yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #01326
[Bug 969088] Re: Role conflict when importing nova auth
Should already be in the cloud archive.
** Changed in: keystone (Ubuntu)
Status: In Progress => Fix Released
** Changed in: keystone (Ubuntu Precise)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/969088
Title:
Role conflict when importing nova auth
Status in OpenStack Identity (Keystone):
Fix Released
Status in Keystone essex series:
Fix Released
Status in “keystone” package in Ubuntu:
Fix Released
Status in “keystone” source package in Precise:
Fix Released
Bug description:
To migrate from Nova's deprecated auth to keystone, I did:
$> sudo ADMIN_PASSWORD=$OS_PASSWORD SERVICE_PASSWORD=servicepass openstack-keystone-sample-data
$> sudo nova-manage export auth > auth-export.json
$> sudo keystone-manage import_nova_auth auth-export.json
File "/usr/lib/python2.7/site-packages/keystone/identity/backends/sql.py", line 48, in wrapper
raise exception.Conflict(type=type, details=str(e))
keystone.exception.Conflict: Conflict occurred attempting to store role. (IntegrityError) (1062, "Duplicate entry 'sysadmin' for key 'name\
'") 'INSERT INTO role (id, name) VALUES (%s, %s)' ('b8a2ed868ea2440291f612d2bae252e6', 'sysadmin')
This sample data script is included in the Fedora packages and based
on devstack's similar script. Perhaps it shouldn't be adding the
sysadmin role. Perhaps the script is just a bad idea. Whatever.
It seems to me, though, that there's no particular need for
import_nova_auth to barf if a role already exists. If the role exists,
we can happily use it and there's no worry that the existing role
doesn't match the desired role since a role is just a name.
Proposing a patch to make import_nova_auth only create roles if they
don't already exist.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/969088/+subscriptions