Upgrading from folsom to grizzly results in all tenants/users being disabled

Reviewed: https://review.openstack.org/26627
Committed: http://github.com/openstack/keystone/commit/61629c30ae4bc5326bcf6cc6ffeb516473130097
Submitter: Jenkins
Branch: master

commit 61629c30ae4bc5326bcf6cc6ffeb516473130097
Author: Dolph Mathews <email address hidden>
Date: Wed Apr 10 10:04:16 2013 -0500

    Use is_enabled() in folsom->grizzly upgrade (bug 1167421)

    Change-Id: Iddc10167c94deacec07cab7ec9316849263fb462

Fix proposed to branch: stable/grizzly
Review: https://review.openstack.org/26857

Status changed to 'Confirmed' because the bug affects multiple users.

Reviewed: https://review.openstack.org/26857
Committed: http://github.com/openstack/keystone/commit/717f1aa7f6cb5f01fe16a516644c96419c6900c5
Submitter: Jenkins
Branch: stable/grizzly

commit 717f1aa7f6cb5f01fe16a516644c96419c6900c5
Author: Dolph Mathews <email address hidden>
Date: Wed Apr 10 10:04:16 2013 -0500

    Use is_enabled() in folsom->grizzly upgrade (bug 1167421)

    Change-Id: Iddc10167c94deacec07cab7ec9316849263fb462

Hello Matt, or anyone else affected,

Accepted keystone into raring-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/keystone/1:2013.1.1-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

davewalker - can we get this packaged for precise as well?

Joseph- The 2013.1.1 update has also been backported to precise via the Ubuntu Cloud Archive. It is currently sitting in the precise-grizzly/proposed pocket and will be released into the main, precise-grizzly/updates pocket when the corresponding 2013.1.1 update for Raring passes verification. Watch here or subscribe to Bug #1179626 to track progress.

Packages keystone_2013.1.1-0ubuntu1_all.deb and python-keystone_2013.1.1-0ubuntu1_all.deb worked for me when upgrading from folsom to grizzly.

On a side note, this issue reported should have only been an issue when you have data like this in the "extra" column in the keystone.user table:

{"password": null, "enabled": "true", "email": null, "tenantId": "2f216605a48148f89d4390fc63e64819"}

If your data was like this, it would have migrated correctly:

{"password": null, "enabled": true, "email": null, "tenantId": "2f216605a48148f89d4390fc63e64819"}

This tripped me up as I tried doing some vanilla upgrades from folsom to grizzly using precise-proposed/folsom and precise-proposed/grizzly (which still has 1:2013.1-0ubuntu1.1~cloud0) and was unable to replicate the issue with some newly created dummy users/tenants.

Thanks!

-Matt

This bug was fixed in the package keystone - 1:2013.1.1-0ubuntu2

---------------
keystone (1:2013.1.1-0ubuntu2) raring-proposed; urgency=low

  * Rebase against latest security updates.
  * Dropped patches:
    - debian/patches/CVE-2013-2059.patch: [678b06a]

keystone (1:2013.1.1-0ubuntu1) raring-proposed; urgency=low

  * Resynchronize with stable/grizzly (678b06a9) (LP: #1179626):
    - [678b06a] Deleted user can still create instances LP: 1166670
    - [b874c8f] keystone ipv6 tests fail LP: 1176204
    - [3aa0f45] Set defaultbranch in .gitreview to stable/grizzly
    - [c5037dd] admin_token and LDAP password show up in log in DEBUG mode
      LP: 1172195
    - [76efb5c] residual grants after delete action LP: 1125637
    - [2b5b24e] PKI support breaks memcache token backend LP: 1119641
    - [9446a99] non-default auth plugins can't be configured LP: 1157515
    - [717f1aa] Upgrading from folsom to grizzly results in all tenants/users
      being disabled (LP: #1167421)
 -- James Page <email address hidden> Fri, 17 May 2013 10:42:16 +0100

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.