OpenStack-Ansible

Set OpenStack service usernames and passwords to reference their own variables and work with LDAP Keystone Identity Backend

Bug #1519174 reported by James Thorne
24
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack-Ansible
Fix Released
High
Kevin Carter
OpenStack-Ansible mitaka-2
Kilo
Fix Released
High
Jesse Pretorius
OpenStack-Ansible 11.2.7
Liberty
Fix Released
High
Jesse Pretorius
OpenStack-Ansible 12.0.3
Trunk
Fix Released
High
Kevin Carter
OpenStack-Ansible mitaka-2

Bug Description

With the changes to allow modifying the OpenStack service usernames and passwords, a handful of Playbooks did not reference their respective variables. This bug report fixes those handful of cases.

Typically, the OpenStack service usernames and passwords will be changed when backing the Keystone Identity service with LDAP. This bug report also includes fixes to not run the "Ensure project user" and "Ensure project user to admin role" Ansible tasks when the Keystone Identity is backed by LDAP. Those Ansible tasks will fail unless the OpenStack service usernames and passwords are changed prior to configuring LDAP. It seems more prudent to not change the OpenStack service usernames and passwords beforehand so you still have the ability to easily remove LDAP and go back to a prior working default state.

This bug report replaces the following three bug reports:

https://bugs.launchpad.net/openstack-ansible/+bug/1518162

https://bugs.launchpad.net/openstack-ansible/+bug/1518169

https://bugs.launchpad.net/openstack-ansible/+bug/1518168

Revision history for this message
James Thorne (james-thorne) wrote :
Revision history for this message
Jesse Pretorius (jesse-pretorius) wrote :

May relate to https://review.openstack.org/248900

Revision history for this message
Jesse Pretorius (jesse-pretorius) wrote :

Also relates to https://review.openstack.org/238509

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible (master)

Reviewed: https://review.openstack.org/248900
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=2559ed4f13cd242c9f02cd023a7242db56650b0d
Submitter: Jenkins
Branch: master

commit 2559ed4f13cd242c9f02cd023a7242db56650b0d
Author: Kevin Carter <email address hidden>
Date: Mon Nov 23 14:35:16 2015 -0600

    Fixes playbook runtime issues with ldap

    When using an LDAP backend the plabooks fail when "ensuring.*"
    which is a keystone client action. The reason for the failure is
    related to how ldap backend, and is triggered when the service
    users are within the ldap and not SQL. To resolve the issue a boolean
    conditional was created on the various OS_.* roles to skip specific
    tasks when the service users have already been added into LDAP.

    Change-Id: I64a8d1e926c54b821f8bfb561a8b6f755bc1ed93
    Closes-Bug: #1518351
    Closes-Bug: #1519174
    Signed-off-by: Kevin Carter <email address hidden>

Changed in openstack-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.openstack.org/238509
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=f490880abecd5d3e2acf2642024dab7a02c08975
Submitter: Jenkins
Branch: master

commit f490880abecd5d3e2acf2642024dab7a02c08975
Author: Kevin Carter <email address hidden>
Date: Fri Nov 20 11:59:12 2015 -0600

    Keystone domain fix

    The keystone module is not able to function when using Keystone
    and the multi-domain backend. This issue is caused because the
    domain argument is not passed into the client calls. to resolve
    this issue the module has been updated to pass through the domain
    to the various client calls where needed

    Closes-Bug: #1518351
    Closes-Bug: #1519174
    Change-Id: Ie19f1658d770cc421e23ebb59e658624cf668840
    Co-Authored-By: Tiago Gomes <email address hidden>
    Co-Authored-By: Ian Cordasco <email address hidden>
    Signed-off-by: Kevin Carter <email address hidden>

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible (kilo)

Reviewed: https://review.openstack.org/238515
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=123f243b8ab90ca46fb388a50b9c6a71550cc360
Submitter: Jenkins
Branch: kilo

commit 123f243b8ab90ca46fb388a50b9c6a71550cc360
Author: Kevin Carter <email address hidden>
Date: Fri Nov 20 11:59:12 2015 -0600

    Keystone domain fix

    The keystone module is not able to function when using Keystone
    and the multi-domain backend. This issue is caused because the
    domain argument is not passed into the client calls. to resolve
    this issue the module has been updated to pass through the domain
    to the various client calls where needed

