--- /dev/null
+From 70d22113cc8d58b6546cb4917c27f9aae51787c5 Mon Sep 17 00:00:00 2001
+From: Kam Nasim <kam.nasim@windriver.com>
+Date: Mon, 2 Apr 2018 16:13:31 -0400
+Subject: [PATCH] CGTS-9320: config_controller fails when admin pw containing $
+
+Escape special characters when executing the keystone-manage bootstrap
+command since the keystone CLI argparse will parse "Madawa$ka1" as
+"Madawa" which will cause the Keystone ADMIN acct to be created with an
+incorrect password. Puppet will detect this and attempt to course
+correct by sending an UPDATE User request to Keystone, which does set
+the right password but causes other failures in config_controller
+---
+ manifests/init.pp | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/manifests/init.pp b/manifests/init.pp
+index d64638c..89af303 100644
+--- a/manifests/init.pp
++++ b/manifests/init.pp
+@@ -1292,10 +1292,15 @@ running as a standalone service, or httpd for being run by a httpd server")
+ }
+
+ if $enable_bootstrap {
++ #(NOTE: knasim-wrs): escape special characters in the password otherwise the
++ # keyword-manage bootstrap CLI may parse the password incorrectly, causing
++ # the admin account to be created with an incorrect password
++ $admin_password_escaped = shell_escape($admin_password_real)
++
+ # this requires the database to be up and running and configured
+ # and is only run once, so we don't need to notify the service
+ exec { 'keystone-manage bootstrap':
+- command => "keystone-manage bootstrap --bootstrap-password ${admin_password_real}",
++ command => "keystone-manage bootstrap --bootstrap-password ${admin_password_escaped}",
+ user => $keystone_user,
+ path => '/usr/bin',
+ refreshonly => true,
+--
+1.8.3.1
+