domain-setup action fails when using keystone v3 api
Bug #1593164 reported by
Liam Young
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Heat Charm |
Fix Released
|
High
|
Edward Hope-Morley | ||
heat (Juju Charms Collection) |
Invalid
|
High
|
Edward Hope-Morley |
Bug Description
The domain-setup action uses the credentials of the heat-cfn_heat user. However, this user lacks the Admin role so is unable to query or manage domains. This means that the domain-setup action fails. I think the keystone charm could be updated to grant domain admin to the service users or the heat charm could grow a identity-admin relation. If the latter is implemented then Bug #1593160 will need fixing first.
Workaround is ti create the domain manually:
openstack role add --domain admin_domain --user heat-cfn_heat Admin
tags: | added: ks-v3 openstack |
Changed in charm-heat: | |
assignee: | nobody → Edward Hope-Morley (hopem) |
importance: | Undecided → High |
status: | New → Fix Committed |
Changed in heat (Juju Charms Collection): | |
status: | Fix Committed → Invalid |
Changed in charm-heat: | |
milestone: | none → 17.02 |
Changed in charm-heat: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
We now have a service_domain for this very purpose so this can fixed with:
diff --git a/templates/ admin-openrc- v3 b/templates/ admin-openrc- v3 admin-openrc- v3 admin-openrc- v3 DOMAIN_ ID=default DOMAIN_ ID=default DOMAIN_ NAME=service_ domain DOMAIN_ NAME=service_ domain API_VERSION= 3
index e5ee6aa..f6fb90d 100644
--- a/templates/
+++ b/templates/
@@ -4,7 +4,7 @@ export OS_PASSWORD={{ admin_password }}
export OS_AUTH_URL={{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}/v3
export OS_USERNAME={{ admin_user }}
export OS_TENANT_NAME={{ admin_tenant_name }}
-export OS_PROJECT_
-export OS_USER_
+export OS_PROJECT_
+export OS_USER_
export OS_PROJECT_NAME={{ admin_tenant_name }}
export OS_IDENTITY_