yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1698455] Re: Install and configure in Installation Guide: Populate the Identity service database step fails on CentOS7

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1698455@xxxxxxxxxxxxxxxxxx>
Date: Sat, 22 Dec 2018 04:17:44 -0000
Reply-to: Bug 1698455 <1698455@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
[Expired for OpenStack Identity (keystone) because there has been no
activity for 60 days.]

** Changed in: keystone
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1698455

Title:
  Install and configure in Installation Guide: Populate the Identity
  service database step fails on CentOS7

Status in OpenStack Identity (keystone):
  Expired

Bug description:
  - [X] This doc is inaccurate in this way:

  Failure in step "3. Populate the Identity service database:" of https://docs.openstack.org/ocata/install-guide-rdo/keystone-install.html
  su -s /bin/sh -c "keystone-manage db_sync" keystone

  A similar problem has been reported at https://ask.openstack.org/en/question/52838/error-when-creating-administrative-tenant-cento7-juno/
  How to reproduce:

  [root@controller ~]# whoami
  root
  [root@controller ~]# hostname
  controller
  [root@controller ~]# cat /etc/redhat-release
  CentOS Linux release 7.3.1611 (Core)
  [root@controller ~]# rpm -q centos-release-openstack-ocata
  centos-release-openstack-ocata-1-1.el7.noarch
  [root@controller ~]# rpm -q mariadb-server
  mariadb-server-10.1.20-1.el7.x86_64
  [root@controller ~]# echo 'SHOW GRANTS FOR keystone' | mysql -uroot -pDBpass
  Grants for keystone@%
  GRANT USAGE ON *.* TO 'keystone'@'%' IDENTIFIED BY PASSWORD '*61D672B503D8DD7C9992AA31B0AC5B7DC43887AB'
  GRANT ALL PRIVILEGES ON `keystone`.* TO 'keystone'@'%'
  [root@controller ~]# echo 'SELECT HOST, USER from user\G' | mysql -uroot -pDBpass mysql
  *************************** 1. row ***************************
  HOST: %
  USER: keystone
  *************************** 2. row ***************************
  HOST: 127.0.0.1
  USER: root
  *************************** 3. row ***************************
  HOST: ::1
  USER: root
  *************************** 4. row ***************************
  HOST: localhost
  USER: keystone
  *************************** 5. row ***************************
  HOST: localhost
  USER: root
  [root@controller ~]# echo > /var/log/keystone/keystone.log
  [root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone; echo $?
  1
  [root@controller ~]# tail /var/log/keystone/keystone.log
  2017-06-16 20:04:40.519 17512 ERROR keystone   File "/usr/lib/python2.7/site-packages/pymysql/connections.py", line 1124, in _request_authentication
  2017-06-16 20:04:40.519 17512 ERROR keystone     auth_packet = self._read_packet()
  2017-06-16 20:04:40.519 17512 ERROR keystone   File "/usr/lib/python2.7/site-packages/pymysql/connections.py", line 991, in _read_packet
  2017-06-16 20:04:40.519 17512 ERROR keystone     packet.check_error()
  2017-06-16 20:04:40.519 17512 ERROR keystone   File "/usr/lib/python2.7/site-packages/pymysql/connections.py", line 393, in check_error
  2017-06-16 20:04:40.519 17512 ERROR keystone     err.raise_mysql_exception(self._data)
  2017-06-16 20:04:40.519 17512 ERROR keystone   File "/usr/lib/python2.7/site-packages/pymysql/err.py", line 107, in raise_mysql_exception
  2017-06-16 20:04:40.519 17512 ERROR keystone     raise errorclass(errno, errval)
  2017-06-16 20:04:40.519 17512 ERROR keystone OperationalError: (pymysql.err.OperationalError) (1045, u"Access denied for user 'keystone'@'controller' (using \
  password: YES)")
  2017-06-16 20:04:40.519 17512 ERROR keystone

  
  - [X] I have a fix to the document that I can paste below including example: input and output. 

  A possible solution is to add a grant for 'keystone'@'controller' in
  the "Grant proper access to the keystone database" section:

  [root@controller ~]# echo "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'controller' IDENTIFIED BY 'KEYSTONE_DBPASS';" | mysql -uroot -pDBpass
  [root@controller ~]# echo > /var/log/keystone/keystone.log
  [root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone; echo $?
  0

  
  -----------------------------------
  Release: 15.0.0 on 2017-06-12 16:28
  SHA: 839afb2adab31b0a283c212fc73bc82d4775e7f4
  Source: https://git.openstack.org/cgit/openstack/openstack-manuals/tree/doc/install-guide/source/keystone-install.rst
  URL: https://docs.openstack.org/ocata/install-guide-rdo/keystone-install.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1698455/+subscriptions