Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1523192

Summary: rhel-osp-director: stack update fails, times out due to os-collect-config auth failure
Product: Red Hat OpenStack Reporter: Irina Petrova <ipetrova>
Component: rhosp-directorAssignee: Angus Thomas <athomas>
Status: CLOSED NOTABUG QA Contact: Amit Ugol <augol>
Severity: urgent Docs Contact:
Priority: high    
Version: 8.0 (Liberty)CC: dbecker, ggillies, ipetrova, jcoufal, jschluet, mburns, mcornea, morazi, nkinder, ohochman, ramishra, rhel-osp-director-maint, sasha, sathlang, sbaker, shardy, therve, zbitter
Target Milestone: asyncKeywords: Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1325475 Environment:
Last Closed: 2017-12-07 17:28:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1325475    
Bug Blocks:    

Comment 3 Zane Bitter 2017-12-07 17:09:49 UTC 
Have you tried the workaround documented in bug 1325475?

> Cause: In the course of upgrading the undercloud from OSPd 7 to OSPd 8, the _member_ role is removed from the admin user because Keystone no longer uses that idiom. Trusts stored in the Heat database rely on the trustor user retaining all of their delegated roles, which includes the _member_ role.
> 
> Consequence: Heat stack updates after the undercloud upgrade fail with authentication errors.
> 
> Fix: Run the command:
> 
>   openstack role add _member_ --user admin --project admin
> 
> to re-add the _member_ role to the admin user.
> 
> Result: The trusts work as expected to authenticate.