Merge pull request #894 from stackhpc/steps-on-checking-keystone-changes

2023.1 upgrade: explain steps to check trust for _member_ role
stackhpc · Jan 25, 2024 · 5fb85d9 · 5fb85d9
2 parents c122b82 + 064e23c
commit 5fb85d9
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/doc/source/operations/octavia.rst b/doc/source/operations/octavia.rst
@@ -61,7 +61,7 @@ Access the database from a controller:
 
   docker exec -it mariadb bash
   mysql -u root -p  octavia
-  # Enter the database password when promted.
+  # Enter the database password when prompted.
 
 List the load balancers to find the ID of the broken one(s):
 

diff --git a/doc/source/operations/upgrading.rst b/doc/source/operations/upgrading.rst
@@ -76,6 +76,17 @@ Some things to watch out for:
 
      [auth]
      tempest_roles = creator,member
+* To check trusts for the _member_ role, you will need to list the role
+  assignments in the database, as only the trustor and trustee users can show
+  trust details from the CLI:
+
+  .. code-block:: console
+
+     openstack trust list
+     docker exec -it mariadb bash
+     mysql -u root -p  keystone
+     # Enter the database password when prompted.
+     SELECT * FROM trust_role WHERE trust_id = '<trust-id>' AND role_id = '<_member_-role-id>';
 
 OVN enabled by default
 ----------------------