yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1403136] Re: Create tenants, users, and roles in OpenStack Installation Guide for Ubuntu 14.04 - juno

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1403136@xxxxxxxxxxxxxxxxxx>
Date: Mon, 22 Dec 2014 20:39:07 -0000
Reply-to: Bug 1403136 <1403136@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/143519
Committed: https://git.openstack.org/cgit/openstack/openstack-manuals/commit/?id=549be4ba1d84ba749ea79c7a0d1e8953ef9d4cfd
Submitter: Jenkins
Branch:    master

commit 549be4ba1d84ba749ea79c7a0d1e8953ef9d4cfd
Author: Matthew Kassawara <mkassawara@xxxxxxxxx>
Date:   Mon Dec 22 13:33:13 2014 -0600

    Fix additional issue with _member_ role creation
    
    I removed the '--tenant' option from the admin user/tenant
    creation step because the latter needs only the admin role.
    Also, I provided an explanation about automatic assignment
    and/or creation of the _member_ role.
    
    Change-Id: I036ae43b73c8ca469e04e8090e197d57a7a5f5d0
    Closes-Bug: #1403136
    backport: juno


** Changed in: openstack-manuals
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1403136

Title:
  Create tenants, users, and roles in OpenStack Installation Guide for
  Ubuntu 14.04  - juno

Status in OpenStack Identity (Keystone):
  In Progress
Status in OpenStack Manuals:
  Fix Released

Bug description:
  "e. By default, the dashboard limits access to users with the _member_
  role. Create the _member_ role:"

  The first sentence is true, but keystone will automatically create the
  _member_ role if it does not exist.

  I discovered this while tracking down an error:  "keystone user-
  create" resulted in a "duplicate entry" error. The sequence is like
  this:

  1) As described in the doc, I run "keystone role-create --name _member_". The role is created and assigned a random ID.
  2) On "user-create", keystone wants to assign the _member_ role to the new user. It looks up member_role_id in keystone.conf, finds none (the member_role_id does not match the ID from step 1)
  3) keystone now tries to create the _member_ role, but this fails since the name already exists.

  So by not creating the "_member_" role myself, the problem is averted.
  That's why I'm opening a bug against docs.... another fix would be for
  keystone to do the lookup by name instead, but I assume the keystone
  team has a good reason for not doing so.

  I'm using the v2 API with SQL backend.

  -----------------------------------
  Built: 2014-12-09T01:28:32 00:00
  git SHA: 6d3c276487be990722bc423642ffb05217d77289
  URL: http://docs.openstack.org/juno/install-guide/install/apt/content/keystone-users.html
  source File: file:/home/jenkins/workspace/openstack-manuals-tox-doc-publishdocs/doc/install-guide/section_keystone-users.xml
  xml:id: keystone-users

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1403136/+subscriptions