group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1611987] Re: [SRU] glance-simplestreams-sync charm doesn't support keystone v3

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: David Ames <david.ames@xxxxxxxxxxxxx>
Date: Mon, 11 Jun 2018 22:12:01 -0000
Reply-to: Bug 1611987 <1611987@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
** Changed in: charm-glance-simplestreams-sync
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1611987

Title:
  [SRU] glance-simplestreams-sync charm doesn't support keystone v3

Status in OpenStack glance-simplestreams-sync charm:
  Fix Released
Status in Glance - Simplestreams Sync Charm:
  Invalid
Status in simplestreams:
  Confirmed
Status in simplestreams package in Ubuntu:
  Fix Released
Status in simplestreams source package in Xenial:
  Confirmed
Status in simplestreams source package in Artful:
  Confirmed
Status in simplestreams source package in Bionic:
  Fix Released
Status in glance-simplestreams-sync package in Juju Charms Collection:
  Invalid

Bug description:
  [Impact]

  simplestreams can't sync images when keystone is configured to use v3,
  keystone v2 is deprecated since mitaka[0] (the version shipped with
  xenial)

  The OpenStack Keystone charm supports v3 only since Queens and
  later[1]

  [Test Case]

  * deploy a openstack environment with keystone v3 enabled
    - get a copy of the bundle available at http://paste.ubuntu.com/p/hkhsHKqt4h/ , this bundle deploys a minimal version of xenial-mitaka.

  Expected result:

  - "glance image-list" lists trusty and xenial images
  - the file glance-simplestreams-sync/0:/var/log/glance-simplestreams-sync.log contains details of the images pulled from cloud-images.u.c (example: https://pastebin.ubuntu.com/p/RWG8QrkVDz/ )

  Actual result:

  - "glance image-list" is empty
  - the file glance-simplestreams-sync/0:/var/log/glance-simplestreams-sync.log contains the following stacktrace
  INFO * 04-09 22:04:06 [PID:14571] * root * Calling DryRun mirror to get item list
  ERROR * 04-09 22:04:06 [PID:14571] * root * Exception during syncing:
  Traceback (most recent call last):
    File "/usr/share/glance-simplestreams-sync/glance-simplestreams-sync.py", line 471, in main
      do_sync(charm_conf, status_exchange)
    File "/usr/share/glance-simplestreams-sync/glance-simplestreams-sync.py", line 232, in do_sync
      objectstore=store)
    File "/usr/lib/python2.7/dist-packages/simplestreams/mirrors/glance.py", line 374, in __init__
      super(ItemInfoDryRunMirror, self).__init__(config, objectstore)
    File "/usr/lib/python2.7/dist-packages/simplestreams/mirrors/glance.py", line 126, in __init__
      self.keystone_creds = openstack.load_keystone_creds()
    File "/usr/lib/python2.7/dist-packages/simplestreams/openstack.py", line 61, in load_keystone_creds
      raise ValueError("(tenant_id or tenant_name)")
  ValueError: (tenant_id or tenant_name)

  [Regression Potential]

  * A possible regression will manifest itself figuring out if v2 or v3
  should be used, after the connection is made there are no further
  changes introduced by this SRU

  [Other Info]

  I was deploying a Mitaka Trusty 16.04 charm based Openstack cloud
  (using the cloud archives), including glance-simplestreams-sync, using
  keystone v3.

  Once I had everything deployed, the glance-simplestreams-sync service
  couldn't authenticate because it's using keystone v2, not v3, as you
  can see from the following:

  INFO      * 08-10 23:16:01 [PID:33554] * root * glance-simplestreams-sync started.
  DEBUG     * 08-10 23:16:01 [PID:33554] * keystoneclient.session * REQ: curl -i -X POST http://x.y.z.240:5000/v2.0/tokens -H "Content-Type: application/json" -H "User-Agent: python-keystoneclient" -d '{"auth": {"passwordCredentials": {"username": "image-stream", "password": "thisisnotapassword"}, "tenantId": "blahblahtenantidblahblah"}}'
  INFO      * 08-10 23:16:01 [PID:33554] * urllib3.connectionpool * Starting new HTTP connection (1): x.y.z.240
  DEBUG     * 08-10 23:16:01 [PID:33554] * urllib3.connectionpool * Setting read timeout to None
  DEBUG     * 08-10 23:16:01 [PID:33554] * urllib3.connectionpool * "POST /v2.0/tokens HTTP/1.1" 401 114
  DEBUG     * 08-10 23:16:01 [PID:33554] * keystoneclient.session * RESP: [401] CaseInsensitiveDict({'content-length': '114', 'vary': 'X-Auth-Token', 'server': 'Apache/2.4.7 (Ubuntu)', 'date': 'Wed, 10 Aug 2016 23:16:01 GMT', 'www-authenticate': 'Keystone uri="http://x.y.z.240:5000";', 'x-openstack-request-id': 'req-f8aaf12d-01ea-46be-869a-6948ab38361b', 'content-type': 'application/json', 'x-distribution': 'Ubuntu'})
  RESP BODY: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}

  DEBUG     * 08-10 23:16:01 [PID:33554] * keystoneclient.session * Request returned failure status: 401
  DEBUG     * 08-10 23:16:01 [PID:33554] * keystoneclient.v2_0.client * Authorization Failed.

  Please update the charm to understand when its using keystone v3 and
  use the right auth methods.

  Related bugs:
   * bug 1686437: glance sync: need keystone v3 auth support

To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-glance-simplestreams-sync/+bug/1611987/+subscriptions