[Bug 1859844] Re: Impossible to rename the Default domain id to the string 'default.'
OpenStack Infra
1859844 at bugs.launchpad.net
Wed Mar 18 16:43:56 UTC 2020
Reviewed: https://review.opendev.org/712040
Committed: https://git.openstack.org/cgit/openstack/charm-keystone/commit/?id=0a02c30fe5f4650235519897b71588ae22fa0971
Submitter: Zuul
Branch: master
commit 0a02c30fe5f4650235519897b71588ae22fa0971
Author: Frode Nordahl <frode.nordahl at canonical.com>
Date: Mon Mar 9 15:06:09 2020 +0100
Replace use of admin_token with Keystone bootstrap
Stop the use of the admin_token and use the bootstrap process
to initialize Keystone instead. Fortunately the implementation
of the bootstrap process is both idempotent when it needs to be
and it can be safely called on an existing deployment.
Subsequently we can migrate by just removing the admin_token
from the configuration and create new credentials for use by
the charm with a call to ``keystone-manage bootstrap``.
Remove configuration templates for versions prior to Mitaka, by
doing this we need to move any configuration initially defined
prior to Miataka forward to the ``templates/mitaka`` folder.
A side effect of this migration is that newly bootstrapped
deployments will get their ``default`` domain created with a
literal ID of ``default``. Prior to this change third party
software making assumptions about that being the case may have
had issues.
Closes-Bug: #1859844
Closes-Bug: #1837113
Related-Bug: #1774733
Closes-Bug: #1648719
Closes-Bug: #1578678
Func-Test-Pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/191
Change-Id: I23940720c24527ee34149f035c3bdf9ff54812c9
** Changed in: charm-keystone
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1859844
Title:
Impossible to rename the Default domain id to the string 'default.'
Status in OpenStack keystone charm:
Fix Committed
Status in OpenStack Identity (keystone):
Invalid
Status in keystone package in Ubuntu:
Invalid
Bug description:
Openstack version = Rocky
When changing the 'default_domain_id' variable to the string 'default'
and changing all references for this variable in the keystone database
we get the following error in keystone.log:
(keystone.common.wsgi): 2020-01-15 14:16:37,869 ERROR badly formed hexadecimal UUID string
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/keystone/common/wsgi.py", line 148, in __call__
result = method(req, **params)
File "/usr/lib/python3/dist-packages/keystone/auth/controllers.py", line 102, in authenticate_for_token
app_cred_id=app_cred_id, parent_audit_id=token_audit_id)
File "/usr/lib/python3/dist-packages/keystone/common/manager.py", line 116, in wrapped
__ret_val = __f(*args, **kwargs)
File "/usr/lib/python3/dist-packages/keystone/token/provider.py", line 251, in issue_token
token_id, issued_at = self.driver.generate_id_and_issued_at(token)
File "/usr/lib/python3/dist-packages/keystone/token/providers/fernet/core.py", line 61, in generate_id_and_issued_at
app_cred_id=token.application_credential_id
File "/usr/lib/python3/dist-packages/keystone/token/token_formatters.py", line 159, in create_token
protocol_id, access_token_id, app_cred_id
File "/usr/lib/python3/dist-packages/keystone/token/token_formatters.py", line 444, in assemble
b_domain_id = cls.convert_uuid_hex_to_bytes(domain_id)
File "/usr/lib/python3/dist-packages/keystone/token/token_formatters.py", line 290, in convert_uuid_hex_to_bytes
uuid_obj = uuid.UUID(uuid_string)
File "/usr/lib/python3.6/uuid.py", line 140, in __init__
raise ValueError('badly formed hexadecimal UUID string')
ValueError: badly formed hexadecimal UUID string
(keystone.common.wsgi): 2020-01-15 14:16:38,908 WARNING You are not authorized to perform the requested action: identity:get_domain.
(keystone.common.wsgi): 2020-01-15 14:16:39,058 WARNING You are not authorized to perform the requested action: identity:get_domain.
(keystone.common.wsgi): 2020-01-15 14:16:50,838 WARNING You are not authorized to perform the requested action: identity:list_projects.
(keystone.common.wsgi): 2020-01-15 14:16:54,086 WARNING You are not authorized to perform the requested action: identity:list_projects.
This change is needed to integrate keystone to ICO (IBM Cloud Orchestrator)
To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-keystone/+bug/1859844/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list