The undercloud installer will recreate users on subsequent runs. We should not do this since some services record the user id on initial db setup (Heat for instance to set up the trust). When the user's are recreated, the id's change, leaving the Heat trust broken.
to verify: - install the undercloud - against the undercloud run keystone user-list and save the output - do an overcloud deployment using network isolation - rerun the undercloud installer (openstack undercloud install). you could also incorporate updating the undercloud at this step if you wanted. - against the undercloud run keystone user-list and compare the output to the previous run, verify the usernames and id's are the same as they were - update the overcloud somewhow, either a small config change or scale out (deploy command) or a full overcloud package update (update command) whatever overcloud command you choose, it should complete successfully.
Verified: Environment: instack-undercloud-2.1.2-39.el7ost.noarch - installed the undercloud - against the undercloud ran keystone user-list and saved the output - did an overcloud deployment using network isolation - reran the undercloud installer (openstack undercloud install). - against the undercloud ran keystone user-list and compared the output to the previous run, verify the usernames and id's are the same as they were - basically ran diff on the 2 outputs - no differences. - updated the overcloud by scale out computes. Completed successfully.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-0264.html