yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #93487
[Bug 2053297] [NEW] LDAP keystone.exception.DomainNotFound: Could not find domain:
Public bug reported:
Openstack version: 2023.1
Deployment tool: kolla-ansible
OS: Ubuntu 22.04
Integrating keystone with LDAP for Centralized authentication.
# /etc/kolla/config/keystone/domains/keystone.eng.conf
# Ansible managed
[identity]
driver = ldap
domain_config_dir = /etc/keystone/domains
domain_specific_drivers_enabled = True
[assignment]
driver = sql
[ldap]
debug_level = 4095
group_allow_create = False
group_allow_delete = False
group_allow_update = False
group_id_attribute = cn
group_member_attribute = memberof
group_name_attribute = cn
group_objectclass = organizationalUnit
group_tree_dn = cn=groups,cn=compat,dc=example,dc=com
password = XXXXXXXXXXXXXXXXXX
project_allow_create = False
project_allow_delete = False
project_allow_update = False
role_allow_create = False
role_allow_delete = False
role_allow_update = False
suffix = dc=example,dc=com
tls_cacertfile = /etc/keystone/ssl/ipa-ldap.crt
tls_req_cert = allow
url = ldaps://ldap.example.com
use_dump_member = False
use_tls = False
user = uid=svc-openstack,cn=users,cn=accounts,dc=example,dc=com
user_allow_create = False
user_allow_delete = False
user_allow_update = False
user_enabled_attribute = userAccountControl
user_filter = (memberof=cn=openstack-eng,cn=groups,cn=accounts,dc=example,dc=com)
user_id_attribute = cn
user_mail_attribute = mail
user_name_attribute = uid
user_objectclass = person
user_pass_attribute = password
user_tree_dn = cn=users,cn=accounts,dc=example,dc=com
When I list all users from ldap domain I can see list of users in output
# openstack user list --domain eng
+------------------------------------------------------------------+----------------+
| ID | Name |
+------------------------------------------------------------------+----------------+
| 5941b66ab2dd5c288b9c43af63eac64802e7fcc13f93a39341d0972623dea482 | user1 |
| cbadc09bf614aae6cb02ec55a7c0339d23fb23862465006117574856f5a9ea25 | user2 |
| b2c2da99373ad98a4b266fdaba5773ad8284e53b6e6d6814d739a671c57036a1 | user3 |
| 76c268f25474aad5bad0035bec482ada7ceb94f82d8d46b4973091b120d1b925 | spatel |
| 018019fc1b632ea62a339bd6610ef3011dc95aaae01b0b7fa4f72d836c1a816f | user4 |
Same time I am seeing this error in keystone.log file. Thought I should
report the errors.
2024-02-15 20:41:57.658 22 WARNING keystone.common.password_hashing [None req-01863ce5-e57b-41e9-80ec-e994166b9757 - - - - - -] Truncating password to algorithm specific maximum length 72 characters.
2024-02-15 20:42:03.209 25 WARNING keystone.common.rbac_enforcer.enforcer [None req-4f4495f7-2527-4463-84fe-1d795fcb946e f55d38aca4384bfdb32806d5ca452c66 32f16f689e8445e0bf74c59c57096b3a - - default default] Deprecated policy rules found. Use oslopolicy-policy-generator and oslopolicy-policy-upgrade to detect and resolve deprecated policies in your configuration.
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application [None req-4f4495f7-2527-4463-84fe-1d795fcb946e f55d38aca4384bfdb32806d5ca452c66 32f16f689e8445e0bf74c59c57096b3a - - default default] Could not find domain: eng.: keystone.exception.DomainNotFound: Could not find domain: eng.
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application Traceback (most recent call last):
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/keystone/resource/core.py", line 712, in get_domain
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application project = self.driver.get_project(domain_id)
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/keystone/resource/backends/sql.py", line 49, in get_project
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application return self._get_project(session, project_id).to_dict()
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/keystone/resource/backends/sql.py", line 44, in _get_project
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application raise exception.ProjectNotFound(project_id=project_id)
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application keystone.exception.ProjectNotFound: Could not find project: eng.
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application During handling of the above exception, another exception occurred:
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application Traceback (most recent call last):
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/flask/app.py", line 1820, in full_dispatch_request
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application rv = self.dispatch_request()
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/flask/app.py", line 1796, in dispatch_request
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/flask_restful/__init__.py", line 467, in wrapper
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application resp = resource(*args, **kwargs)
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/flask/views.py", line 107, in view
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application return current_app.ensure_sync(self.dispatch_request)(**kwargs)
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/flask_restful/__init__.py", line 582, in dispatch_request
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application resp = meth(*args, **kwargs)
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/keystone/api/domains.py", line 89, in get
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application return self._get_domain(domain_id)
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/keystone/api/domains.py", line 97, in _get_domain
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application domain = PROVIDERS.resource_api.get_domain(domain_id)
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/keystone/common/manager.py", line 115, in wrapped
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application __ret_val = __f(*args, **kwargs)
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/decorator.py", line 232, in fun
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application return caller(func, *(extras + args), **kw)
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/dogpile/cache/region.py", line 1577, in get_or_create_for_user_func
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application return self.get_or_create(
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/dogpile/cache/region.py", line 1042, in get_or_create
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application with Lock(
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/dogpile/lock.py", line 185, in __enter__
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application return self._enter()
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/dogpile/lock.py", line 94, in _enter
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application generated = self._enter_create(value, createdtime)
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/dogpile/lock.py", line 178, in _enter_create
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application return self.creator()
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/dogpile/cache/region.py", line 995, in gen_value
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application created_value = creator(
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/keystone/resource/core.py", line 718, in get_domain
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application raise exception.DomainNotFound(domain_id=domain_id)
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application keystone.exception.DomainNotFound: Could not find domain: eng.
