← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #01326

[Bug 969088] Re: Role conflict when importing nova auth

  Thread PreviousDate PreviousThread Next 
Should already be in the cloud archive.

** Changed in: keystone (Ubuntu)
       Status: In Progress => Fix Released

** Changed in: keystone (Ubuntu Precise)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/969088

Title:
  Role conflict when importing nova auth

Status in OpenStack Identity (Keystone):
  Fix Released
Status in Keystone essex series:
  Fix Released
Status in “keystone” package in Ubuntu:
  Fix Released
Status in “keystone” source package in Precise:
  Fix Released

Bug description:
  To migrate from Nova's deprecated auth to keystone, I did:

   $> sudo ADMIN_PASSWORD=$OS_PASSWORD SERVICE_PASSWORD=servicepass openstack-keystone-sample-data
   $> sudo nova-manage export auth > auth-export.json
   $> sudo keystone-manage import_nova_auth auth-export.json
     File "/usr/lib/python2.7/site-packages/keystone/identity/backends/sql.py", line 48, in wrapper
       raise exception.Conflict(type=type, details=str(e))
   keystone.exception.Conflict: Conflict occurred attempting to store role. (IntegrityError) (1062, "Duplicate entry 'sysadmin' for key 'name\
   '") 'INSERT INTO role (id, name) VALUES (%s, %s)' ('b8a2ed868ea2440291f612d2bae252e6', 'sysadmin')

  This sample data script is included in the Fedora packages and based
  on devstack's similar script. Perhaps it shouldn't be adding the
  sysadmin role. Perhaps the script is just a bad idea. Whatever.

  It seems to me, though, that there's no particular need for
  import_nova_auth to barf if a role already exists. If the role exists,
  we can happily use it and there's no worry that the existing role
  doesn't match the desired role since a role is just a name.

  Proposing a patch to make import_nova_auth only create roles if they
  don't already exist.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/969088/+subscriptions
  Thread PreviousDate PreviousThread Next