Multiple domains in keystone breaks in 12.0.6

Bug #1547542 reported by Major Hayden on 2016-02-19
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openstack-ansible
High
Major Hayden
Liberty
High
Major Hayden
Trunk
High
Major Hayden

Bug Description

The changes in https://review.openstack.org/#/c/258015/ are helpful for enabling multi-domain support in Keystone in 12.0.6, but they leave the old /etc/keystone/domains/keystone.Default.conf behind in the Keystone containers. A problem happens when you have the following:

* Start with 12.0.5 or earlier
* Upgrade to 12.0.6
* Add an additional LDAP domain in Keystone

Keystone throws this error:

ERROR (InternalServerError): The Keystone domain-specific configuration has specified more than one SQL driver (only one is permitted): ['/etc/keystone/domains/keystone.Default.conf']. (HTTP 500) (Request-ID: req-a09133eb-bf6c-4f88-9e15-43bc1e8794ad)

That's because the old /etc/keystone/domains/keystone.Default.conf is still present in the Keystone containers. Remove the file, restart Keystone, and the errors go away.

Changed in openstack-ansible:
assignee: nobody → Major Hayden (rackerhacker)

Fix proposed to branch: master
Review: https://review.openstack.org/282368

Changed in openstack-ansible:
status: New → In Progress
Major Hayden (rackerhacker) wrote :

This affects Mitaka, too.

Change abandoned by Major Hayden (<email address hidden>) on branch: master
Review: https://review.openstack.org/282368
Reason: Replaced by: https://review.openstack.org/#/c/287440/ and https://review.openstack.org/#/c/287444/

Reviewed: https://review.openstack.org/287440
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-os_keystone/commit/?id=299690795b500d5299940e214b1777bd85dfdc01
Submitter: Jenkins
Branch: master

commit 299690795b500d5299940e214b1777bd85dfdc01
Author: Major Hayden <email address hidden>
Date: Wed Mar 2 15:30:04 2016 -0600

    Remove dangling Default domain cfg file

    The multi-domain LDAP support added in
    Ifa4c42f7dbcc40a256a3156f74f0150384f9ab87 left behind a
    keystone.Default.conf file that causes Keystone errors when adding a
    new domain backed by LDAP. This patch removes the file unless the
    deployer has specifically created a domain called 'Default'.

    This is an IRR rework of change I50ca6c1133c663aa374e45a04f7d0d53171d6941.

    Closes-bug: 1547542

    Change-Id: I309ac13812c64c6e3df5cac6adff5fc68900af60

Changed in openstack-ansible:
status: In Progress → Fix Released

Reviewed: https://review.openstack.org/287444
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=ee58049ce02336c820c11b33d45399c93db84e3c
Submitter: Jenkins
Branch: master

commit ee58049ce02336c820c11b33d45399c93db84e3c
Author: Major Hayden <email address hidden>
Date: Wed Mar 2 15:16:57 2016 -0600

    Release notes for dangling domain fix

    This patch contains release notes for the fix proposed in
    change I309ac13812c64c6e3df5cac6adff5fc68900af60.

    Closes-bug: 1547542
    Depends-On: I309ac13812c64c6e3df5cac6adff5fc68900af60
    Change-Id: Id53fd741ed627b09527a7b742d59b61862f67381

Reviewed: https://review.openstack.org/288458
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=aafb287c649d5e2a90ddd03c7a88a13f20bd080f
Submitter: Jenkins
Branch: liberty

commit aafb287c649d5e2a90ddd03c7a88a13f20bd080f
Author: Major Hayden <email address hidden>
Date: Fri Mar 4 07:49:23 2016 -0600

    Remove dangling Default domain cfg file

    The multi-domain LDAP support added in 12.0.6 left behind a
    keystone.Default.conf file that causes Keystone errors when adding a
    new domain backed by LDAP. This patch removes the file unless the
    deployer has specifically created a domain called 'Default'.

    This is a combined backport of:
     - https://review.openstack.org/287440 (patch)
     - https://review.openstack.org/287444 (release notes)

    Closes-bug: 1547542

    Change-Id: I28cbd9afece968002db10e899c5172f1fd3dcc1a

This issue was fixed in the openstack/openstack-ansible 13.0.0 release.

This issue was fixed in the openstack/openstack-ansible 12.0.11 release.

This issue was fixed in the openstack/openstack-ansible 12.0.8 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers