puppet-keystone

default domain must be set first

Bug #1478037 reported by Richard Megginson
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
puppet-keystone
Fix Released
Critical
Emilien Macchi

Bug Description

When using::

    class { 'keystone':
      ...
      default_domain => 'some_other_domain',
    }

or::

    keystone_domain { 'some_other_domain':
      ...
      is_default => true,
    }

the default_domain setting is not being applied before any domain scoped resource - keystone_user, keystone_tenant, (and keystone_group, and possibly others in the future). This causes errors like this::

    # openstack --os-username admin --os-password password --os-project-name admin ...
    Error: user 'admin' not found

because the user 'admin' is in the domain 'Default', not in 'some_other_domain'.

We need to have a way to make sure that `keystone_domain { ... is_default => true , }` is applied before all other domain scoped resources.

If that is not possible, then we will have to make sure that `class { 'keystone': default_domain => 'some_domain' }` is applied before all domain scoped resources.

Emilien Macchi (emilienm)
Changed in puppet-keystone:
importance: Undecided → Critical
assignee: nobody → Emilien Macchi (emilienm)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/205648

Changed in puppet-keystone:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-keystone (master)

Reviewed: https://review.openstack.org/205648
Committed: https://git.openstack.org/cgit/openstack/puppet-keystone/commit/?id=50059b6c470623bc2cf315861c7ba2a28b8954c4
Submitter: Jenkins
Branch: master

commit 50059b6c470623bc2cf315861c7ba2a28b8954c4
Author: Emilien Macchi <email address hidden>
Date: Fri Jul 24 14:24:37 2015 -0400

    v3: make sure default domain is created before any other resource

    When using Keystone v3 and domains, we need to make sure the default
    domain (if its name if not 'Default') is created before any other
    domain scoped resource.

    By creating a new anchor, we can add the requirement in Keystone types
    that need this dependency.
    If the default domain name is not modified, the Anchor won't be in the
    catalog but it's not an issue when using 'autorequire' in Puppet types.

    This patch also change the default domains in acceptance tests, so we
    can actually test the feature and make sure resources are created after
    having the default domain created.

    Change-Id: I2870eaa98f816c92df901ed2fa92e8db89b67656
    Closes-bug: #1478037

Changed in puppet-keystone:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-keystone (stable/kilo)

Fix proposed to branch: stable/kilo
Review: https://review.openstack.org/207444

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-keystone (stable/kilo)

Reviewed: https://review.openstack.org/207444
Committed: https://git.openstack.org/cgit/openstack/puppet-keystone/commit/?id=59d18c1969d33c1e63adfa19c1e3a3b7be526370
Submitter: Jenkins
Branch: stable/kilo

commit 59d18c1969d33c1e63adfa19c1e3a3b7be526370
Author: Emilien Macchi <email address hidden>
Date: Fri Jul 24 14:24:37 2015 -0400

    v3: make sure default domain is created before any other resource

    When using Keystone v3 and domains, we need to make sure the default
    domain (if its name if not 'Default') is created before any other
    domain scoped resource.

    By creating a new anchor, we can add the requirement in Keystone types
    that need this dependency.
    If the default domain name is not modified, the Anchor won't be in the
    catalog but it's not an issue when using 'autorequire' in Puppet types.

    This patch also change the default domains in acceptance tests, so we
    can actually test the feature and make sure resources are created after
    having the default domain created.

    Change-Id: I2870eaa98f816c92df901ed2fa92e8db89b67656
    Closes-bug: #1478037
    (cherry picked from commit 50059b6c470623bc2cf315861c7ba2a28b8954c4)

tags: added: in-stable-kilo
Emilien Macchi (emilienm)
Changed in puppet-keystone:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.