yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1693228] Re: Nova quota show/set give errors in verify_project_id

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1693228@xxxxxxxxxxxxxxxxxx>
Date: Mon, 05 Jun 2017 18:12:40 -0000
Reply-to: Bug 1693228 <1693228@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
*** This bug is a duplicate of bug 1667679 ***
    https://bugs.launchpad.net/bugs/1667679

Reviewed:  https://review.openstack.org/438049
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=4a2009a6fa2017013102d3d43e670334ebc60d9f
Submitter: Jenkins
Branch:    master

commit 4a2009a6fa2017013102d3d43e670334ebc60d9f
Author: Sean Dague <sean@xxxxxxxxx>
Date:   Fri Feb 24 13:56:03 2017 -0500

    Be more tolerant of keystone catalog configuration
    
    The previous attempt at validating against keystone assumed that users
    had an unversioned endpoint in their catalog. Most do not. This uses
    the keystoneauth discovery magic to do the right thing whether or not
    they have the versioned or unversioned endpoint, as long as they have
    a working v3 installation.
    
    It is also much more verbose on log messages when things go wrong.
    
    Change-Id: I509d406ca1f1f7b064aaca88645ad17685827267
    Related-Bug: #1667679
    Closes-Bug: #1693228


** Changed in: nova
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1693228

Title:
  Nova quota show/set give errors in verify_project_id

Status in OpenStack Compute (nova):
  Fix Released
Status in OpenStack Compute (nova) ocata series:
  New

Bug description:
  Description
  ===========

  'openstack quota show <project>' gives error in ocata.

  Log:
  2017-05-24 11:32:27.666 21595 DEBUG nova.api.openstack.wsgi [req-2fdb7c04-35d4-4cd3-aa12-9dd7a835db25 aad396bff0834baeb50beda5ade6ccaa aaf41996573a47ab996a9876313caaaa - default default] Calling method '<function version_select at 0x7f39f5828398>' _process_stack /openstack/venvs/nova-master/lib/python2.7/site-packages/nova/api/openstack/wsgi.py:624
  2017-05-24 11:32:28.143 21595 INFO nova.api.openstack.wsgi [req-2fdb7c04-35d4-4cd3-aa12-9dd7a835db25 aad396bff0834baeb50beda5ade6ccaa aaf41996573a47ab996a9876313caaaa - default default] HTTP exception thrown: Project ID aa4664722c924c979953bf264c4044aa is not a valid project.
  2017-05-24 11:32:28.147 21595 DEBUG nova.api.openstack.wsgi [req-2fdb7c04-35d4-4cd3-aa12-9dd7a835db25 aad396bff0834baeb50beda5ade6ccaa aaf41996573a47ab996a9876313caaaa - default default] Returning 400 to user: Project ID aa4664722c924c979953bf264c4044aa is not a valid project. __call__ /openstack/venvs/nova-master/lib/python2.7/site-packages/nova/api/openstack/wsgi.py:1041

  
  After some digging the error seems to be that in file:
  https://github.com/openstack/nova/blob/master/nova/api/openstack/identity.py#L34

  on line 34 the code reads: 'resp = sess.get('/v3/projects/%s' %
  project_id'

  It seems incorrect to enforce v3 endpoint here. Both due to that some are still using v2.0, and also because the endpoints for identity normally already includes the endpoint. 
  Before the request is sent to identity the url is merged with base url (In file: keystoneauth1/session.py line 516). 
  This results in an incorrect path with duplicate versions, that looks something like: http://<domain:port>/v3/v3/projects/<project_id> 
  ..which in turn gives a 404 response back to nova. Nova will present this as a 400 error stating the project does not exist.

  Changing the code from:
  'resp = sess.get('/v3/projects/%s' % project_id'
  to
  'resp = sess.get('/projects/%s' % project_id'

  ..will fix this particular issue and so far I have not seen any other
  impact and to me is seems logical to let the endpoint define
  versioning rather than enforcing it.

  
  Steps to reproduce
  ==================
  Use openstack client and run: openstack quota show <project>

  
  Expected result
  ===============
  Getting a result of project quota

  Actual result
  =============
  Nova returns 400 error: 'Project ID <project_id> is not a valid project'

  Environment
  ===========
  Ocata version running on KVM
  Installed via openstack-ansible
  Ceph backend
  Neutron

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1693228/+subscriptions
References

[Bug 1693228] [NEW] Nova quota show/set give errors in verify_project_id
From: Marcus Murwall, 2017-05-24