How to change the admin password in Red Hat OpenStack Platform
Environment
Red Hat OpenStack Platform 7.0
Red Hat OpenStack Platform 8.0
Red Hat OpenStack Platform 9.0
Red Hat OpenStack Platform 10.0
Red Hat OpenStack Platform 13.0
Red Hat OpenStack Platform 16.1
Red Hat OpenStack Platform 16.2
Red Hat OpenStack Platform 17.0
Red Hat OpenStack Platform 17.1
Issue
How can one change the administrator's password in Red Hat OpenStack Platform
How to change OS_PASSWORD in overcloudrc for the admin user
How to change OpenStack admin password
Resolution
- For RHOSP 16.2 please use official documentation
- For RHOSP 17.1 please use official documentation
With Director
Set the following in an environment file, e.g. network-environments.yaml:
parameter_defaults:
(...)
AdminPassword: '<the admin password>'
(...)
From /usr/share/openstack-tripleo-heat-templates/overcloud.yaml
# Common parameters (not specific to a role)
AdminPassword:
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
type: string
hidden: true
Post installation
For OSP9 and earlier Update the admin user's password - the following example sets it to test
source overcloudrc
keystone password-update
New Password:
Repeat New Password:
You should update the password you are using to authenticate to match your new password
For OSP10 to OSP13 use the openstack unified cli since keystone client is deprecated
[stack@undercloud-1 ~]$ openstack user set -h
usage: openstack user set [-h] [--name <name>] [--project <project>]
[--password <user-password>] [--password-prompt]
[--email <email-address>] [--enable | --disable]
<user>
[stack@undercloud-1 ~]$ openstack user set --password zpH4xMAvVFFTMwzu4cnqmERAg admin
Change the OS_PASSWORD in overcloudrc, e.g. with vim overcloudrc
export OS_NO_CACHE=True
export OS_CLOUDNAME=overcloud
export OS_AUTH_URL=http://10.0.0.4:5000/v2.0
export NOVA_VERSION=1.1
export COMPUTE_API_VERSION=1.1
export OS_USERNAME=admin
export no_proxy=,10.0.0.4,192.0.2.15
export OS_PASSWORD=test
export PYTHONWARNINGS="ignore:Certificate has no, ignore:A true SSLContext object is not available"
export OS_TENANT_NAME=admin
Note that it is mandatory so source overcloudrc once more
source overcloudrc
Diagnostic Steps
For OSP10 check the admin password with mistral
[stack@osp10-dir ~]$ mistral environment-get overcloud
+-------------+-----------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------+-----------------------------------------------------------------------------------------------------------------------------------------------------+
| Name | overcloud |
| Description | <none> |
| Variables | { |
| | "parameter_defaults": { |
...
... |
| | "ProviderNetwork2VlanID": 211, |
| | "AdminPassword": "thisisatest", |
| | "StorageNetCidr": "10.49.134.0/24", |
| | "NeutronFlatNetworks": "*", |
| | "InternalApiNetworkVlanID": 210, |
| | "OvercloudComputeFlavor": "compute", |
| | "CinderEnableIscsiBackend": false, |
| | "CinderEnableNfsBackend": true, |
| | "ExternalNetCidr": "10.146.100.0/24", |
| | "EC2MetadataIp": "10.146.96.XX", |
| | "UpdateIdentifier": "" |
| | }, |
| | "passwords": { |
| | "HAProxyStatsPassword": "y7PeD9EPz2vRaAz6jqzGAXXXX", |
| | "ManilaPassword": "JXHbxgvGcQwFqbedTmg2ApXXXX, |
| | "NeutronPassword": "DbgvDDNCfBspE3WnayXr3XXXX", |
| | "GlancePassword": "tHhumagpEJ2yFKJqEjEYJXXXX", | |
| | "HeatPassword": "ubq2fhwyJhuWyQZccPCjMXXXX", |
| | "AdminPassword": "YThEufTy8ePyv73KXjWV2XXXX",
...
- Notice mistral shows AdmnPassword as a random string in the passwords section, however if you set AdminPassword in the environment file this will override the random password. So your custom password will work in the environment upon deploy.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments