yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #19636
[Bug 1362678] [NEW] multi-domain has problems with LDAP identity on default domain
Public bug reported:
What I try to achieve:
I want to authenticate all users of the default domain against our
company's central LDAP server. This works pretty good.
For Heat I need a user storage that is writable. Our central LDAP server
can not be written from OpenStack. Therefore I configured the heat
domain with SQL identity.
This all works up to the point, when the heat domain admin needs to be
authorized. This authorization request is always processed with the LDAP
identity. I don't know whether the domain is missing here for the
keystone V3 API authorization request or keystone does not route the
request correctly to the SQL identity. To clarify this, I opened this
bug and Steven Hardy encouraged me to do so.
/etc/keystone/keystone.conf:
[identity]
default_domain_id=default
domain_specific_drivers_enabled=true
domain_config_dir=/etc/keystone/domains
driver = keystone.identity.backends.ldap.Identity
[ldap]
url=ldap://ldap2.open-xchange.com:389
suffix=dc=open-xchange,dc=com
etc.
/etc/keystone/domains/keystone.heat.conf:
[identity]
driver = keystone.identity.backends.sql.Identity
[ldap]
/etc/heat/heat.conf:
deferred_auth_method=trusts
trusts_delegated_roles=heat_stack_owner
heat_stack_user_role=heat_stack_user
stack_user_domain=a904d890e0de47dc9f2090c20bb1f45c
stack_domain_admin=heat_domain_admin
stack_domain_admin_password=********
openstack --os-token $OS_TOKEN --os-url=http://contorller:5000/v3 --os-identity-api-version=3 domain list
+----------------------------------+---------+---------+----------------------------------------------------------------------+
| ID | Name | Enabled | Description |
+----------------------------------+---------+---------+----------------------------------------------------------------------+
| a904d890e0de47dc9f2090c20bb1f45c | heat | True | Owns users and projects created by heat |
| default | Default | True | Owns users and tenants (i.e. projects) available on Identity API v2. |
+----------------------------------+---------+---------+----------------------------------------------------------------------+
openstack --os-token $OS_TOKEN --os-url=http://controller:5000/v3 --os-identity-api-version=3 user create --password **** --domain a904d890e0de47dc9f2090c20bb1f45c --description "Manages users and projects created by heat" heat_domain_admin
+-------------+-------------------------------------------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------------------------------------------+
| description | Manages users and projects created by heat |
| domain_id | a904d890e0de47dc9f2090c20bb1f45c |
| enabled | True |
| id | 38877ca5daed4c9fbbb6c853d3d88e36 |
| links | {u'self': u'http://controller-test:5000/v3/users/38877ca5daed4c9fbbb6c853d3d88e36'} |
| name | heat_domain_admin |
+-------------+-------------------------------------------------------------------------------------+
openstack --os-token $OS_TOKEN --os-url=http://controller:5000/v3 --os-
identity-api-version=3 role add --user 38877ca5daed4c9fbbb6c853d3d88e36
--domain a904d890e0de47dc9f2090c20bb1f45c admin
Everything set up according to:
http://hardysteven.blogspot.de/2014/04/heat-auth-model-updates-part-1-trusts.html
http://hardysteven.blogspot.de/2014/04/heat-auth-model-updates-part-2-stack.html
I tested this using this example stack: https://github.com/openstack
/heat-templates/blob/master/hot/software-config/example-templates
/example-deploy-sequence.yaml
Then I get the following authentication problem in keystone:
2014-08-28 13:20:40.172 4915 INFO eventlet.wsgi.server [-] 10.20.31.200 - - [28/Aug/2014 13:20:40] "POST /v3/auth/tokens HTTP/1.1" 201 12110 0.163805
2014-08-28 13:20:40.326 4915 DEBUG keystone.middleware.core [-] Auth token not in the request header. Will not build auth context. process_request /usr/lib/python2.7/dist-packages/keystone/middleware/core.py:271
2014-08-28 13:20:40.329 4915 DEBUG keystone.common.wsgi [-] arg_dict: {} __call__ /usr/lib/python2.7/dist-packages/keystone/common/wsgi.py:181
2014-08-28 13:20:40.355 4915 DEBUG keystone.notifications [-] CADF Event: {'typeURI': 'http://schemas.dmtf.org/cloud/audit/1.0/event', 'initiator': {'typeURI': 'service/security/account/user', 'host': {'agent': 'python-keystoneclient', 'a
ddress': '10.20.31.200'}, 'id': 'openstack:d7c2f1ec-aae3-4fe5-8721-a82ca842eca3', 'name': u'38877ca5daed4c9fbbb6c853d3d88e36'}, 'target': {'typeURI': 'service/security/account/user', 'id': 'openstack:54c887e0-9820-46d8-9af5-1159960abf5c'}
, 'observer': {'typeURI': 'service/security', 'id': 'openstack:2186c327-ce39-415a-8dd0-6d99841365bb'}, 'eventType': 'activity', 'eventTime': '2014-08-28T11:20:40.355197+0000', 'action': 'authenticate', 'outcome': 'pending', 'id': 'opensta
ck:c8133c07-751e-4b52-9a23-33cd111c456e'} _send_audit_notification /usr/lib/python2.7/dist-packages/keystone/notifications.py:289
2014-08-28 13:20:40.378 4915 INFO passlib.registry [-] registered crypt handler 'sha512_crypt': <class 'passlib.handlers.sha2_crypt.sha512_crypt'>
2014-08-28 13:20:40.465 4915 DEBUG keystone.notifications [-] CADF Event: {'typeURI': 'http://schemas.dmtf.org/cloud/audit/1.0/event', 'initiator': {'typeURI': 'service/security/account/user', 'host': {'agent': 'python-keystoneclient', 'a
ddress': '10.20.31.200'}, 'id': 'openstack:d7c2f1ec-aae3-4fe5-8721-a82ca842eca3', 'name': u'38877ca5daed4c9fbbb6c853d3d88e36'}, 'target': {'typeURI': 'service/security/account/user', 'id': 'openstack:9c9ea536-26fc-438e-9a86-a07d541102e8'}
, 'observer': {'typeURI': 'service/security', 'id': 'openstack:06751111-ab05-4f79-a6ab-82185c519468'}, 'eventType': 'activity', 'eventTime': '2014-08-28T11:20:40.465304+0000', 'action': 'authenticate', 'outcome': 'success', 'id': 'opensta
ck:65b076a4-8220-4a99-864b-df390c56e28c'} _send_audit_notification /usr/lib/python2.7/dist-packages/keystone/notifications.py:289
2014-08-28 13:20:40.482 4915 DEBUG keystone.common.ldap.core [-] LDAP init: url=ldap://ldap2.open-xchange.com:389 __init__ /usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py:603
2014-08-28 13:20:40.486 4915 DEBUG keystone.common.ldap.core [-] LDAP init: use_tls=False
tls_cacertfile=None
tls_cacertdir=None
tls_req_cert=2
tls_avail=1
__init__ /usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py:613
2014-08-28 13:20:40.487 4915 DEBUG keystone.common.ldap.core [-] LDAP search: dn=ou=Users,ou=OxObjects,dc=open-xchange,dc=com, scope=1, query=(&(uid=38877ca5daed4c9fbbb6c853d3d88e36)(objectClass=posixAccount)), attrs=['mail', 'userPasswor
d', 'uid', 'mailEnabled'] search_s /usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py:704
2014-08-28 13:20:40.491 4915 DEBUG keystone.common.ldap.core [-] LDAP unbind unbind_s /usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py:677
2014-08-28 13:20:40.492 4915 WARNING keystone.common.wsgi [-] Could not find user, 38877ca5daed4c9fbbb6c853d3d88e36.
This results in the following error in Heat engine:
2014-08-28 13:20:38.539 407 INFO heat.engine.resource [-] creating Server "server_a" Stack "sequence" [c4ab8875-34a5-45b2-a2dc-0dfce18ef0d8]
2014-08-28 13:20:38.709 407 INFO urllib3.connectionpool [-] Starting new HTTPS connection (1): cloud.open-xchange.com
2014-08-28 13:20:39.081 407 INFO urllib3.connectionpool [-] Starting new HTTPS connection (1): cloud.open-xchange.com
2014-08-28 13:20:39.601 407 INFO urllib3.connectionpool [-] Starting new HTTPS connection (1): cloud.open-xchange.com
2014-08-28 13:20:39.979 407 INFO urllib3.connectionpool [-] Starting new HTTPS connection (1): cloud.open-xchange.com
2014-08-28 13:20:40.293 407 INFO urllib3.connectionpool [-] Starting new HTTPS connection (1): cloud.open-xchange.com
2014-08-28 13:20:40.495 407 ERROR heat.engine.resource [-] CREATE : Server "server_a" Stack "sequence" [c4ab8875-34a5-45b2-a2dc-0dfce18ef0d8]
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource Traceback (most recent call last):
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource File "/usr/lib/python2.7/dist-packages/heat/engine/resource.py", line 417, in _do_action
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource handle())
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource File "/usr/lib/python2.7/dist-packages/heat/engine/resources/server.py", line 480, in handle_create
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource self._create_transport_credentials()
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource File "/usr/lib/python2.7/dist-packages/heat/engine/resources/server.py", line 397, in _create_transport_credentials
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource self._create_user()
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource File "/usr/lib/python2.7/dist-packages/heat/engine/stack_user.py", line 44, in _create_user
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource self.stack.id)
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource File "/usr/lib/python2.7/dist-packages/heat/common/heat_keystoneclient.py", line 390, in create_stack_domain_project
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource domain_project = self.domain_admin_client.projects.create(
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource File "/usr/lib/python2.7/dist-packages/heat/common/heat_keystoneclient.py", line 133, in domain_admin_client
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource if c.authenticate(domain_id=self.stack_domain_id):
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource File "/usr/lib/python2.7/dist-packages/keystoneclient/utils.py", line 318, in inner
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource return func(*args, **kwargs)
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource File "/usr/lib/python2.7/dist-packages/keystoneclient/httpclient.py", line 392, in authenticate
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource resp = self.get_raw_token_from_identity_service(**kwargs)
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource File "/usr/lib/python2.7/dist-packages/keystoneclient/v3/client.py", line 178, in get_raw_token_from_identity_service
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource '%s' % e)
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource AuthorizationFailure: Authorization failed: Could not find user, 38877ca5daed4c9fbbb6c853d3d88e36. (HTTP 404)
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource
2014-08-28 13:20:40.605 407 INFO urllib3.connectionpool [-] Starting new HTTPS connection (1): cloud.open-xchange.com
2014-08-28 13:20:40.990 407 INFO urllib3.connectionpool [-] Starting new HTTPS connection (1): cloud.open-xchange.com
2014-08-28 13:20:41.570 407 WARNING heat.engine.service [-] Stack create failed, status FAILED
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1362678
Title:
multi-domain has problems with LDAP identity on default domain
Status in OpenStack Identity (Keystone):
New
Bug description:
What I try to achieve:
I want to authenticate all users of the default domain against our
company's central LDAP server. This works pretty good.
For Heat I need a user storage that is writable. Our central LDAP
server can not be written from OpenStack. Therefore I configured the
heat domain with SQL identity.
This all works up to the point, when the heat domain admin needs to be
authorized. This authorization request is always processed with the
LDAP identity. I don't know whether the domain is missing here for the
keystone V3 API authorization request or keystone does not route the
request correctly to the SQL identity. To clarify this, I opened this
bug and Steven Hardy encouraged me to do so.
/etc/keystone/keystone.conf:
[identity]
default_domain_id=default
domain_specific_drivers_enabled=true
domain_config_dir=/etc/keystone/domains
driver = keystone.identity.backends.ldap.Identity
[ldap]
url=ldap://ldap2.open-xchange.com:389
suffix=dc=open-xchange,dc=com
etc.
/etc/keystone/domains/keystone.heat.conf:
[identity]
driver = keystone.identity.backends.sql.Identity
[ldap]
/etc/heat/heat.conf:
deferred_auth_method=trusts
trusts_delegated_roles=heat_stack_owner
heat_stack_user_role=heat_stack_user
stack_user_domain=a904d890e0de47dc9f2090c20bb1f45c
stack_domain_admin=heat_domain_admin
stack_domain_admin_password=********
openstack --os-token $OS_TOKEN --os-url=http://contorller:5000/v3 --os-identity-api-version=3 domain list
+----------------------------------+---------+---------+----------------------------------------------------------------------+
| ID | Name | Enabled | Description |
+----------------------------------+---------+---------+----------------------------------------------------------------------+
| a904d890e0de47dc9f2090c20bb1f45c | heat | True | Owns users and projects created by heat |
| default | Default | True | Owns users and tenants (i.e. projects) available on Identity API v2. |
+----------------------------------+---------+---------+----------------------------------------------------------------------+
openstack --os-token $OS_TOKEN --os-url=http://controller:5000/v3 --os-identity-api-version=3 user create --password **** --domain a904d890e0de47dc9f2090c20bb1f45c --description "Manages users and projects created by heat" heat_domain_admin
+-------------+-------------------------------------------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------------------------------------------+
| description | Manages users and projects created by heat |
| domain_id | a904d890e0de47dc9f2090c20bb1f45c |
| enabled | True |
| id | 38877ca5daed4c9fbbb6c853d3d88e36 |
| links | {u'self': u'http://controller-test:5000/v3/users/38877ca5daed4c9fbbb6c853d3d88e36'} |
| name | heat_domain_admin |
+-------------+-------------------------------------------------------------------------------------+
openstack --os-token $OS_TOKEN --os-url=http://controller:5000/v3
--os-identity-api-version=3 role add --user
38877ca5daed4c9fbbb6c853d3d88e36 --domain
a904d890e0de47dc9f2090c20bb1f45c admin
Everything set up according to:
http://hardysteven.blogspot.de/2014/04/heat-auth-model-updates-part-1-trusts.html
http://hardysteven.blogspot.de/2014/04/heat-auth-model-updates-part-2-stack.html
I tested this using this example stack: https://github.com/openstack
/heat-templates/blob/master/hot/software-config/example-templates
/example-deploy-sequence.yaml
Then I get the following authentication problem in keystone:
2014-08-28 13:20:40.172 4915 INFO eventlet.wsgi.server [-] 10.20.31.200 - - [28/Aug/2014 13:20:40] "POST /v3/auth/tokens HTTP/1.1" 201 12110 0.163805
2014-08-28 13:20:40.326 4915 DEBUG keystone.middleware.core [-] Auth token not in the request header. Will not build auth context. process_request /usr/lib/python2.7/dist-packages/keystone/middleware/core.py:271
2014-08-28 13:20:40.329 4915 DEBUG keystone.common.wsgi [-] arg_dict: {} __call__ /usr/lib/python2.7/dist-packages/keystone/common/wsgi.py:181
2014-08-28 13:20:40.355 4915 DEBUG keystone.notifications [-] CADF Event: {'typeURI': 'http://schemas.dmtf.org/cloud/audit/1.0/event', 'initiator': {'typeURI': 'service/security/account/user', 'host': {'agent': 'python-keystoneclient', 'a
ddress': '10.20.31.200'}, 'id': 'openstack:d7c2f1ec-aae3-4fe5-8721-a82ca842eca3', 'name': u'38877ca5daed4c9fbbb6c853d3d88e36'}, 'target': {'typeURI': 'service/security/account/user', 'id': 'openstack:54c887e0-9820-46d8-9af5-1159960abf5c'}
, 'observer': {'typeURI': 'service/security', 'id': 'openstack:2186c327-ce39-415a-8dd0-6d99841365bb'}, 'eventType': 'activity', 'eventTime': '2014-08-28T11:20:40.355197+0000', 'action': 'authenticate', 'outcome': 'pending', 'id': 'opensta
ck:c8133c07-751e-4b52-9a23-33cd111c456e'} _send_audit_notification /usr/lib/python2.7/dist-packages/keystone/notifications.py:289
2014-08-28 13:20:40.378 4915 INFO passlib.registry [-] registered crypt handler 'sha512_crypt': <class 'passlib.handlers.sha2_crypt.sha512_crypt'>
2014-08-28 13:20:40.465 4915 DEBUG keystone.notifications [-] CADF Event: {'typeURI': 'http://schemas.dmtf.org/cloud/audit/1.0/event', 'initiator': {'typeURI': 'service/security/account/user', 'host': {'agent': 'python-keystoneclient', 'a
ddress': '10.20.31.200'}, 'id': 'openstack:d7c2f1ec-aae3-4fe5-8721-a82ca842eca3', 'name': u'38877ca5daed4c9fbbb6c853d3d88e36'}, 'target': {'typeURI': 'service/security/account/user', 'id': 'openstack:9c9ea536-26fc-438e-9a86-a07d541102e8'}
, 'observer': {'typeURI': 'service/security', 'id': 'openstack:06751111-ab05-4f79-a6ab-82185c519468'}, 'eventType': 'activity', 'eventTime': '2014-08-28T11:20:40.465304+0000', 'action': 'authenticate', 'outcome': 'success', 'id': 'opensta
ck:65b076a4-8220-4a99-864b-df390c56e28c'} _send_audit_notification /usr/lib/python2.7/dist-packages/keystone/notifications.py:289
2014-08-28 13:20:40.482 4915 DEBUG keystone.common.ldap.core [-] LDAP init: url=ldap://ldap2.open-xchange.com:389 __init__ /usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py:603
2014-08-28 13:20:40.486 4915 DEBUG keystone.common.ldap.core [-] LDAP init: use_tls=False
tls_cacertfile=None
tls_cacertdir=None
tls_req_cert=2
tls_avail=1
__init__ /usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py:613
2014-08-28 13:20:40.487 4915 DEBUG keystone.common.ldap.core [-] LDAP search: dn=ou=Users,ou=OxObjects,dc=open-xchange,dc=com, scope=1, query=(&(uid=38877ca5daed4c9fbbb6c853d3d88e36)(objectClass=posixAccount)), attrs=['mail', 'userPasswor
d', 'uid', 'mailEnabled'] search_s /usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py:704
2014-08-28 13:20:40.491 4915 DEBUG keystone.common.ldap.core [-] LDAP unbind unbind_s /usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py:677
2014-08-28 13:20:40.492 4915 WARNING keystone.common.wsgi [-] Could not find user, 38877ca5daed4c9fbbb6c853d3d88e36.
This results in the following error in Heat engine:
2014-08-28 13:20:38.539 407 INFO heat.engine.resource [-] creating Server "server_a" Stack "sequence" [c4ab8875-34a5-45b2-a2dc-0dfce18ef0d8]
2014-08-28 13:20:38.709 407 INFO urllib3.connectionpool [-] Starting new HTTPS connection (1): cloud.open-xchange.com
2014-08-28 13:20:39.081 407 INFO urllib3.connectionpool [-] Starting new HTTPS connection (1): cloud.open-xchange.com
2014-08-28 13:20:39.601 407 INFO urllib3.connectionpool [-] Starting new HTTPS connection (1): cloud.open-xchange.com
2014-08-28 13:20:39.979 407 INFO urllib3.connectionpool [-] Starting new HTTPS connection (1): cloud.open-xchange.com
2014-08-28 13:20:40.293 407 INFO urllib3.connectionpool [-] Starting new HTTPS connection (1): cloud.open-xchange.com
2014-08-28 13:20:40.495 407 ERROR heat.engine.resource [-] CREATE : Server "server_a" Stack "sequence" [c4ab8875-34a5-45b2-a2dc-0dfce18ef0d8]
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource Traceback (most recent call last):
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource File "/usr/lib/python2.7/dist-packages/heat/engine/resource.py", line 417, in _do_action
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource handle())
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource File "/usr/lib/python2.7/dist-packages/heat/engine/resources/server.py", line 480, in handle_create
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource self._create_transport_credentials()
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource File "/usr/lib/python2.7/dist-packages/heat/engine/resources/server.py", line 397, in _create_transport_credentials
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource self._create_user()
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource File "/usr/lib/python2.7/dist-packages/heat/engine/stack_user.py", line 44, in _create_user
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource self.stack.id)
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource File "/usr/lib/python2.7/dist-packages/heat/common/heat_keystoneclient.py", line 390, in create_stack_domain_project
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource domain_project = self.domain_admin_client.projects.create(
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource File "/usr/lib/python2.7/dist-packages/heat/common/heat_keystoneclient.py", line 133, in domain_admin_client
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource if c.authenticate(domain_id=self.stack_domain_id):
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource File "/usr/lib/python2.7/dist-packages/keystoneclient/utils.py", line 318, in inner
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource return func(*args, **kwargs)
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource File "/usr/lib/python2.7/dist-packages/keystoneclient/httpclient.py", line 392, in authenticate
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource resp = self.get_raw_token_from_identity_service(**kwargs)
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource File "/usr/lib/python2.7/dist-packages/keystoneclient/v3/client.py", line 178, in get_raw_token_from_identity_service
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource '%s' % e)
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource AuthorizationFailure: Authorization failed: Could not find user, 38877ca5daed4c9fbbb6c853d3d88e36. (HTTP 404)
2014-08-28 13:20:40.495 407 TRACE heat.engine.resource
2014-08-28 13:20:40.605 407 INFO urllib3.connectionpool [-] Starting new HTTPS connection (1): cloud.open-xchange.com
2014-08-28 13:20:40.990 407 INFO urllib3.connectionpool [-] Starting new HTTPS connection (1): cloud.open-xchange.com
2014-08-28 13:20:41.570 407 WARNING heat.engine.service [-] Stack create failed, status FAILED
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1362678/+subscriptions
Follow ups
References
