Juju Charms Collection
heat package

domain-setup action fails when using keystone v3 api

Bug #1593164 reported by Liam Young
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Heat Charm
Fix Released
High
Edward Hope-Morley
OpenStack Heat Charm 17.02
heat (Juju Charms Collection)
Invalid
High
Edward Hope-Morley
Juju Charms Collection 17.01

Bug Description

The domain-setup action uses the credentials of the heat-cfn_heat user. However, this user lacks the Admin role so is unable to query or manage domains. This means that the domain-setup action fails. I think the keystone charm could be updated to grant domain admin to the service users or the heat charm could grow a identity-admin relation. If the latter is implemented then Bug #1593160 will need fixing first.

Workaround is ti create the domain manually:
openstack role add --domain admin_domain --user heat-cfn_heat Admin

Edward Hope-Morley (hopem)
tags: added: ks-v3 openstack
Revision history for this message
Edward Hope-Morley (hopem) wrote :

We now have a service_domain for this very purpose so this can fixed with:

diff --git a/templates/admin-openrc-v3 b/templates/admin-openrc-v3
index e5ee6aa..f6fb90d 100644
--- a/templates/admin-openrc-v3
+++ b/templates/admin-openrc-v3
@@ -4,7 +4,7 @@ export OS_PASSWORD={{ admin_password }}
 export OS_AUTH_URL={{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}/v3
 export OS_USERNAME={{ admin_user }}
 export OS_TENANT_NAME={{ admin_tenant_name }}
-export OS_PROJECT_DOMAIN_ID=default
-export OS_USER_DOMAIN_ID=default
+export OS_PROJECT_DOMAIN_NAME=service_domain
+export OS_USER_DOMAIN_NAME=service_domain
 export OS_PROJECT_NAME={{ admin_tenant_name }}
 export OS_IDENTITY_API_VERSION=3

Changed in heat (Juju Charms Collection):
assignee: nobody → Edward Hope-Morley (hopem)
milestone: none → 17.01
importance: Undecided → High
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-heat (master)

Fix proposed to branch: master
Review: https://review.openstack.org/434807

Changed in heat (Juju Charms Collection):
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-heat (master)

Reviewed: https://review.openstack.org/434807
Committed: https://git.openstack.org/cgit/openstack/charm-heat/commit/?id=040a42d51ad6c38ad1cfee9394ba5f062d87d449
Submitter: Jenkins
Branch: master

commit 040a42d51ad6c38ad1cfee9394ba5f062d87d449
Author: Edward Hope-Morley <email address hidden>
Date: Thu Feb 16 10:53:18 2017 +0000

    Use service-domain for domain setup action

    Change-Id: Ieced5c7552a45874ad920c0e0e1ab1cd44c73d00
    Closes-Bug: 1593164

Changed in heat (Juju Charms Collection):
status: In Progress → Fix Committed
James Page (james-page)
Changed in charm-heat:
assignee: nobody → Edward Hope-Morley (hopem)
importance: Undecided → High
status: New → Fix Committed
Changed in heat (Juju Charms Collection):
status: Fix Committed → Invalid
James Page (james-page)
Changed in charm-heat:
milestone: none → 17.02
James Page (james-page)
Changed in charm-heat:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.