    Closes-Bug: #1518351
    Closes-Bug: #1519174
    Change-Id: Ie19f1658d770cc421e23ebb59e658624cf668840
    Co-Authored-By: Tiago Gomes <email address hidden>
    Co-Authored-By: Ian Cordasco <email address hidden>
    Signed-off-by: Kevin Carter <email address hidden>
    (cherry picked from commit f490880abecd5d3e2acf2642024dab7a02c08975)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.openstack.org/253658
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=b73c95d80a202cc5df61760bb706ec65a2b44783
Submitter: Jenkins
Branch: kilo

commit b73c95d80a202cc5df61760bb706ec65a2b44783
Author: Kevin Carter <email address hidden>
Date: Mon Nov 23 14:35:16 2015 -0600

    Fixes playbook runtime issues with ldap

    When using an LDAP backend the playbooks fail when "ensuring.*"
    which is a keystone client action. The reason for the failure is
    related to how ldap backend, and is triggered when the service
    users are within the ldap and not SQL. To resolve the issue a boolean
    conditional was created on the various OS_.* roles to skip specific
    tasks when the service users have already been added into LDAP.

    Change-Id: I64a8d1e926c54b821f8bfb561a8b6f755bc1ed93
    Closes-Bug: #1518351
    Closes-Bug: #1519174
    Signed-off-by: Kevin Carter <email address hidden>
    (cherry picked from commit 2559ed4f13cd242c9f02cd023a7242db56650b0d)
    Signed-off-by: Kevin Carter <email address hidden>

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible (liberty)

Reviewed: https://review.openstack.org/255204
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=b6c8ed850c48ec0595374135b486607723f676e4
Submitter: Jenkins
Branch: liberty

commit b6c8ed850c48ec0595374135b486607723f676e4
Author: Kevin Carter <email address hidden>
Date: Mon Nov 23 14:35:16 2015 -0600

    Fixes playbook runtime issues with ldap

    When using an LDAP backend the plabooks fail when "ensuring.*"
    which is a keystone client action. The reason for the failure is
    related to how ldap backend, and is triggered when the service
    users are within the ldap and not SQL. To resolve the issue a boolean
    conditional was created on the various OS_.* roles to skip specific
    tasks when the service users have already been added into LDAP.

    Change-Id: I64a8d1e926c54b821f8bfb561a8b6f755bc1ed93
    Closes-Bug: #1518351
    Closes-Bug: #1519174
    Signed-off-by: Kevin Carter <email address hidden>
    (cherry picked from commit 2559ed4f13cd242c9f02cd023a7242db56650b0d)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.openstack.org/256024
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=fb4a381b227a2cb639c37b97bdc97b82f155b8bc
Submitter: Jenkins
Branch: liberty

commit fb4a381b227a2cb639c37b97bdc97b82f155b8bc
Author: Kevin Carter <email address hidden>
Date: Fri Nov 20 11:59:12 2015 -0600

    Keystone domain fix

    The keystone module is not able to function when using Keystone
    and the multi-domain backend. This issue is caused because the
    domain argument is not passed into the client calls. to resolve
    this issue the module has been updated to pass through the domain
    to the various client calls where needed

    Closes-Bug: #1518351
    Closes-Bug: #1519174
    Change-Id: Ie19f1658d770cc421e23ebb59e658624cf668840
    Co-Authored-By: Tiago Gomes <email address hidden>
    Co-Authored-By: Ian Cordasco <email address hidden>
    Signed-off-by: Kevin Carter <email address hidden>
    (cherry picked from commit f490880abecd5d3e2acf2642024dab7a02c08975)

Revision history for this message
Davanum Srinivas (DIMS) (dims-v) wrote : Fix included in openstack/openstack-ansible 11.2.11

This issue was fixed in the openstack/openstack-ansible 11.2.11 release.

Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/openstack-ansible 12.0.8

This issue was fixed in the openstack/openstack-ansible 12.0.8 release.

Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/openstack-ansible 11.2.12

This issue was fixed in the openstack/openstack-ansible 11.2.12 release.

Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/openstack-ansible 12.0.9

This issue was fixed in the openstack/openstack-ansible 12.0.9 release.

Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/openstack-ansible 13.0.0

This issue was fixed in the openstack/openstack-ansible 13.0.0 release.

Revision history for this message
Davanum Srinivas (DIMS) (dims-v) wrote :

This issue was fixed in the openstack/openstack-ansible 13.0.0 release.

Revision history for this message
Davanum Srinivas (DIMS) (dims-v) wrote : Fix included in openstack/openstack-ansible 12.0.11

This issue was fixed in the openstack/openstack-ansible 12.0.11 release.

Revision history for this message
Davanum Srinivas (DIMS) (dims-v) wrote : Fix included in openstack/openstack-ansible 11.2.14

This issue was fixed in the openstack/openstack-ansible 11.2.14 release.

Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/openstack-ansible 11.2.15

This issue was fixed in the openstack/openstack-ansible 11.2.15 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.