keystone manage cannot handle several roles with name 'admin' in specific domains in Red Hat OpenStack Platform 13

Solution In Progress - Updated -

Issue

openstack overcloud deploy fails with:

(...)
    TASK [Run docker-puppet tasks (generate config) during step 3] *****************
    skipping: [localhost]

    TASK [Debug output for task: Run docker-puppet tasks (generate config) during step 3] ***
    skipping: [localhost]

    TASK [Start containers for step 3] *********************************************
    ok: [localhost]

    TASK [Debug output for task: Start containers for step 3] **********************
    fatal: [localhost]: FAILED! => {
        "failed_when_result": true,
        "outputs.stdout_lines|default([])|union(outputs.stderr_lines|default([]))": [
            "Error running ['docker', 'exec', '--user=root', u'keystone', '/usr/bin/bootstrap_host_exec', 'keystone', 'keystone-manage', 'bootstrap', '--bootstrap-password', '<password>']. [1]",
            "",
            "stdout: ",
            "stderr: "
        ]
    }
(...)

The keystone logs show:

[root@overcloud-controller-0 ~]# grep ERROR /var/log/containers/keystone/ -R
/var/log/containers/keystone/keystone.log:2019-12-18 14:35:15.300 104309 ERROR keystone Traceback (most recent call last):
/var/log/containers/keystone/keystone.log:2019-12-18 14:35:15.300 104309 ERROR keystone   File "/usr/bin/keystone-manage", line 10, in <module>
/var/log/containers/keystone/keystone.log:2019-12-18 14:35:15.300 104309 ERROR keystone     sys.exit(main())
/var/log/containers/keystone/keystone.log:2019-12-18 14:35:15.300 104309 ERROR keystone   File "/usr/lib/python2.7/site-packages/keystone/cmd/manage.py", line 44, in main
/var/log/containers/keystone/keystone.log:2019-12-18 14:35:15.300 104309 ERROR keystone     cli.main(argv=sys.argv, config_files=config_files)
/var/log/containers/keystone/keystone.log:2019-12-18 14:35:15.300 104309 ERROR keystone   File "/usr/lib/python2.7/site-packages/keystone/cmd/cli.py", line 1349, in main
/var/log/containers/keystone/keystone.log:2019-12-18 14:35:15.300 104309 ERROR keystone     CONF.command.cmd_class.main()
/var/log/containers/keystone/keystone.log:2019-12-18 14:35:15.300 104309 ERROR keystone   File "/usr/lib/python2.7/site-packages/keystone/cmd/cli.py", line 398, in main
/var/log/containers/keystone/keystone.log:2019-12-18 14:35:15.300 104309 ERROR keystone     klass.do_bootstrap()
/var/log/containers/keystone/keystone.log:2019-12-18 14:35:15.300 104309 ERROR keystone   File "/usr/lib/python2.7/site-packages/keystone/cmd/cli.py", line 309, in do_bootstrap
/var/log/containers/keystone/keystone.log:2019-12-18 14:35:15.300 104309 ERROR keystone     user['id'], self.role_id
/var/log/containers/keystone/keystone.log:2019-12-18 14:35:15.300 104309 ERROR keystone   File "/usr/lib/python2.7/site-packages/keystone/common/manager.py", line 116, in wrapped
/var/log/containers/keystone/keystone.log:2019-12-18 14:35:15.300 104309 ERROR keystone     __ret_val = __f(*args, **kwargs)
/var/log/containers/keystone/keystone.log:2019-12-18 14:35:15.300 104309 ERROR keystone   File "/usr/lib/python2.7/site-packages/keystone/assignment/core.py", line 1183, in create_system_grant_for_user
/var/log/containers/keystone/keystone.log:2019-12-18 14:35:15.300 104309 ERROR keystone     'role_id': role_id
/var/log/containers/keystone/keystone.log:2019-12-18 14:35:15.300 104309 ERROR keystone ValidationError: Role 5949f2abb70a4dc69a3207e5d1b033a2 is a domain-specific role. Unable to use a domain-specific role in a system assignment.
/var/log/containers/keystone/keystone.log:2019-12-18 14:35:15.300 104309 ERROR keystone 
[root@overcloud-controller-0 ~]#

Environment

Red Hat OpenStack Platform 13

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content