Role conflict when importing nova auth
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Undecided
|
Mark McLoughlin | ||
Essex |
Fix Released
|
Undecided
|
Unassigned | ||
keystone (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
To migrate from Nova's deprecated auth to keystone, I did:
$> sudo ADMIN_PASSWORD=
$> sudo nova-manage export auth > auth-export.json
$> sudo keystone-manage import_nova_auth auth-export.json
File "/usr/lib/
raise exception.
keystone.
'") 'INSERT INTO role (id, name) VALUES (%s, %s)' ('b8a2ed868ea24
This sample data script is included in the Fedora packages and based on devstack's similar script. Perhaps it shouldn't be adding the sysadmin role. Perhaps the script is just a bad idea. Whatever.
It seems to me, though, that there's no particular need for import_nova_auth to barf if a role already exists. If the role exists, we can happily use it and there's no worry that the existing role doesn't match the desired role since a role is just a name.
Proposing a patch to make import_nova_auth only create roles if they don't already exist.
Changed in keystone: | |
milestone: | none → folsom-1 |
Changed in keystone: | |
status: | Fix Committed → Fix Released |
Changed in keystone (Ubuntu): | |
status: | New → In Progress |
Changed in keystone (Ubuntu Precise): | |
status: | New → In Progress |
Changed in keystone: | |
milestone: | folsom-1 → 2012.2 |
Fix proposed to branch: master /review. openstack. org/5993
Review: https:/