yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #40368
[Bug 1507610] [NEW] Keystone v3 incompatable with keystone v2
Public bug reported:
Overview:
After an upgrade to using keystone v3 the old style of location ceases to work. This happens because it raises a 404 which in turn raises a 401. As it tries to go to the location /v2.0/auth/tokens which did not exist in v2, but rather the link is /v2.0/tokens.
How to reproduce:
Create an image with the 'old style' location. Something like this:
| locations | [{"url": "swift+http://service%3Aglance- |
| | swift:redacted@10.0.0.8:5000/v2.0/glance/2f174860-efe3-4d5a-8f73-83e7298523b8", |
| | "metadata": {}}]
Then upgrade to keystone v3. And try to run a copy-from or image-download. Such as:
glance image-download 2f174860-efe3-4d5a-8f73-83e7298523b8 --file /opt/out
Output:
Keystone v3:
sudo ngrep -W byline port 5000 -d lo
interface: lo (127.0.0.0/255.0.0.0)
filter: (ip or ip6) and ( port 5000 )
####
T 10.0.0.8:45256 -> 10.0.0.8:5000 [AP]
POST /v2.0/auth/tokens HTTP/1.1.
Host: 10.0.0.8:5000.
Content-Length: 222.
Accept-Encoding: gzip, deflate.
Accept: application/json.
User-Agent: python-keystoneclient.
Connection: keep-alive.
Content-Type: application/json.
.
{"auth": {"scope": {"project": {"domain": {"id": "default"}, "name": "service"}}, "identity": {"password": {"user": {"domain": {"id": "default"}, "password": "redacted", "name": "glance-swift"}}, "methods": ["password"]}}}
##
T 10.0.0.8:5000 -> 10.0.0.8:45256 [AP]
HTTP/1.1 404 Not Found.
Date: Mon, 19 Oct 2015 13:54:27 GMT.
Server: Apache/2.4.7 (Ubuntu).
Vary: X-Auth-Token.
x-openstack-request-id: req-c8c78196-1b77-4b4f-b0dc-8baa5144c30f.
Content-Length: 93.
Keep-Alive: timeout=5, max=100.
Connection: Keep-Alive.
Content-Type: application/json.
.
{"error": {"message": "The resource could not be found.", "code": 404, "title": "Not Found"}}
V2:
sudo ngrep -W byline port 5000 -d lo
interface: lo (127.0.0.0/255.0.0.0)
filter: (ip or ip6) and ( port 5000 )
####
T 10.0.0.8:45247 -> 10.0.0.8:5000 [AP]
POST /v2.0/tokens HTTP/1.1.
Host: 10.0.0.8:5000.
Content-Length: 112.
Accept-Encoding: gzip, deflate.
Accept: application/json.
User-Agent: python-keystoneclient.
Connection: keep-alive.
Content-Type: application/json.
.
{"auth": {"tenantName": "service", "passwordCredentials": {"username": "glance-swift", "password": "redacted"}}}
##
T 10.0.0.8:5000 -> 10.0.0.8:45247 [AP]
HTTP/1.1 200 OK.
Date: Mon, 19 Oct 2015 13:53:42 GMT.
Server: Apache/2.4.7 (Ubuntu).
Vary: X-Auth-Token.
x-openstack-request-id: req-cb538a90-5134-476d-b789-27fcf0576ad8.
Content-Length: 3407.
Keep-Alive: timeout=5, max=100.
Connection: Keep-Alive.
Content-Type: application/json.
** Affects: glance
Importance: Undecided
Assignee: Niall Bunting (niall-bunting)
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1507610
Title:
Keystone v3 incompatable with keystone v2
Status in Glance:
New
Bug description:
Overview:
After an upgrade to using keystone v3 the old style of location ceases to work. This happens because it raises a 404 which in turn raises a 401. As it tries to go to the location /v2.0/auth/tokens which did not exist in v2, but rather the link is /v2.0/tokens.
How to reproduce:
Create an image with the 'old style' location. Something like this:
| locations | [{"url": "swift+http://service%3Aglance- |
| | swift:redacted@10.0.0.8:5000/v2.0/glance/2f174860-efe3-4d5a-8f73-83e7298523b8", |
| | "metadata": {}}]
Then upgrade to keystone v3. And try to run a copy-from or image-download. Such as:
glance image-download 2f174860-efe3-4d5a-8f73-83e7298523b8 --file /opt/out
Output:
Keystone v3:
sudo ngrep -W byline port 5000 -d lo
interface: lo (127.0.0.0/255.0.0.0)
filter: (ip or ip6) and ( port 5000 )
####
T 10.0.0.8:45256 -> 10.0.0.8:5000 [AP]
POST /v2.0/auth/tokens HTTP/1.1.
Host: 10.0.0.8:5000.
Content-Length: 222.
Accept-Encoding: gzip, deflate.
Accept: application/json.
User-Agent: python-keystoneclient.
Connection: keep-alive.
Content-Type: application/json.
.
{"auth": {"scope": {"project": {"domain": {"id": "default"}, "name": "service"}}, "identity": {"password": {"user": {"domain": {"id": "default"}, "password": "redacted", "name": "glance-swift"}}, "methods": ["password"]}}}
##
T 10.0.0.8:5000 -> 10.0.0.8:45256 [AP]
HTTP/1.1 404 Not Found.
Date: Mon, 19 Oct 2015 13:54:27 GMT.
Server: Apache/2.4.7 (Ubuntu).
Vary: X-Auth-Token.
x-openstack-request-id: req-c8c78196-1b77-4b4f-b0dc-8baa5144c30f.
Content-Length: 93.
Keep-Alive: timeout=5, max=100.
Connection: Keep-Alive.
Content-Type: application/json.
.
{"error": {"message": "The resource could not be found.", "code": 404, "title": "Not Found"}}
V2:
sudo ngrep -W byline port 5000 -d lo
interface: lo (127.0.0.0/255.0.0.0)
filter: (ip or ip6) and ( port 5000 )
####
T 10.0.0.8:45247 -> 10.0.0.8:5000 [AP]
POST /v2.0/tokens HTTP/1.1.
Host: 10.0.0.8:5000.
Content-Length: 112.
Accept-Encoding: gzip, deflate.
Accept: application/json.
User-Agent: python-keystoneclient.
Connection: keep-alive.
Content-Type: application/json.
.
{"auth": {"tenantName": "service", "passwordCredentials": {"username": "glance-swift", "password": "redacted"}}}
##
T 10.0.0.8:5000 -> 10.0.0.8:45247 [AP]
HTTP/1.1 200 OK.
Date: Mon, 19 Oct 2015 13:53:42 GMT.
Server: Apache/2.4.7 (Ubuntu).
Vary: X-Auth-Token.
x-openstack-request-id: req-cb538a90-5134-476d-b789-27fcf0576ad8.
Content-Length: 3407.
Keep-Alive: timeout=5, max=100.
Connection: Keep-Alive.
Content-Type: application/json.
To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1507610/+subscriptions
Follow ups
