Can't create user, keystone conflict occurred attempting to store role

asked 2015-03-05 00:45:59 -0500

Sliter gravatar image

Actually, I got this problem solved but I am not able to figure out the reason. Could anybody shed some light on this?

Step to reproduce:

'#sliter@controller~: keystone tenant-create --name timo

'#sliter@controller~: keystone user-create --name timo --tenant -timo --pass password --email Conflict occurred attempting to store role

Step to resolve:

'#sliter@controller~: keystone role-delete __member_'_

After deleting the member role, user-create works fine


  1. You don't need to recreate the member role since user-create will automatically create the member role if it doesn't exist
  2. Delete and recreate any users which has been associated with the member role. Otherwise, you'll get errors. For example, you'll get "ERROR (CommandError): Invalid OpenStack Nova Credentials" when you run 'nova list' under such a user.

Some bakcgrounds may be helpful:

  1. Last time that I created tenants and users was several month ago, the beginning of December.
  2. One week ago, I found that a new compute node created had different nova version with the nova components on the controller node as well as those on the previous compute nodes (New:1:2014.2.1-0ub, Old:1:2014.2-0ub). This inconsistency prevents me from creating instances on the new compute node. I used update&dist-upgrade on all nodes and solved this problem.

My guess:

Is it because of the different version of keystone? Since the previous member role was created under the version of 1:2014.2-0ub and the keystone version 1:2014.2.1-0ub don't recognize such a member role

edit retag flag offensive close merge delete