Bug 1523192 - rhel-osp-director: stack update fails, times out due to os-collect-config auth failure
Summary: rhel-osp-director: stack update fails, times out due to os-collect-config aut...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: rhosp-director
Version: 8.0 (Liberty)
Hardware: Unspecified
OS: Unspecified
high
urgent
Target Milestone: async
: ---
Assignee: Angus Thomas
QA Contact: Amit Ugol
URL:
Whiteboard:
Depends On: 1325475
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-12-07 11:40 UTC by Irina Petrova
Modified: 2021-03-11 16:36 UTC (History)
18 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1325475
Environment:
Last Closed: 2017-12-07 17:28:25 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 307352 0 None None None 2017-12-07 11:40:37 UTC

Comment 3 Zane Bitter 2017-12-07 17:09:49 UTC 
Have you tried the workaround documented in bug 1325475?

> Cause: In the course of upgrading the undercloud from OSPd 7 to OSPd 8, the _member_ role is removed from the admin user because Keystone no longer uses that idiom. Trusts stored in the Heat database rely on the trustor user retaining all of their delegated roles, which includes the _member_ role.
> 
> Consequence: Heat stack updates after the undercloud upgrade fail with authentication errors.
> 
> Fix: Run the command:
> 
>   openstack role add _member_ --user admin --project admin
> 
> to re-add the _member_ role to the admin user.
> 
> Result: The trusts work as expected to authenticate.
Note You need to log in before you can comment on or make changes to this bug.