Bug 1305918 - Don't recreate users in undercloud installer
Summary: Don't recreate users in undercloud installer
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: instack-undercloud
Version: 7.0 (Kilo)
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: y3
: 7.0 (Kilo)
Assignee: James Slagle
QA Contact: Alexander Chuzhoy
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-02-09 15:12 UTC by James Slagle
Modified: 2016-02-18 16:53 UTC (History)
3 users (show)

Fixed In Version: instack-undercloud-2.1.2-39.el7ost
Doc Type: Bug Fix
Doc Text:
The Undercloud installation script recreated users on subsequent runs. This causes the service user IDs to change, which causes trust issues for running certain services. This fix stops the installation script from recreating users. Now service user IDs remain consistent with their respective services.
Clone Of:
Environment:
Last Closed: 2016-02-18 16:53:01 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:0264 0 normal SHIPPED_LIVE Red Hat Enterprise Linux OSP 7 director Bug Fix Advisory 2016-02-18 21:41:29 UTC

Description James Slagle 2016-02-09 15:12:59 UTC
The undercloud installer will recreate users on subsequent runs. We should not do this since some services record the user id on initial db setup (Heat for instance to set up the trust). When the user's are recreated, the id's change, leaving the Heat trust broken.

Comment 3 James Slagle 2016-02-10 16:58:38 UTC
to verify:
- install the undercloud
- against the undercloud run keystone user-list and save the output
- do an overcloud deployment using network isolation
- rerun the undercloud installer (openstack undercloud install). you could also incorporate updating the undercloud at this step if you wanted.
- against the undercloud run keystone user-list and compare the output to the previous run, verify the usernames and id's are the same as they were
- update the overcloud somewhow, either a small config change or scale out (deploy command) or a full overcloud package update (update command)

whatever overcloud command you choose, it should complete successfully.

Comment 4 Alexander Chuzhoy 2016-02-13 02:53:30 UTC
Verified:

Environment:
instack-undercloud-2.1.2-39.el7ost.noarch


- installed the undercloud
- against the undercloud ran keystone user-list and saved the output
- did an overcloud deployment using network isolation
- reran the undercloud installer (openstack undercloud install).
- against the undercloud ran keystone user-list and compared the output to the previous run, verify the usernames and id's are the same as they were - basically ran diff on the 2 outputs - no differences.
- updated the overcloud by scale out computes. Completed successfully.

Comment 6 errata-xmlrpc 2016-02-18 16:53:01 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0264.html


Note You need to log in before you can comment on or make changes to this bug.