Bug 1305918 - Don't recreate users in undercloud installer
Don't recreate users in undercloud installer
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: instack-undercloud (Show other bugs)
7.0 (Kilo)
Unspecified Unspecified
unspecified Severity unspecified
: y3
: 7.0 (Kilo)
Assigned To: James Slagle
Alexander Chuzhoy
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-02-09 10:12 EST by James Slagle
Modified: 2016-02-18 11:53 EST (History)
3 users (show)

See Also:
Fixed In Version: instack-undercloud-2.1.2-39.el7ost
Doc Type: Bug Fix
Doc Text:
The Undercloud installation script recreated users on subsequent runs. This causes the service user IDs to change, which causes trust issues for running certain services. This fix stops the installation script from recreating users. Now service user IDs remain consistent with their respective services.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-02-18 11:53:01 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:0264 normal SHIPPED_LIVE Red Hat Enterprise Linux OSP 7 director Bug Fix Advisory 2016-02-18 16:41:29 EST

  None (edit)
Description James Slagle 2016-02-09 10:12:59 EST
The undercloud installer will recreate users on subsequent runs. We should not do this since some services record the user id on initial db setup (Heat for instance to set up the trust). When the user's are recreated, the id's change, leaving the Heat trust broken.
Comment 3 James Slagle 2016-02-10 11:58:38 EST
to verify:
- install the undercloud
- against the undercloud run keystone user-list and save the output
- do an overcloud deployment using network isolation
- rerun the undercloud installer (openstack undercloud install). you could also incorporate updating the undercloud at this step if you wanted.
- against the undercloud run keystone user-list and compare the output to the previous run, verify the usernames and id's are the same as they were
- update the overcloud somewhow, either a small config change or scale out (deploy command) or a full overcloud package update (update command)

whatever overcloud command you choose, it should complete successfully.
Comment 4 Alexander Chuzhoy 2016-02-12 21:53:30 EST
Verified:

Environment:
instack-undercloud-2.1.2-39.el7ost.noarch


- installed the undercloud
- against the undercloud ran keystone user-list and saved the output
- did an overcloud deployment using network isolation
- reran the undercloud installer (openstack undercloud install).
- against the undercloud ran keystone user-list and compared the output to the previous run, verify the usernames and id's are the same as they were - basically ran diff on the 2 outputs - no differences.
- updated the overcloud by scale out computes. Completed successfully.
Comment 6 errata-xmlrpc 2016-02-18 11:53:01 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0264.html

Note You need to log in before you can comment on or make changes to this bug.