OpenStack-Ansible

Multiple domains in keystone breaks in 12.0.6

Bug #1547542 reported by Major Hayden on 2016-02-19

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
OpenStack-Ansible	Fix Released	High	Major Hayden	OpenStack-Ansible mitaka-3
Liberty	Fix Released	High	Major Hayden	OpenStack-Ansible 12.0.8
Trunk	Fix Released	High	Major Hayden	OpenStack-Ansible mitaka-3

Bug Description

The changes in https://review.openstack.org/#/c/258015/ are helpful for enabling multi-domain support in Keystone in 12.0.6, but they leave the old /etc/keystone/domains/keystone.Default.conf behind in the Keystone containers. A problem happens when you have the following:

* Start with 12.0.5 or earlier
* Upgrade to 12.0.6
* Add an additional LDAP domain in Keystone

Keystone throws this error:

ERROR (InternalServerError): The Keystone domain-specific configuration has specified more than one SQL driver (only one is permitted): ['/etc/keystone/domains/keystone.Default.conf']. (HTTP 500) (Request-ID: req-a09133eb-bf6c-4f88-9e15-43bc1e8794ad)

That's because the old /etc/keystone/domains/keystone.Default.conf is still present in the Keystone containers. Remove the file, restart Keystone, and the errors go away.

Major Hayden (rackerhacker) on 2016-02-19

Changed in openstack-ansible:
assignee:	nobody → Major Hayden (rackerhacker)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-02-19: Fix proposed to openstack-ansible (master)

Fix proposed to branch: master
Review: https://review.openstack.org/282368

Changed in openstack-ansible:
status:	New → In Progress

Revision history for this message

Major Hayden (rackerhacker) wrote on 2016-02-19:

This affects Mitaka, too.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-03-02: Fix proposed to openstack-ansible-os_keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/287440

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-03-02: Fix proposed to openstack-ansible (master)

Fix proposed to branch: master
Review: https://review.openstack.org/287444

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-03-02: Change abandoned on openstack-ansible (master)

Change abandoned by Major Hayden (<email address hidden>) on branch: master
Review: https://review.openstack.org/282368
Reason: Replaced by: https://review.openstack.org/#/c/287440/ and https://review.openstack.org/#/c/287444/

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-03-03: Fix merged to openstack-ansible-os_keystone (master)

Reviewed: https://review.openstack.org/287440
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-os_keystone/commit/?id=299690795b500d5299940e214b1777bd85dfdc01
Submitter: Jenkins
Branch: master

commit 299690795b500d5299940e214b1777bd85dfdc01
Author: Major Hayden <email address hidden>
Date: Wed Mar 2 15:30:04 2016 -0600

Remove dangling Default domain cfg file

    The multi-domain LDAP support added in
    Ifa4c42f7dbcc40a256a3156f74f0150384f9ab87 left behind a
    keystone.Default.conf file that causes Keystone errors when adding a
    new domain backed by LDAP. This patch removes the file unless the
    deployer has specifically created a domain called 'Default'.

This is an IRR rework of change I50ca6c1133c663aa374e45a04f7d0d53171d6941.

Closes-bug: 1547542

Change-Id: I309ac13812c64c6e3df5cac6adff5fc68900af60

Changed in openstack-ansible:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-03-03: Fix merged to openstack-ansible (master)

Reviewed: https://review.openstack.org/287444
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=ee58049ce02336c820c11b33d45399c93db84e3c
Submitter: Jenkins
Branch: master

commit ee58049ce02336c820c11b33d45399c93db84e3c
Author: Major Hayden <email address hidden>
Date: Wed Mar 2 15:16:57 2016 -0600

Release notes for dangling domain fix

This patch contains release notes for the fix proposed in
change I309ac13812c64c6e3df5cac6adff5fc68900af60.

    Closes-bug: 1547542
    Depends-On: I309ac13812c64c6e3df5cac6adff5fc68900af60
    Change-Id: Id53fd741ed627b09527a7b742d59b61862f67381

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-03-04: Fix proposed to openstack-ansible (liberty)

Fix proposed to branch: liberty
Review: https://review.openstack.org/288458

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-03-04: Fix merged to openstack-ansible (liberty)

Reviewed: https://review.openstack.org/288458
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=aafb287c649d5e2a90ddd03c7a88a13f20bd080f
Submitter: Jenkins
Branch: liberty

commit aafb287c649d5e2a90ddd03c7a88a13f20bd080f
Author: Major Hayden <email address hidden>
Date: Fri Mar 4 07:49:23 2016 -0600

Remove dangling Default domain cfg file

    The multi-domain LDAP support added in 12.0.6 left behind a
    keystone.Default.conf file that causes Keystone errors when adding a
    new domain backed by LDAP. This patch removes the file unless the
    deployer has specifically created a domain called 'Default'.

    This is a combined backport of:
     - https://review.openstack.org/287440 (patch)
     - https://review.openstack.org/287444 (release notes)

Closes-bug: 1547542

Change-Id: I28cbd9afece968002db10e899c5172f1fd3dcc1a

Revision history for this message

Davanum Srinivas (DIMS) (dims-v) wrote on 2016-04-18: Fix included in openstack/openstack-ansible 13.0.0

#10

This issue was fixed in the openstack/openstack-ansible 13.0.0 release.

Revision history for this message

Davanum Srinivas (DIMS) (dims-v) wrote on 2016-05-03: Fix included in openstack/openstack-ansible 12.0.11

#11

This issue was fixed in the openstack/openstack-ansible 12.0.11 release.

Revision history for this message