Keystone v3 does not automatically create _member_ role

Bug #1474916 reported by Ian Cordasco on 2015-07-15
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openstack-ansible
High
Ian Cordasco
Kilo
High
Ian Cordasco
Trunk
High
Ian Cordasco

Bug Description

We previously relied on Keystone v2 automatically creating the _member_ role on first use. Keystone v3 does not include this behaviour. We need to create the _member_ role as a part of the playbooks. We also need to make sure that users created a default_project_id have authorization on that project.

Fix proposed to branch: master
Review: https://review.openstack.org/202194

Changed in openstack-ansible:
status: Confirmed → In Progress

Reviewed: https://review.openstack.org/202194
Committed: https://git.openstack.org/cgit/stackforge/os-ansible-deployment/commit/?id=e96a86a407dbdc71da45017c3b421b99f130fd6a
Submitter: Jenkins
Branch: master

commit e96a86a407dbdc71da45017c3b421b99f130fd6a
Author: Ian Cordasco <email address hidden>
Date: Wed Jul 15 12:07:08 2015 -0500

    Add default user role for Keystone & Horizon and tasks to create it

    In Keystone v3, the _member_ role is not implicitly created on first
    use like it is in v2.

    This patch adds variables to define the default role name for users:
     - keystone_default_role_name:
       this is the default role name from Keystone's point of view
     - horizon_default_role_name:
       this is the default user role from Horizon's point of view

    Both Keystone and Horizon's tasks ensure that the role they're using
    are registered in the Keystone database.

    To maintain backwards compatibility the default value for both
    variables is '_member_'.

    DocImpact
    Closes-bug: 1474916
    Change-Id: Ie01e1771c0b435815dfe55fc0ba9a6d803ebe958

Changed in openstack-ansible:
status: In Progress → Fix Committed

Reviewed: https://review.openstack.org/215900
Committed: https://git.openstack.org/cgit/stackforge/os-ansible-deployment/commit/?id=693016a67793d3f4abd9369848987440e46c9fd5
Submitter: Jenkins
Branch: kilo

commit 693016a67793d3f4abd9369848987440e46c9fd5
Author: Ian Cordasco <email address hidden>
Date: Wed Jul 15 12:07:08 2015 -0500

    Add default user role for Keystone & Horizon and tasks to create it

    In Keystone v3, the _member_ role is not implicitly created on first
    use like it is in v2.

    This patch adds variables to define the default role name for users:
     - keystone_default_role_name:
       this is the default role name from Keystone's point of view
     - horizon_default_role_name:
       this is the default user role from Horizon's point of view

    Both Keystone and Horizon's tasks ensure that the role they're using
    are registered in the Keystone database.

    To maintain backwards compatibility the default value for both
    variables is '_member_'.

    DocImpact
    Closes-bug: 1474916
    Change-Id: Ie01e1771c0b435815dfe55fc0ba9a6d803ebe958
    (cherry picked from commit e96a86a407dbdc71da45017c3b421b99f130fd6a)

This issue was fixed in the openstack/openstack-ansible 11.2.14 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers