93bb2e50c0d71d97ccee2e7271d.
Updated by ttereshc about 4 years ago
- Status changed from MODIFIED to CLOSED - CURRENTRELEASE
Add a check to only set password on first install
Also make the health check independend from knowing the password.
fixes #7499 https://pulp.plan.io/issues/7499