2016-01-19 01:21:32 |
Dave Chen |
description |
If `keystone-manage bootstrap` fails with the role already exists (this may happen if someone use OSC CLI created a role but someone else want to boostrap a set of `user`, `project` or `role` without aware of the role has already created.), the project or user can still be created successfully.
And then if redefine the role, `keystone-manage bootstrap` will still fail since `user`, `project` have been created, but `keystone-manage bootstrap` cannot handle with this.
See the example:
dave@shldeOTCopen005:~$ keystone-manage bootstrap --bootstrap-username bootstrap_user --bootstrap-project-name bootstrap_project --bootstrap-role-name admin --bootstrap-password abc123
25784 TRACE keystone details=_('Duplicate Entry'))
25784 TRACE keystone Conflict: Conflict occurred attempting to store role - Duplicate Entry
25784 TRACE keystone
change the role to `bootstrap_role` ...
dave@shldeOTCopen005:~$ keystone-manage bootstrap --bootstrap-username bootstrap_user --bootstrap-project-name bootstrap_project --bootstrap-role-name bootstrap_role --bootstrap-password abc123
25813 TRACE keystone details=_('Duplicate Entry'))
25813 TRACE keystone Conflict: Conflict occurred attempting to store project - Duplicate Entry
25813 TRACE keystone
So, if we want to boostrap again, we need delete project, user manually, this is not friendly to end user.
`keystone-manage bootstrap` should not create any `user`, `project` if the command is not executed successfully. |
If `keystone-manage bootstrap` fails with the role already exists (this may happen if someone use OSC CLI created a role but someone else want to boostrap a set of `user`, `project` or `role` without aware of the role has already created.), the project or user can still be created successfully.
And then if redefine the role, `keystone-manage bootstrap` will still fail since `user`, `project` have been created, but `keystone-manage bootstrap` cannot handle with this.
See the example:
dave@shldeOTCopen005:~$ keystone-manage bootstrap --bootstrap-username bootstrap_user --bootstrap-project-name bootstrap_project --bootstrap-role-name admin --bootstrap-password abc123
25784 TRACE keystone details=_('Duplicate Entry'))
25784 TRACE keystone Conflict: Conflict occurred attempting to store role - Duplicate Entry
25784 TRACE keystone
change the role to `bootstrap_role` ...
dave@shldeOTCopen005:~$ keystone-manage bootstrap --bootstrap-username bootstrap_user --bootstrap-project-name bootstrap_project --bootstrap-role-name bootstrap_role --bootstrap-password abc123
25813 TRACE keystone details=_('Duplicate Entry'))
25813 TRACE keystone Conflict: Conflict occurred attempting to store project - Duplicate Entry
25813 TRACE keystone
So, if we want to boostrap again, we need delete project, user manually, this is not friendly to end user.
`keystone-manage bootstrap` should not create any `user`, `project` if the command is not executed successfully.
According to the comments from Morgan, the `user`, `project` or `role` should be created but the real issue is that assignment cannot be created if either of them exists, see the comments #2 for the updated. |
|