Reviewed: https://review.openstack.org/143215 Committed: https://git.openstack.org/cgit/openstack/openstack-manuals/commit/?id=14e6c86d5a457dbbb90690d55655a4532919255a Submitter: Jenkins Branch: master
commit 14e6c86d5a457dbbb90690d55655a4532919255a Author: Matthew Kassawara <[email protected]> Date: Fri Dec 19 16:30:53 2014 -0600 Fix conflicts with _member_ role creation Historically, the installation guide manually created the internal _member_ role to resolve issues with horizon. However, keystone will preferably create the _member_ role automatically if the 'user-create' command includes the '--tenant' option. Change-Id: I1a67db2b6aa6a8e2bfd76cc80db1fb09fa353986 Closes-Bug: #1403136 backport: juno ** Changed in: openstack-manuals Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1403136 Title: Create tenants, users, and roles in OpenStack Installation Guide for Ubuntu 14.04 - juno Status in OpenStack Identity (Keystone): In Progress Status in OpenStack Manuals: Fix Released Bug description: "e. By default, the dashboard limits access to users with the _member_ role. Create the _member_ role:" The first sentence is true, but keystone will automatically create the _member_ role if it does not exist. I discovered this while tracking down an error: "keystone user- create" resulted in a "duplicate entry" error. The sequence is like this: 1) As described in the doc, I run "keystone role-create --name _member_". The role is created and assigned a random ID. 2) On "user-create", keystone wants to assign the _member_ role to the new user. It looks up member_role_id in keystone.conf, finds none (the member_role_id does not match the ID from step 1) 3) keystone now tries to create the _member_ role, but this fails since the name already exists. So by not creating the "_member_" role myself, the problem is averted. That's why I'm opening a bug against docs.... another fix would be for keystone to do the lookup by name instead, but I assume the keystone team has a good reason for not doing so. I'm using the v2 API with SQL backend. ----------------------------------- Built: 2014-12-09T01:28:32 00:00 git SHA: 6d3c276487be990722bc423642ffb05217d77289 URL: http://docs.openstack.org/juno/install-guide/install/apt/content/keystone-users.html source File: file:/home/jenkins/workspace/openstack-manuals-tox-doc-publishdocs/doc/install-guide/section_keystone-users.xml xml:id: keystone-users To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1403136/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
