keystone integration with LDAP broken in containerized deployment, manually keystone restart needed
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
High
|
Juan Antonio Osorio Robles |
Bug Description
after successful fresh Openstack Pike deploy, the keystone v3 domain for the Active Directory environment was created, however, I could not get any users to return. Once I restarted the keystone processes within the keystone docker container, it started working:
[root@controller1 heat-admin]# docker exec -it keystone pkill -HUP -f keystone
Version-Release number of selected component (if applicable):
How reproducible:
(overcloud) [stack@openstack ~]$ openstack domain list
+------
| ID | Name | Enabled | Description |
+------
| 58acbdc9da0b4ad
| c31ba5db93e649f
| default | Default | True | The default domain |
+------
(overcloud) [stack@openstack ~]$ openstack user list --domain lab
(overcloud) [stack@openstack ~]$ openstack user list --domain lab
(overcloud) [stack@openstack ~]$ openstack user list --domain lab
(overcloud) [stack@openstack ~]$ openstack user list --domain lab
(overcloud) [stack@openstack ~]$ openstack user list --domain lab
[root@controller1 heat-admin]# docker exec -it keystone pkill -HUP -f keystone
(overcloud) [stack@openstack ~]$ openstack user list --domain lab
+------
| ID | Name |
+------
| 7ebf8923d6a1532
| 49c22aa30671986
| aae9ca159631e25
| 809b820c83b179d
| 7662775af3175ed
| 11d4448b62a3f6b
| 47540c6e6c444eb
| ee7b53d02827adb
+------
(overcloud) [stack@
Steps to Reproduce:
1. on directory, run `sed -i 's/puppet_tags\: keystone_
2. deploy fresh OpenStack Pike using keystone_
3. run source ~/overcloudrc.v3; openstack user list --domain DOMAIN_NAME. this will result in no users being returned
Additional info:
This is how I fixed it after deployment:
1. ssh to all controllers and run sudo docker exec -it keystone pkill -HUP -f keystone
2. run source ~/overcloudrc.v3; openstack user list --domain DOMAIN_NAME. this will result in LDAP users returned (given your LDAP configs are correct)
Changed in tripleo: | |
status: | New → Triaged |
importance: | Undecided → High |
milestone: | none → queens-rc1 |
Changed in tripleo: | |
milestone: | queens-rc1 → rocky-1 |
Fix proposed to branch: master /review. openstack. org/557736
Review: https:/