Platform9 Edge Cloud
Latest
Frequently Asked Questions
How To
Solution
Internal Only
Templates
Powered By
Title
Message
Create new category
What is the title of your new category?
Edit page index title
What is the title of the page index?
Edit category
What is the new title of your category?
Edit link
What is the new title and URL of your link?
Multiple Local Keystone User Authorisation Failed with "AssertionError: User is disabled" Error
Copy Markdown
Open in ChatGPT
Open in Claude
Problem
- Local users failing to authorise and below mentioned error was observed in the
keystonelogs during the time of issue.
Bash
2022-06-14 14:37:29,304.304 2083 WARNING keystone.auth.plugins.core [req-a0fcf859-5081-4c7d-b08c-cccaea530f2e - - - - -] User is disabled: 8217XXXXXXXXXXXXXXXXXXd4d2: AssertionError: User is disabled: 8217XXXXXXXXXXXXXXXXXXd4d2Environment
- Platform9 Edge Cloud - v5.1 and Above
Cause
- This issue has been observed after the Reboot or Migration activity of the Management Plane Host.
- The exact cause of the issue is still unknown but it is suspected due to the mysql database corruption.
- The similar issue can also be observed for
qbert,resmgrandappbertlocal users which can result in authorisation failures for the respective components
Resolution
- Check the value for
last_active_atparameter in MySQL DB for the affected users and confirm that the date entry mentioned in there is very old.
mysql
x
# mysql keystone -e "select * from user;\G" | grep 1970 1633e4090cc841708654052ca307fddb {"is_local": true, "email": null, "default_project": "328168c0ebdd4efbb6fdd4d873f35634"} 1 NULL 2021-07-26 08:30:37 1970-01-03 default8afbec2f4d5043f68633bb68f465ffff {"email": null, "description": null} 1 acee693e09c649de98324e053d63b648 2021-07-26 08:31:10 1970-01-03 defaulta1af8eb6882c44f198dea1375345f1ef {"email": null, "description": null} 1 acee693e09c649de98324e053d63b648 2021-07-26 08:31:09 1970-01-03 defaulte3285eb41d0b4fed99649afa8568ba5e {"email": null, "description": null} 1 acee693e09c649de98324e053d63b648 2021-07-26 08:33:44 1970-01-03 defaultCheck if the affected users are enabled or disabled using the command mentioned below.
Bash
xxxxxxxxxx# openstack user show admin@airctl.localnet --insecure -c enabled -vSTART with options: [u'user', u'show', u'admin@airctl.localnet', u'--insecure', u'-c', u'enabled', u'-v']command: user show -> openstackclient.identity.v3.user.ShowUser (auth=True)Using auth plugin: password+---------+-------+| Field | Value |+---------+-------+| enabled | False |+---------+-------+Check if the disable_user_account_days_inactive parameter is enabled in the keystone.conf file.
Bash
xxxxxxxxxx# less /etc/keystone/keystone.conf | grep -i "disable_user_account_days_inactive"#disable_user_account_days_inactive = <None>disable_user_account_days_inactive = 3650Comment the disable_user_account_days_inactive parameter in the /etc/keystone/keystone.conf file and restart the keystone service.
command
xxxxxxxxxx# vi /etc/keystone/keystone.conf----#disable_user_account_days_inactive=3650---- # systemctlrestarthttpdIf the qbert , resmgr and appbert users are also affected due to this issue then restart the pf9-resmgr , pf9-qbert and pf9-appbert services on the management plane.
Bash
xxxxxxxxxx# systemctl restart pf9-resmgr pf9-qbert pf9-appbertThis should help to resolve the authorisation issue with the respective user and service.
VariableType to search · ESC to discard
GlossaryType to search · ESC to discard
InsertType to search · ESC to discard
No matches
Last updated on
Was this page helpful?
Discard Changes
Do you want to discard your current changes and overwrite with the template?
Archive Synced Block
Message
Create new Template
What is this template's title?
Delete Template
Message