yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #26928
[Bug 1410622] Re: nova is still broken with boto==2.35*
Aha, the signature nova is passing to keystone:
1c314a588a431c92d83b00ca7450195c461857fb78018147065e43089af10788
is different from the generated signature in the keystone code:
8189a643a8669802f5e9e09bc835558cc8521b7edebb43d166e6b60469509d11
** Also affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1410622
Title:
nova is still broken with boto==2.35*
Status in OpenStack Identity (Keystone):
New
Status in OpenStack Compute (Nova):
Triaged
Bug description:
Bug 1408987 fixed one auth issue with the signature handling:
https://review.openstack.org/#/c/146124/
But when trying to uncap the requirement on master we hit two new
failures when trying to create a security group, we get auth failures
(401 failures to be exact).
Copied from comment 14 of bug 1408987:
This is still broken on master, when I tried to uncap the boto version
on master I get new auth failures:
http://logs.openstack.org/92/146592/1/check/check-tempest-dsvm-
full/7c375f8/console.html#_2015-01-12_19_11_36_102
2015-01-12 19:11:36.102 | tempest.thirdparty.boto.test_ec2_security_groups.EC2SecurityGroupTest.test_create_authorize_security_group
2015-01-12 19:11:36.102 | ----------------------------------------------------------------------------------------------------------
2015-01-12 19:11:36.102 |
2015-01-12 19:11:36.102 | Captured traceback:
2015-01-12 19:11:36.102 | ~~~~~~~~~~~~~~~~~~~
2015-01-12 19:11:36.103 | Traceback (most recent call last):
2015-01-12 19:11:36.103 | _StringException: Empty attachments:
2015-01-12 19:11:36.103 | stderr
2015-01-12 19:11:36.103 | stdout
2015-01-12 19:11:36.103 |
2015-01-12 19:11:36.103 | pythonlogging:'': {{{
2015-01-12 19:11:36.103 | 2015-01-12 19:07:12,279 27381 DEBUG [keystoneclient.auth.identity.v2] Making authentication request to http://127.0.0.1:5000/v2.0/tokens
2015-01-12 19:11:36.103 | 2015-01-12 19:07:13,359 27381 ERROR [boto] 401 Unauthorized
2015-01-12 19:11:36.103 | 2015-01-12 19:07:13,359 27381 ERROR [boto] <?xml version="1.0"?>
2015-01-12 19:11:36.103 | <Response><Errors><Error><Code>AuthFailure</Code><Message>Unauthorized</Message></Error></Errors><RequestID>req-81391f74-7caf-42a6-a3b8-ccd2c7d1cbdf</RequestID></Response>
2015-01-12 19:11:36.104 | }}}
2015-01-12 19:11:36.104 |
2015-01-12 19:11:36.104 | Traceback (most recent call last):
2015-01-12 19:11:36.104 | File "tempest/thirdparty/boto/test_ec2_security_groups.py", line 32, in test_create_authorize_security_group
2015-01-12 19:11:36.104 | group_description)
2015-01-12 19:11:36.104 | File "tempest/services/botoclients.py", line 84, in func
2015-01-12 19:11:36.104 | return getattr(conn, name)(*args, **kwargs)
2015-01-12 19:11:36.104 | File "/usr/local/lib/python2.7/dist-packages/boto/ec2/connection.py", line 3003, in create_security_group
2015-01-12 19:11:36.104 | SecurityGroup, verb='POST')
2015-01-12 19:11:36.105 | File "/usr/local/lib/python2.7/dist-packages/boto/connection.py", line 1207, in get_object
2015-01-12 19:11:36.105 | raise self.ResponseError(response.status, response.reason, body)
2015-01-12 19:11:36.105 | EC2ResponseError: EC2ResponseError: 401 Unauthorized
2015-01-12 19:11:36.105 | <?xml version="1.0"?>
2015-01-12 19:11:36.105 | <Response><Errors><Error><Code>AuthFailure</Code><Message>Unauthorized</Message></Error></Errors><RequestID>req-81391f74-7caf-42a6-a3b8-ccd2c7d1cbdf</RequestID></Response>
It's something to do with security groups this time.
http://logs.openstack.org/92/146592/1/check/check-tempest-dsvm-
full/7c375f8/logs/screen-n-api.txt.gz#_2015-01-12_19_07_13_357
2015-01-12 19:07:13.357 24624 DEBUG nova.api.ec2.faults [-] EC2 error
response: AuthFailure: Unauthorized ec2_error_response
/opt/stack/new/nova/nova/api/ec2/faults.py:29
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1410622/+subscriptions
References