module: keystone fails when login_user is not in Default domain
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack-Ansible |
Fix Released
|
Undecided
|
Gabor Lekeny |
Bug Description
If user or project domain is not the default ("Default") than authenticating with login_user without adding the proper domains causes the following error:
keystoneauth1.
Example (http://
- name: create domain
keystone:
command: ensure_domain
endpoint: "http://{{ management_ip }}:35357/v3"
token: "{{ keystone_
domain_name: default
domain_enabled: True
- name: create project
keystone:
command: ensure_project
endpoint: "http://{{ management_ip }}:35357/v3"
token: "{{ keystone_
project_name: admin
domain_name: default
description: "Admin Project"
- name: create user
keystone:
command: ensure_user
endpoint: "http://{{ management_ip }}:35357/v3"
token: "{{ keystone_
user_name: admin
password: "{{ keystone_
project_name: admin
domain_name: default
- name: create role
keystone:
command: ensure_role
endpoint: "http://{{ management_ip }}:35357/v3"
token: "{{ keystone_
role_name: admin
- name: create user_role
keystone:
command: ensure_user_role
endpoint: "http://{{ management_ip }}:35357/v3"
token: "{{ keystone_
user_name: admin
project_name: admin
role_name: admin
- name: check
keystone:
command: get_user
endpoint: "http://{{ management_ip }}:35357/v3"
login_user: admin
login_password: "{{ keystone_
login_
user_name: admin
Output:
$ ansible-playbook test.yml
PLAY [keystone] *******
TASK [os-keystone : create domain] *******
ok: [controller]
TASK [os-keystone : create project] *******
ok: [controller]
TASK [os-keystone : create user] *******
ok: [controller]
TASK [os-keystone : create role] *******
ok: [controller]
TASK [os-keystone : create user_role] *******
ok: [controller]
TASK [os-keystone : check] *******
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: keystoneauth1.
fatal: [controller]: FAILED! => {"changed": false, "failed": true, "module_stderr": "Traceback (most recent call last):\n File \"<stdin>\", line 3317, in <module>\n File \"<stdin>\", line 1329, in main\n File \"<stdin>\", line 471, in command_router\n File \"<stdin>\", line 703, in get_user\n File \"<stdin>\", line 587, in _authenticate\n File \"/usr/
NO MORE HOSTS LEFT *******
to retry, use: --limit @test.retry
PLAY RECAP *******
controller : ok=5 changed=0 unreachable=0 failed=1
Solution: setting user_domain_name and project_domain_name in library/keystone solves the problem.
)
Changed in openstack-ansible: | |
assignee: | nobody → Gabor Lekeny (gabor.lekeny) |
Fix proposed to branch: master /review. openstack. org/309690
Review: https:/