Description of problem: Octavia roles are not created . Failed running tests. ERROR: setUpClass (octavia_tempest_plugin.tests.v2.scenario.test_basic_ops.BasicOpsTest) ---------------------------------------------------------------------- Traceback (most recent call last): File "tempest/test.py", line 172, in setUpClass six.reraise(etype, value, trace) File "tempest/test.py", line 157, in setUpClass cls.setup_credentials() File "tempest/test.py", line 401, in setup_credentials force_new=True) File "tempest/test.py", line 670, in get_client_manager creds = cred_provider.get_creds_by_roles(**params) File "tempest/lib/common/dynamic_creds.py", line 373, in get_creds_by_roles return self.get_credentials(roles) File "tempest/lib/common/dynamic_creds.py", line 338, in get_credentials credentials = self._create_creds(roles=credential_type) File "tempest/lib/common/dynamic_creds.py", line 203, in _create_creds self.creds_client.assign_user_role(user, project, role) File "tempest/lib/common/cred_client.py", line 76, in assign_user_role raise lib_exc.NotFound(msg) tempest.lib.exceptions.NotFound: Object not found Details: No "load-balancer_member" role found How reproducible: 100% Steps to Reproduce: 1. Create tempest docker - https://github.com/itzikb/docker-tempest 2. clone octavia plugin https://github.com/openstack/octavia-tempest-plugin.git 3. Cherry pick the plugin patch - git fetch https://git.openstack.org/openstack/octavia-tempest-plugin refs/changes/75/486775/39 && git checkout FETCH_HEAD 4. pip install -e . from plugin dir, to install plugin. 5. try to run Octavia test. Actual results: Details: No "load-balancer_member" role found Expected results: The test should run Additional info: Work around : 0. from stack machine: a- . overcloudrc , b- openstack role create load-balancer_member , c- openstack role add --user demo --project demo load-balancer_member 1. int the plugin dir - pip install -e . 2. Run test
python-tempestconf doesn't create roles, it mostly scans the environment and generates tempest.conf based on the cloud. Personally I like the idea, I'd like to implement it. It will be discussed and maybe it will be part of the ongoing refactoring process, but for now, it's not a bug. I'd say the role should be created by the test, as it's a required resource, and cleaned afterwards.
As a follow up to our IRC discussion, this should be done by the deployer. Moving to Brent.
Mail, not IRC. Sorry.
A workaround patch in Infrared has been proposed: https://review.gerrithub.io/#/c/404354/
The patch in comment #7 is actually a workaround done in infrared (CI tool we use to invoke TripleO), whereas the fix should be a part of TripleO itself. Thus, moving back to assigned. Brent, will you have time to get to this soon?
*** Bug 1560279 has been marked as a duplicate of this bug. ***
Brent, If we can't get cycles upstream for a review to https://review.openstack.org/#/c/561347 , maybe we should backport downstream? I can help with the backport, but I would like to run it by you first.
https://review.openstack.org/#/c/560083/ is also required.
(In reply to Carlos Goncalves from comment #13) > https://review.openstack.org/#/c/560083/ is also required. since this fix is a part of tripleo-heat-templates (not puppet-octavia), it should be under a different rhbz.
Eventually, for OSP13 we are going to fix this with policy.json in packaging. See bug 1577635.
Running octavia tempest tests, after first workaround, still returns: No "load-balancer_admin" role found So the updated workaround is: (overcloud) [stack@undercloud-0]$ openstack role list | grep -q load-balancer_member || openstack role create load-balancer_member openstack role add --user demo --project demo load-balancer_member openstack role assignment list --names openstack role list | grep -q load-balancer_admin || openstack role create load-balancer_admin openstack role add --user demo --project demo load-balancer_admin openstack role assignment list --names | awk 'NR<4 || /load-balancer/'