| noonedeadpunk | hey folks. I believe we see a regression in keystone during upgrade to 2023.1 in CI, when passwords are longer then 54 symbols using bcrypt. I assume that is related to https://review.opendev.org/c/openstack/keystone/+/828595 | 06:46 |
|---|---|---|
| noonedeadpunk | So basically, after upgrade working previously passwords stop working | 06:46 |
| noonedeadpunk | and we get 401 on operations that were working like 30mins ago in the same pipeline jsut before the upgrade | 06:50 |
| noonedeadpunk | While I do get that such verification is fair, since it's bcrypt limitation, though I am not getting why it cause regressions during upgrade from Zed | 06:51 |
| noonedeadpunk | ANd not sure how I can deal with that from operator perspective, as I really have no idea what our users could set as a password | 06:51 |
| noonedeadpunk | d34dh0r53 knikolla will ping you as you might have some good ideas :) | 06:52 |
| noonedeadpunk | good example of that is here: https://zuul.opendev.org/t/openstack/build/693d274e0b5341f38e84107a8741eb86/log/job-output.txt#24388 where on nova verification it fails with "Placement service credentials do not work" | 06:54 |
| noonedeadpunk | While on line 16130 it was passing _before_ upgrade has happened | 06:54 |
| noonedeadpunk | so password got invalidated after upgrade, which kinda sucks | 06:55 |
| noonedeadpunk | We got a bug report https://bugs.launchpad.net/openstack-ansible/+bug/2028809 and I'm inclined it to mark as this affects keystone | 06:57 |
| noonedeadpunk | As while it's kinda our fault, that we generate passwords longer then 54 symbols, that catched this nasty thing that does affect users | 06:57 |
| *** tobias-urdin-pto is now known as tobias-urdin | 07:34 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!