The process to update the Keystone admin user password includes steps that stop and start the nova services.

Note: The update triggers the OpenStack Lifecycle Manager pipeline and updates each Helm chart. The update might interrupt OpenStack services for a short time.

Because nova services use the Keystone admin password to check the service status, we need to stop these services before changing the Keystone admin password.

Prerequisites

Verify that you have a base64 encoded password.
Important: You can encrypt the base64 password with the following command. If you do not include -n, then the new encrypted password contains a new line, which will result in errors. 
echo -n 'input' | openssl base64

Procedure

  1. Stop nova services.
    1. Log in to the Integrated OpenStack Manager as the root user. 
      ssh root@mgmt-server-ip
    2. Stop nova services. 
      viocli stop service nova
    3. Stop nova-compute services. 
      viocli stop service nova-compute
      Note: nova services will be down from this point.
  2. Change the password for the Keystone admin user.
    1. Log in to the VMware Integrated OpenStack dashboard.
    2. Select Identity > Users.
    3. In the Actions column, select Change Password.
    You can also use the OpenStack CLI to change the password with the following command. 
    openstack user set --password <password> admin
    To change the password with a prompt, instead of typing the password, use the following command. 
    openstack user set --password-prompt admin
  3. In the OpenStack namespace, change the Keystone admin password.
    1. Log in to the Integrated OpenStack Manager as the root user. 
      ssh root@mgmt-server-ip
    2. Edit secret managedpasswords. 
      osctl edit secret managedpasswords
    3. Update the value for the data.admin_password. 
      apiVersion: v1
data:
  admin_password: <new_password>
      The value of the new_password must be base64 encoded.
    4. Edit secret nova-keystone-admin. 
      osctl edit secret nova-keystone-admin
    5. Update the value for the data.OS_PASSWORD. 
      apiVersion: v1
data:
  OS_PASSWORD: <new_password>
      The value of the new_password must be base54 encoded.
  4. Start nova services.
    1. Log in to the Integrated OpenStack Manager as the root user. 
      ssh root@mgmt-server-ip
    2. Start nova services. 
      viocli start service nova
    3. Start nova-compute services. 
      viocli start service nova-compute
  5. Check the deployment status. 
    viocli get deployment
    The deployment status first appears as reconfiguring. When it reaches running, the password update is complete.