1305918 – Don't recreate users in undercloud installer

Bug 1305918 - Don't recreate users in undercloud installer

Summary: Don't recreate users in undercloud installer

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	instack-undercloud
Sub Component:
Version:	7.0 (Kilo)
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	y3
Target Release:	7.0 (Kilo)
Assignee:	James Slagle
QA Contact:	Alexander Chuzhoy
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-02-09 15:12 UTC by James Slagle
Modified:	2016-02-18 16:53 UTC (History)
CC List:	3 users (show)
Fixed In Version:	instack-undercloud-2.1.2-39.el7ost
Doc Type:	Bug Fix
Doc Text:	The Undercloud installation script recreated users on subsequent runs. This causes the service user IDs to change, which causes trust issues for running certain services. This fix stops the installation script from recreating users. Now service user IDs remain consistent with their respective services.
Clone Of:
Environment:
Last Closed:	2016-02-18 16:53:01 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2016:0264	normal	SHIPPED_LIVE	Red Hat Enterprise Linux OSP 7 director Bug Fix Advisory	2016-02-18 21:41:29 UTC

Description James Slagle 2016-02-09 15:12:59 UTC

The undercloud installer will recreate users on subsequent runs. We should not do this since some services record the user id on initial db setup (Heat for instance to set up the trust). When the user's are recreated, the id's change, leaving the Heat trust broken.

Comment 3 James Slagle 2016-02-10 16:58:38 UTC

to verify:
- install the undercloud
- against the undercloud run keystone user-list and save the output
- do an overcloud deployment using network isolation
- rerun the undercloud installer (openstack undercloud install). you could also incorporate updating the undercloud at this step if you wanted.
- against the undercloud run keystone user-list and compare the output to the previous run, verify the usernames and id's are the same as they were
- update the overcloud somewhow, either a small config change or scale out (deploy command) or a full overcloud package update (update command)

whatever overcloud command you choose, it should complete successfully.

Comment 4 Alexander Chuzhoy 2016-02-13 02:53:30 UTC

Verified:

Environment:
instack-undercloud-2.1.2-39.el7ost.noarch


- installed the undercloud
- against the undercloud ran keystone user-list and saved the output
- did an overcloud deployment using network isolation
- reran the undercloud installer (openstack undercloud install).
- against the undercloud ran keystone user-list and compared the output to the previous run, verify the usernames and id's are the same as they were - basically ran diff on the 2 outputs - no differences.
- updated the overcloud by scale out computes. Completed successfully.

Comment 6 errata-xmlrpc 2016-02-18 16:53:01 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0264.html

Note You need to log in before you can comment on or make changes to this bug.