yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1698455] [NEW] Install and configure in Installation Guide: Populate the Identity service database step fails on CentOS7

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1698455@xxxxxxxxxxxxxxxxxx>
Date: Tue, 12 Sep 2017 22:29:02 -0000
Reply-to: Bug 1698455 <1698455@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
You have been subscribed to a public bug:

- [X] This doc is inaccurate in this way:

Failure in step "3. Populate the Identity service database:" of https://docs.openstack.org/ocata/install-guide-rdo/keystone-install.html
su -s /bin/sh -c "keystone-manage db_sync" keystone

A similar problem has been reported at https://ask.openstack.org/en/question/52838/error-when-creating-administrative-tenant-cento7-juno/
How to reproduce:

[root@controller ~]# whoami
root
[root@controller ~]# hostname
controller
[root@controller ~]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
[root@controller ~]# rpm -q centos-release-openstack-ocata
centos-release-openstack-ocata-1-1.el7.noarch
[root@controller ~]# rpm -q mariadb-server
mariadb-server-10.1.20-1.el7.x86_64
[root@controller ~]# echo 'SHOW GRANTS FOR keystone' | mysql -uroot -pDBpass
Grants for keystone@%
GRANT USAGE ON *.* TO 'keystone'@'%' IDENTIFIED BY PASSWORD '*61D672B503D8DD7C9992AA31B0AC5B7DC43887AB'
GRANT ALL PRIVILEGES ON `keystone`.* TO 'keystone'@'%'
[root@controller ~]# echo 'SELECT HOST, USER from user\G' | mysql -uroot -pDBpass mysql
*************************** 1. row ***************************
HOST: %
USER: keystone
*************************** 2. row ***************************
HOST: 127.0.0.1
USER: root
*************************** 3. row ***************************
HOST: ::1
USER: root
*************************** 4. row ***************************
HOST: localhost
USER: keystone
*************************** 5. row ***************************
HOST: localhost
USER: root
[root@controller ~]# echo > /var/log/keystone/keystone.log
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone; echo $?
1
[root@controller ~]# tail /var/log/keystone/keystone.log
2017-06-16 20:04:40.519 17512 ERROR keystone   File "/usr/lib/python2.7/site-packages/pymysql/connections.py", line 1124, in _request_authentication
2017-06-16 20:04:40.519 17512 ERROR keystone     auth_packet = self._read_packet()
2017-06-16 20:04:40.519 17512 ERROR keystone   File "/usr/lib/python2.7/site-packages/pymysql/connections.py", line 991, in _read_packet
2017-06-16 20:04:40.519 17512 ERROR keystone     packet.check_error()
2017-06-16 20:04:40.519 17512 ERROR keystone   File "/usr/lib/python2.7/site-packages/pymysql/connections.py", line 393, in check_error
2017-06-16 20:04:40.519 17512 ERROR keystone     err.raise_mysql_exception(self._data)
2017-06-16 20:04:40.519 17512 ERROR keystone   File "/usr/lib/python2.7/site-packages/pymysql/err.py", line 107, in raise_mysql_exception
2017-06-16 20:04:40.519 17512 ERROR keystone     raise errorclass(errno, errval)
2017-06-16 20:04:40.519 17512 ERROR keystone OperationalError: (pymysql.err.OperationalError) (1045, u"Access denied for user 'keystone'@'controller' (using \
password: YES)")
2017-06-16 20:04:40.519 17512 ERROR keystone


- [X] I have a fix to the document that I can paste below including example: input and output. 

A possible solution is to add a grant for 'keystone'@'controller' in the
"Grant proper access to the keystone database" section:

[root@controller ~]# echo "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'controller' IDENTIFIED BY 'KEYSTONE_DBPASS';" | mysql -uroot -pDBpass
[root@controller ~]# echo > /var/log/keystone/keystone.log
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone; echo $?
0


-----------------------------------
Release: 15.0.0 on 2017-06-12 16:28
SHA: 839afb2adab31b0a283c212fc73bc82d4775e7f4
Source: https://git.openstack.org/cgit/openstack/openstack-manuals/tree/doc/install-guide/source/keystone-install.rst
URL: https://docs.openstack.org/ocata/install-guide-rdo/keystone-install.html

** Affects: keystone
     Importance: Medium
         Status: Confirmed


** Tags: install-guide
-- 
Install and configure in Installation Guide: Populate the Identity service database step fails on CentOS7
https://bugs.launchpad.net/bugs/1698455
You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone).