yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1403136] Re: Create tenants, users, and roles in OpenStack Installation Guide for Ubuntu 14.04 - juno

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1403136@xxxxxxxxxxxxxxxxxx>
Date: Mon, 22 Dec 2014 01:09:48 -0000
Reply-to: Bug 1403136 <1403136@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/143215
Committed: https://git.openstack.org/cgit/openstack/openstack-manuals/commit/?id=14e6c86d5a457dbbb90690d55655a4532919255a
Submitter: Jenkins
Branch:    master

commit 14e6c86d5a457dbbb90690d55655a4532919255a
Author: Matthew Kassawara <mkassawara@xxxxxxxxx>
Date:   Fri Dec 19 16:30:53 2014 -0600

    Fix conflicts with _member_ role creation
    
    Historically, the installation guide manually created the
    internal _member_ role to resolve issues with horizon.
    However, keystone will preferably create the _member_ role
    automatically if the 'user-create' command includes the
    '--tenant' option.
    
    Change-Id: I1a67db2b6aa6a8e2bfd76cc80db1fb09fa353986
    Closes-Bug: #1403136
    backport: juno


** Changed in: openstack-manuals
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1403136

Title:
  Create tenants, users, and roles in OpenStack Installation Guide for
  Ubuntu 14.04  - juno

Status in OpenStack Identity (Keystone):
  In Progress
Status in OpenStack Manuals:
  Fix Released

Bug description:
  "e. By default, the dashboard limits access to users with the _member_
  role. Create the _member_ role:"

  The first sentence is true, but keystone will automatically create the
  _member_ role if it does not exist.

  I discovered this while tracking down an error:  "keystone user-
  create" resulted in a "duplicate entry" error. The sequence is like
  this:

  1) As described in the doc, I run "keystone role-create --name _member_". The role is created and assigned a random ID.
  2) On "user-create", keystone wants to assign the _member_ role to the new user. It looks up member_role_id in keystone.conf, finds none (the member_role_id does not match the ID from step 1)
  3) keystone now tries to create the _member_ role, but this fails since the name already exists.

  So by not creating the "_member_" role myself, the problem is averted.
  That's why I'm opening a bug against docs.... another fix would be for
  keystone to do the lookup by name instead, but I assume the keystone
  team has a good reason for not doing so.

  I'm using the v2 API with SQL backend.

  -----------------------------------
  Built: 2014-12-09T01:28:32 00:00
  git SHA: 6d3c276487be990722bc423642ffb05217d77289
  URL: http://docs.openstack.org/juno/install-guide/install/apt/content/keystone-users.html
  source File: file:/home/jenkins/workspace/openstack-manuals-tox-doc-publishdocs/doc/install-guide/section_keystone-users.xml
  xml:id: keystone-users

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1403136/+subscriptions