yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1665693] Re: "Passing insecure dynamic vendordata requests because of missing or incorrect service account configuration." warnings all over n-api logs

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1665693@xxxxxxxxxxxxxxxxxx>
Date: Fri, 03 Mar 2017 16:14:43 -0000
Reply-to: Bug 1665693 <1665693@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/435563
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=97e14fa3f39839491ff6c7de9572d277bec8f885
Submitter: Jenkins
Branch:    master

commit 97e14fa3f39839491ff6c7de9572d277bec8f885
Author: Matt Riedemann <mriedem@xxxxxxxxxx>
Date:   Fri Feb 17 13:31:41 2017 -0500

    Only create vendordata_dynamic ksa session if needed
    
    We're logging a warning about vendordata dynamic auth
    not being configured every time we create a server with
    a config drive. The dynamic vendordata v2 stuff is all
    optional and controlled via configuring:
    
    CONF.api.vendordata_dynamic_targets
    
    This change only attempts to create the ksa session
    when we try to make a request, which would only happen
    if CONF.api.vendordata_dynamic_targets is configured.
    
    Change-Id: I1a6f6776670a2fa1439782d10d2e0777df2683ae
    Closes-Bug: #1665693


** Changed in: nova
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1665693

Title:
  "Passing insecure dynamic vendordata requests because of missing or
  incorrect service account configuration." warnings all over n-api logs

Status in OpenStack Compute (nova):
  Fix Released
Status in OpenStack Compute (nova) ocata series:
  New

Bug description:
  I'm seeing these warnings all over the n-api logs in an ocata CI job
  run:

  http://logs.openstack.org/11/349011/3/check/gate-tempest-dsvm-neutron-
  full-ubuntu-xenial-
  ocata/bee08f9/logs/screen-n-api.txt.gz?level=TRACE#_2017-02-14_22_13_03_345

  2017-02-14 22:15:27.415 2678 WARNING
  nova.api.metadata.vendordata_dynamic [req-eb314972-d29e-436c-
  a2a7-fb189effb5c4 - -] Passing insecure dynamic vendordata requests
  because of missing or incorrect service account configuration.

  It's coming from here:

  http://git.openstack.org/cgit/openstack/nova/tree/nova/api/metadata/vendordata_dynamic.py#n52

  We should probably only log that once the first time we hit it since I
  don't think you can fix it without fixing the [vendordata] credentials
  in nova.conf and restarting nova-api.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1665693/+subscriptions

References

[Bug 1665693] [NEW] "Passing insecure dynamic vendordata requests because of missing or incorrect service account configuration." warnings all over n-api logs
From: Matt Riedemann, 2017-02-17