Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1101784

Summary: [Doc] Install guide specifies both token and user credentials
Product: Red Hat OpenStack Reporter: Jamie Lennox <jlennox>
Component: doc-Installation_and_Configuration_GuideAssignee: Suyog Sainkar <ssainkar>
Status: CLOSED CURRENTRELEASE QA Contact: ecs-bugs
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jjozwiak, nkinder, perobins, yeylon
Target Milestone: asyncKeywords: Documentation, Triaged
Target Release: 5.0 (RHEL 7)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Build Name: 22620, Installation and Configuration Guide-5 Build Date: 12-05-2014 10:57:46 Topic ID: 15986-622684 [Latest]
Last Closed: 2015-03-09 03:28:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1188649    

Description Jamie Lennox 2014-05-27 22:59:29 UTC 
First reported: https://bugzilla.redhat.com/show_bug.cgi?id=1101320

Title: Create an Administrator Account

Describe the issue:
When using the keystone CLI tool if you specify both a service token and a username and password combo then it will default to using the token. When using a TOKEN there are some operations that cannot be performed via the command line tool.

If you follow the instructions as provided and then try to do (for example) a token-get it will fail.

Suggestions for improvement:
when you create the keystonerc_admin and keystonerc_user you should unset the SERVICE_TOKEN env variable so that sourcing the file ensures that the user credentials will be used. 

eg step 7 creates keystonerc_admin: 

unset SERVICE_TOKEN
unset SERVICE_ENDPOINT
export OS_USERNAME=admin
export OS_TENANT_NAME=admin
export OS_PASSWORD=PASSWORD
export OS_AUTH_URL=http://IP:35357/v2.0/               
export PS1='[\u@\h \W(keystone_admin)]\$ '

Additional information:

Note you really should be using the OS_SERVICE_TOKEN and OS_SERVICE_ENDPOINT env variables rather than the SERVICE_TOKEN and SERVICE_ENDPOINT env variables.
Comment 2 Bruce Reeler 2014-05-28 01:50:13 UTC 
This bug is being assigned to breeler, who is now the designated docs specialist for keystone.
Comment 4 Andrew Dahms 2015-02-08 22:37:30 UTC 
*** Bug 1013088 has been marked as a duplicate of this bug. ***
Comment 5 Andrew Dahms 2015-02-08 22:39:07 UTC 
This issue was also reported in 2013 as appearing in section 5.10 in BZ#1013088.

Section Number and Name: 5.10 Validating the Identity Service Installation

Describe the issue: If you follow the steps in chapter 5 for installing the Openstack Identity Service, the validation in section 5.10 fails on both the keystonerc_user being able to see users in the user-list as well as the keystone token-get failing.

Suggestions for improvement: The problem is due to SERVICE_TOKEN and SERVICE_ENDPOINT still being set from section 5.6. Add an additional step either after 5.6 on in 5.10 before doing any validation to unset the variables: unset SERVICE_TOKEN unset SERVICE_ENDPOINT

Additional information: Here is the error given when running the keystone token-get:

[root@hostname ~(keystone_admin)]# keystone token-get WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). Configuration error: Client configured to run without a service catalog. Run the client using --os-auth-url or OS_AUTH_URL, instead of --os-endpoint or OS_SERVICE_ENDPOINT, for example.
Comment 6 Andrew Dahms 2015-02-08 22:40:05 UTC 
*** Bug 1077658 has been marked as a duplicate of this bug. ***
Comment 7 Andrew Dahms 2015-02-08 22:40:33 UTC 
Assigning to Suyog, who is the designated author for Keystone.