[Openstack] _member_ role after keystone installation

Ricardo Carrillo Cruz ricardo.carrillo.cruz at gmail.com
Mon Jun 2 15:30:21 UTC 2014 

Hi Ageeleshwar

That's strange, I had to manually create the _member_ role, it wasn't
listed with 'keystone role-list'.
Also, your MySQL query shows there was no pre-populated _member_ role, just
the _member_ role I created manually:

"ricky at openstack:~$ mysql keystone -e 'select * from role;' -p
Enter password:
+----------------------------------+----------+-------+
| id                               | name     | extra |
+----------------------------------+----------+-------+
| 3b1826a9f1234fe58e45cd27aba27c1a | admin    | {}    |
| 8e76da0ec94844cda24bb3c77da4d23e | _member_ | {}    |
+----------------------------------+----------+-------+
"

Regards


2014-06-02 16:06 GMT+02:00 Ageeleshwar Kandavelu <
Ageeleshwar.Kandavelu at csscorp.com>:

>  I recently installed icehouse and never created that role but it exists.
>
> Please see if its present in the db.
> root at sun:~# mysql keystone -e 'select * from role;'
>
> +----------------------------------+----------+---------------------------------------------------------------------------+
> | id                               | name     |
> extra                                                                     |
>
> +----------------------------------+----------+---------------------------------------------------------------------------+
> | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | {"enabled": "True",
> "description": "Default role for project membership"} |
>
> +----------------------------------+----------+---------------------------------------------------------------------------+
>
> This is populated when you run keystone-manage db_sync
>
> Thank you,
> Ageeleshwar K
>
>  ------------------------------
> *From:* Ricardo Carrillo Cruz [ricardo.carrillo.cruz at gmail.com]
> *Sent:* Monday, June 02, 2014 2:27 PM
> *To:* Ageeleshwar Kandavelu
> *Cc:* openstack at lists.openstack.org
> *Subject:* Re: [Openstack] _member_ role after keystone installation
>
>   Hi Ageeleshwar
>
>  Yep, I linked together user 'admin' on tenant 'admin' with role 'admin' :
>
>  ricky at openstack:~$ keystone user-role-list --user admin --tenant admin
>
> +----------------------------------+-------+----------------------------------+----------------------------------+
> |                id                |  name |             user_id
>    |            tenant_id             |
>
> +----------------------------------+-------+----------------------------------+----------------------------------+
> | 3b1826a9f1234fe58e45cd27aba27c1a | admin |
> 2fb0242b87f740d6a3bb1c71d9bf58bc | 1fd8105537394a57873f234ee27596fc |
>
> +----------------------------------+-------+----------------------------------+----------------------------------+
>
>  Regards
>
>
> 2014-06-02 9:18 GMT+02:00 Ageeleshwar Kandavelu <
> Ageeleshwar.Kandavelu at csscorp.com>:
>
>>  have you already added admin user to admin role. I think _member_ will
>> already be there but you will not be able to view it until you use a user
>> with admin role.
>>
>> Hope it makes sense
>>
>> Ageeleshwar K
>>  ------------------------------
>> *From:* Ricardo Carrillo Cruz [ricardo.carrillo.cruz at gmail.com]
>> *Sent:* Sunday, June 01, 2014 5:59 PM
>> *To:* openstack at lists.openstack.org
>> *Subject:* [Openstack] _member_ role after keystone installation
>>
>>    Hi guys
>>
>>  I'm currently installing Openstack in Ubuntu 14.04 by following the
>> official guide, instead of just use devstack, for fun.
>>
>>  I succesfully installed keystone and I'm now at the user/tenant/roles
>> creation step.
>> This is an excerpt from the guide:
>>
>>  "
>>  *By default, the Identity Service creates a special _member_ role. The
>> OpenStack dashboard*
>> *automatically grants access to users with this role. You will give the
>> admin user access to*
>> *this role in addition to the admin role.*
>>  "
>>
>>  However, I can't see that role after installing keystone:
>>
>>  <snip>
>>  ricky at openstack:~$ keystone role-list
>> +----------------------------------+-------+
>> |                id                |  name |
>> +----------------------------------+-------+
>> | 3b1826a9f1234fe58e45cd27aba27c1a | admin |
>> +----------------------------------+-------+
>>  </snip>
>>
>>  Do I need to create that _member_ role myself? If so, is this a doc bug?
>>
>>  Regards
>>    http://www.csscorp.com/common/email-disclaimer.php
>>
>
>   http://www.csscorp.com/common/email-disclaimer.php
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140602/645cd083/attachment.html>

More information about the Openstack mailing list