yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #67486
[Bug 1698455] [NEW] Install and configure in Installation Guide: Populate the Identity service database step fails on CentOS7
You have been subscribed to a public bug:
- [X] This doc is inaccurate in this way:
Failure in step "3. Populate the Identity service database:" of https://docs.openstack.org/ocata/install-guide-rdo/keystone-install.html
su -s /bin/sh -c "keystone-manage db_sync" keystone
A similar problem has been reported at https://ask.openstack.org/en/question/52838/error-when-creating-administrative-tenant-cento7-juno/
How to reproduce:
[root@controller ~]# whoami
root
[root@controller ~]# hostname
controller
[root@controller ~]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
[root@controller ~]# rpm -q centos-release-openstack-ocata
centos-release-openstack-ocata-1-1.el7.noarch
[root@controller ~]# rpm -q mariadb-server
mariadb-server-10.1.20-1.el7.x86_64
[root@controller ~]# echo 'SHOW GRANTS FOR keystone' | mysql -uroot -pDBpass
Grants for keystone@%
GRANT USAGE ON *.* TO 'keystone'@'%' IDENTIFIED BY PASSWORD '*61D672B503D8DD7C9992AA31B0AC5B7DC43887AB'
GRANT ALL PRIVILEGES ON `keystone`.* TO 'keystone'@'%'
[root@controller ~]# echo 'SELECT HOST, USER from user\G' | mysql -uroot -pDBpass mysql
*************************** 1. row ***************************
HOST: %
USER: keystone
*************************** 2. row ***************************
HOST: 127.0.0.1
USER: root
*************************** 3. row ***************************
HOST: ::1
USER: root
*************************** 4. row ***************************
HOST: localhost
USER: keystone
*************************** 5. row ***************************
HOST: localhost
USER: root
[root@controller ~]# echo > /var/log/keystone/keystone.log
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone; echo $?
1
[root@controller ~]# tail /var/log/keystone/keystone.log
2017-06-16 20:04:40.519 17512 ERROR keystone File "/usr/lib/python2.7/site-packages/pymysql/connections.py", line 1124, in _request_authentication
2017-06-16 20:04:40.519 17512 ERROR keystone auth_packet = self._read_packet()
2017-06-16 20:04:40.519 17512 ERROR keystone File "/usr/lib/python2.7/site-packages/pymysql/connections.py", line 991, in _read_packet
2017-06-16 20:04:40.519 17512 ERROR keystone packet.check_error()
2017-06-16 20:04:40.519 17512 ERROR keystone File "/usr/lib/python2.7/site-packages/pymysql/connections.py", line 393, in check_error
2017-06-16 20:04:40.519 17512 ERROR keystone err.raise_mysql_exception(self._data)
2017-06-16 20:04:40.519 17512 ERROR keystone File "/usr/lib/python2.7/site-packages/pymysql/err.py", line 107, in raise_mysql_exception
2017-06-16 20:04:40.519 17512 ERROR keystone raise errorclass(errno, errval)
2017-06-16 20:04:40.519 17512 ERROR keystone OperationalError: (pymysql.err.OperationalError) (1045, u"Access denied for user 'keystone'@'controller' (using \
password: YES)")
2017-06-16 20:04:40.519 17512 ERROR keystone
- [X] I have a fix to the document that I can paste below including example: input and output.
A possible solution is to add a grant for 'keystone'@'controller' in the
"Grant proper access to the keystone database" section:
[root@controller ~]# echo "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'controller' IDENTIFIED BY 'KEYSTONE_DBPASS';" | mysql -uroot -pDBpass
[root@controller ~]# echo > /var/log/keystone/keystone.log
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone; echo $?
0
-----------------------------------
Release: 15.0.0 on 2017-06-12 16:28
SHA: 839afb2adab31b0a283c212fc73bc82d4775e7f4
Source: https://git.openstack.org/cgit/openstack/openstack-manuals/tree/doc/install-guide/source/keystone-install.rst
URL: https://docs.openstack.org/ocata/install-guide-rdo/keystone-install.html
** Affects: keystone
Importance: Medium
Status: Confirmed
** Tags: install-guide
--
Install and configure in Installation Guide: Populate the Identity service database step fails on CentOS7
https://bugs.launchpad.net/bugs/1698455
You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone).