devstack

Cannot use v2 authentication with domain scope

Bug #1544353 reported by John Studarus
18
This bug affects 4 people
Affects Status Importance Assigned to Milestone
devstack
Expired
Undecided
Unassigned

Bug Description

Pulled the latest devstack, copied over the defaults from sample and ran ./stack.sh

git clone https://git.openstack.org/openstack-dev/devstack
cd devstack/
cp samples/* .
./stack.sh

Ran through and eventually failed complaining about using domain scope in v2 authentication

2016-02-10 20:19:44.853 | + ./stack.sh:main:L1345: [[ -x /home/studarus/devstack/local.sh ]]
2016-02-10 20:19:44.853 | + ./stack.sh:main:L1346: echo 'Running user script /home/studarus/devstack/local.sh'
2016-02-10 20:19:44.854 | Running user script /home/studarus/devstack/local.sh
2016-02-10 20:19:44.855 | + ./stack.sh:main:L1347: /home/studarus/devstack/local.sh
2016-02-10 20:19:50.293 | ERROR (DiscoveryFailure): Cannot use v2 authentication with domain scope
2016-02-10 20:19:58.767 | ERROR (DiscoveryFailure): Cannot use v2 authentication with domain scope
2016-02-10 20:19:59.933 | ERROR (DiscoveryFailure): Cannot use v2 authentication with domain scope
2016-02-10 20:20:00.685 | ERROR (DiscoveryFailure): Cannot use v2 authentication with domain scope
2016-02-10 20:20:00.735 | ++ ./stack.sh:main:L1347: err_trap
2016-02-10 20:20:00.735 | ++ ./stack.sh:err_trap:L504: local r=1
2016-02-10 20:20:00.736 | stack.sh failed: full log in /opt/stack/logs/stack.sh.log.2016-02-10-115107
2016-02-10 20:20:00.742 | Error on exit

If I comment out the DOMAIN lines from stack.sh everything starts up OK.

studarus@devstack:~/devstack$ git diff stack.sh
diff --git a/stack.sh b/stack.sh
index c21ff77..98789bc 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1020,10 +1020,10 @@ if is_service_enabled keystone; then
 export OS_IDENTITY_API_VERSION=3
 export OS_AUTH_URL=$KEYSTONE_AUTH_URI
 export OS_USERNAME=admin
-export OS_USER_DOMAIN_ID=default
+#export OS_USER_DOMAIN_ID=default
 export OS_PASSWORD=$ADMIN_PASSWORD
 export OS_PROJECT_NAME=admin
-export OS_PROJECT_DOMAIN_ID=default
+#export OS_PROJECT_DOMAIN_ID=default
 export OS_REGION_NAME=$REGION_NAME

 EOF

This is pretty much right out of the box Ubuntu so I was surprised I had to make a change to get out of the box functionality to work. Seems that this should be applied so that devstack works for everyone right out of the box.

Revision history for this message
Zeyu Ye (shuliyey) wrote :

+1, thank you so much for showing the work around on this

Revision history for this message
John Studarus (g-john-j) wrote :

I just reran this on Trusty 14.04 and the problem is no longer there so I'm closing this out.

Changed in devstack:
status: New → Incomplete
Revision history for this message
Kevin Chang (inburningwetrust) wrote :

i`m running this on 14.04 as well and just received the same error upon trying to run stack.sh

Revision history for this message
John Studarus (g-john-j) wrote :

Don't copy over "local.sh" from the samples directory. You can run devstack OK without local.sh (you just need local.conf). I think there is something in local.sh that uses the wrong version of Keystone.

local.sh just sets up some keys, a security rule and a new flavor size. Nothing you can't do by hand via Horizon.

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for devstack because there has been no activity for 60 days.]

Changed in devstack:
status: Incomplete → Expired
Revision history for this message
Sudeep Batra (sudeep.batra) wrote :

It seems I had to source admin to make it work.
source ./accrc/admin/admin

source openrc didnt work for me ( for Ubuntu 14.04).

Revision history for this message
Yuri Ismailov (yuritrea) wrote :

Had the same problem installing Mitaka on Ubuntu 16.04.1 (Xenial)
Actually it seems to be reasonable as Mitaka does not support auth api v2 and v2, in turn, does not support domains in Openstack.
The work around I applied was to change line in stackrc file where the variable ENABLE_IDENTITY_V2 is set to "False" instead of to "True" as for original file
This does the work and probably should be like this for latest Openstack releases

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.