member role for keystone incorrectly created as Member instead of member

We're gonna need more info to properly investigate this. Please provide the bundle you're using, and charm revisions if they're not in the bundle.

Can you confirm this is the documentation you're following? https://ubuntu.com/kubernetes/docs/ldap

> there is an error received that says "Could not find default role 'member' in Keystone"

You're seeing this in the openstack dashboard, correct?

Bundle with overlay at the bottom at (sanitized): https://pastebin.ubuntu.com/p/XdHtFSjXgW/

I am using that doc, it is at the Create a project for Kubernetes step that this error occurs.

Screenshot uploaded.

And yes, this is in the openstack-dashboard.

Charm versions

canal waiting 0/2 canal local 0 ubuntu

canonical-livepatch waiting 0/5 canonical-livepatch jujucharms 35 ubuntu

containerd maintenance 2 containerd jujucharms 61 ubuntu

control 18.04 active 3 ubuntu jujucharms 15 ubuntu

etcd waiting 0/3 etcd jujucharms 521 ubuntu

filebeat waiting 1/5 filebeat jujucharms 32 ubuntu

hacluster-dashboard waiting 0 hacluster jujucharms 68 ubuntu

hacluster-keystone waiting 0 hacluster jujucharms 68 ubuntu

hacluster-kubeapi-lb waiting 0 hacluster jujucharms 68 ubuntu

hacluster-mysql waiting 0 hacluster jujucharms 68 ubuntu

hisec-policy-routing waiting 1/2 policy-routing jujucharms 3 ubuntu

keystone waiting 1/3 keystone jujucharms 315 ubuntu

keystone-ldap waiting 0 keystone-ldap jujucharms 29 ubuntu

kubeapi-load-balancer waiting 1/3 kubeapi-load-balancer jujucharms 730 ubuntu exposed

kubernetes-master waiting 1/3 kubernetes-master jujucharms 850 ubuntu

kubernetes-worker 1.18.4 blocked 9/12 kubernetes-worker jujucharms 682 ubuntu exposed

landscape-client waiting 1/5 landscape-client jujucharms 33 ubuntu

losec-policy-routing waiting 0/3 policy-routing jujucharms 3 ubuntu

mysql waiting 0/3 percona-cluster jujucharms 290 ubuntu

nrpe-container waiting 0 nrpe jujucharms 64 ubuntu

nrpe-host waiting 1/5 nrpe jujucharms 64 ubuntu

ntp waiting 1/5 ntp jujucharms 39 ubuntu

openstack-dashboard waiting 1/3 openstack-dashboard jujucharms 304 ubuntu exposed

public-policy-routing waiting 0/2 policy-routing jujucharms 3 ubuntu

sysconfig waiting 0/3 sysconfig jujucharms 1 ubuntu

telegraf waiting 1/5 telegraf jujucharms 36 ubuntu

Thanks for the details. I'm able to reproduce this using a reduced bundle that's just keystone, openstack-dashboard, and percona-cluster - no kubernetes-master at all.

Looks like the keystone charm creates the Member role with capitalization[1], but the openstack-dashboard charm is configured with default-role=member, uncapitalized[2].

You can work around this by configuring the openstack-dashboard charm with `default-role=Member`.

I've transferred this issue over to the charm-keystone and charm-openstack-dashboard projects, since the issue seems to lie between those.

[1]: https://github.com/openstack/charm-keystone/blob/4eb640ab56a48f49f354fd4c4ae929c763e72f61/hooks/keystone_utils.py#L1529
[2]: https://github.com/openstack/charm-openstack-dashboard/blob/ce9017ea98ed526b5b31c53093bf9e61e06cd0a4/config.yaml#L59

This is odd as I believed that the keystone charm now creates the role all in lower case (aligning charm behaviour with the upstream keystone bootstrap behaviour).

I realize i didn't previously add that this was in Queens.

Didn't see the.problem in Stein.

On Thu, Jul 23, 2020, 2:40 AM James Page <email address hidden> wrote:

> This is odd as I believed that the keystone charm now creates the role
> all in lower case (aligning charm behaviour with the upstream keystone
> bootstrap behaviour).
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1885947
>
> Title:
> member role for keystone incorrectly created as Member instead of
> member
>
> Status in OpenStack keystone charm:
> New
> Status in OpenStack openstack-dashboard charm:
> New
>
> Bug description:
> When trying to add a project on a newly deploy kubernetes environment
> with keystone and keystone-ldap incorporated into the bundle and
> keystone related to kubernetes-master, a role of the name Member is
> created.
>
> When attempting to make the 'k8s' project as per the Keystone
> documentation, there is an error received that says "Could not find
> default role 'member' in Keystone"
>
> temporarily renaming the role to Member2, and then changing it to
> member resolves this issue and the project can then be created and the
> roles assigned to the project.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/charm-keystone/+bug/1885947/+subscriptions
>

With this[0] commit, the keystone charm transitioned away from using admin_token to initialize everything and instead now uses keystone bootstrap.

[0] https://opendev.org/openstack/charm-keystone/commit/0a02c30fe5f4650235519897b71588ae22fa0971

A side effect of this change is that we now use the upstream default "member" for the name of the role. This commit was back in March and the specific charm rev that picked this up is keystone-313 which seems to have been released May 21.

I had this same issue.

For those upgrading to newer charms, all i did was

openstack role set --name member <Original ID of Member Role>

I think this should be fixed in the 20.10 charms.
https://bugs.launchpad.net/charm-keystone/+bug/1890437

Could you please verify which versions of the charm you are on?

It is fixed as far as I can tell.