[Bug 1859844] Re: Impossible to rename the Default domain id to the string 'default.'

OpenStack Infra 1859844 at bugs.launchpad.net
Wed Mar 18 16:43:56 UTC 2020 

Reviewed:  https://review.opendev.org/712040
Committed: https://git.openstack.org/cgit/openstack/charm-keystone/commit/?id=0a02c30fe5f4650235519897b71588ae22fa0971
Submitter: Zuul
Branch:    master

commit 0a02c30fe5f4650235519897b71588ae22fa0971
Author: Frode Nordahl <frode.nordahl at canonical.com>
Date:   Mon Mar 9 15:06:09 2020 +0100

    Replace use of admin_token with Keystone bootstrap
    
    Stop the use of the admin_token and use the bootstrap process
    to initialize Keystone instead.  Fortunately the implementation
    of the bootstrap process is both idempotent when it needs to be
    and it can be safely called on an existing deployment.
    
    Subsequently we can migrate by just removing the admin_token
    from the configuration and create new credentials for use by
    the charm with a call to ``keystone-manage bootstrap``.
    
    Remove configuration templates for versions prior to Mitaka, by
    doing this we need to move any configuration initially defined
    prior to Miataka forward to the ``templates/mitaka`` folder.
    
    A side effect of this migration is that newly bootstrapped
    deployments will get their ``default`` domain created with a
    literal ID of ``default``.  Prior to this change third party
    software making assumptions about that being the case may have
    had issues.
    
    Closes-Bug: #1859844
    Closes-Bug: #1837113
    Related-Bug: #1774733
    Closes-Bug: #1648719
    Closes-Bug: #1578678
    Func-Test-Pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/191
    Change-Id: I23940720c24527ee34149f035c3bdf9ff54812c9


** Changed in: charm-keystone
       Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1859844

Title:
  Impossible to rename the Default domain id to the string 'default.'

Status in OpenStack keystone charm:
  Fix Committed
Status in OpenStack Identity (keystone):
  Invalid
Status in keystone package in Ubuntu:
  Invalid

Bug description:
  Openstack version = Rocky

  When changing the 'default_domain_id' variable to the string 'default'
  and changing all references for this variable in the keystone database
  we get the following error in keystone.log:

  
  (keystone.common.wsgi): 2020-01-15 14:16:37,869 ERROR badly formed hexadecimal UUID string
  Traceback (most recent call last):
    File "/usr/lib/python3/dist-packages/keystone/common/wsgi.py", line 148, in __call__
      result = method(req, **params)
    File "/usr/lib/python3/dist-packages/keystone/auth/controllers.py", line 102, in authenticate_for_token
      app_cred_id=app_cred_id, parent_audit_id=token_audit_id)
    File "/usr/lib/python3/dist-packages/keystone/common/manager.py", line 116, in wrapped
      __ret_val = __f(*args, **kwargs)
    File "/usr/lib/python3/dist-packages/keystone/token/provider.py", line 251, in issue_token
      token_id, issued_at = self.driver.generate_id_and_issued_at(token)
    File "/usr/lib/python3/dist-packages/keystone/token/providers/fernet/core.py", line 61, in generate_id_and_issued_at
      app_cred_id=token.application_credential_id
    File "/usr/lib/python3/dist-packages/keystone/token/token_formatters.py", line 159, in create_token
      protocol_id, access_token_id, app_cred_id
    File "/usr/lib/python3/dist-packages/keystone/token/token_formatters.py", line 444, in assemble
      b_domain_id = cls.convert_uuid_hex_to_bytes(domain_id)
    File "/usr/lib/python3/dist-packages/keystone/token/token_formatters.py", line 290, in convert_uuid_hex_to_bytes
      uuid_obj = uuid.UUID(uuid_string)
    File "/usr/lib/python3.6/uuid.py", line 140, in __init__
      raise ValueError('badly formed hexadecimal UUID string')
  ValueError: badly formed hexadecimal UUID string
  (keystone.common.wsgi): 2020-01-15 14:16:38,908 WARNING You are not authorized to perform the requested action: identity:get_domain.
  (keystone.common.wsgi): 2020-01-15 14:16:39,058 WARNING You are not authorized to perform the requested action: identity:get_domain.
  (keystone.common.wsgi): 2020-01-15 14:16:50,838 WARNING You are not authorized to perform the requested action: identity:list_projects.
  (keystone.common.wsgi): 2020-01-15 14:16:54,086 WARNING You are not authorized to perform the requested action: identity:list_projects.

  
  This change is needed to integrate keystone to ICO (IBM Cloud Orchestrator)

To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-keystone/+bug/1859844/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list