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application
2024-02-15 20:42:08.030 23 WARNING py.warnings [None req-1d1b3838-65b0-4620-8554-eae9b43bd2d8 f55d38aca4384bfdb32806d5ca452c66 32f16f689e8445e0bf74c59c57096b3a - - default default] /var/lib/kolla/venv/lib/python3.10/site-packages/oslo_policy/policy.py:1129: UserWarning: Policy "identity:list_domains": "role:reader and system_scope:all" failed scope check. The token used to make the request was project scoped but the policy requires ['system'] scope. This behavior may change in the future where using the intended scope is required
warnings.warn(msg)
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/2053297
Title:
LDAP keystone.exception.DomainNotFound: Could not find domain:
Status in OpenStack Identity (keystone):
New
Bug description:
Openstack version: 2023.1
Deployment tool: kolla-ansible
OS: Ubuntu 22.04
Integrating keystone with LDAP for Centralized authentication.
# /etc/kolla/config/keystone/domains/keystone.eng.conf
# Ansible managed
[identity]
driver = ldap
domain_config_dir = /etc/keystone/domains
domain_specific_drivers_enabled = True
[assignment]
driver = sql
[ldap]
debug_level = 4095
group_allow_create = False
group_allow_delete = False
group_allow_update = False
group_id_attribute = cn
group_member_attribute = memberof
group_name_attribute = cn
group_objectclass = organizationalUnit
group_tree_dn = cn=groups,cn=compat,dc=example,dc=com
password = XXXXXXXXXXXXXXXXXX
project_allow_create = False
project_allow_delete = False
project_allow_update = False
role_allow_create = False
role_allow_delete = False
role_allow_update = False
suffix = dc=example,dc=com
tls_cacertfile = /etc/keystone/ssl/ipa-ldap.crt
tls_req_cert = allow
url = ldaps://ldap.example.com
use_dump_member = False
use_tls = False
user = uid=svc-openstack,cn=users,cn=accounts,dc=example,dc=com
user_allow_create = False
user_allow_delete = False
user_allow_update = False
user_enabled_attribute = userAccountControl
user_filter = (memberof=cn=openstack-eng,cn=groups,cn=accounts,dc=example,dc=com)
user_id_attribute = cn
user_mail_attribute = mail
user_name_attribute = uid
user_objectclass = person
user_pass_attribute = password
user_tree_dn = cn=users,cn=accounts,dc=example,dc=com
When I list all users from ldap domain I can see list of users in output
# openstack user list --domain eng
+------------------------------------------------------------------+----------------+
| ID | Name |
+------------------------------------------------------------------+----------------+
| 5941b66ab2dd5c288b9c43af63eac64802e7fcc13f93a39341d0972623dea482 | user1 |
| cbadc09bf614aae6cb02ec55a7c0339d23fb23862465006117574856f5a9ea25 | user2 |
| b2c2da99373ad98a4b266fdaba5773ad8284e53b6e6d6814d739a671c57036a1 | user3 |
| 76c268f25474aad5bad0035bec482ada7ceb94f82d8d46b4973091b120d1b925 | spatel |
| 018019fc1b632ea62a339bd6610ef3011dc95aaae01b0b7fa4f72d836c1a816f | user4 |
Same time I am seeing this error in keystone.log file. Thought I
should report the errors.
2024-02-15 20:41:57.658 22 WARNING keystone.common.password_hashing [None req-01863ce5-e57b-41e9-80ec-e994166b9757 - - - - - -] Truncating password to algorithm specific maximum length 72 characters.
2024-02-15 20:42:03.209 25 WARNING keystone.common.rbac_enforcer.enforcer [None req-4f4495f7-2527-4463-84fe-1d795fcb946e f55d38aca4384bfdb32806d5ca452c66 32f16f689e8445e0bf74c59c57096b3a - - default default] Deprecated policy rules found. Use oslopolicy-policy-generator and oslopolicy-policy-upgrade to detect and resolve deprecated policies in your configuration.
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application [None req-4f4495f7-2527-4463-84fe-1d795fcb946e f55d38aca4384bfdb32806d5ca452c66 32f16f689e8445e0bf74c59c57096b3a - - default default] Could not find domain: eng.: keystone.exception.DomainNotFound: Could not find domain: eng.
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application Traceback (most recent call last):
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/keystone/resource/core.py", line 712, in get_domain
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application project = self.driver.get_project(domain_id)
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/keystone/resource/backends/sql.py", line 49, in get_project
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application return self._get_project(session, project_id).to_dict()
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/keystone/resource/backends/sql.py", line 44, in _get_project
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application raise exception.ProjectNotFound(project_id=project_id)
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application keystone.exception.ProjectNotFound: Could not find project: eng.
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application During handling of the above exception, another exception occurred:
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application Traceback (most recent call last):
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/flask/app.py", line 1820, in full_dispatch_request
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application rv = self.dispatch_request()
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/flask/app.py", line 1796, in dispatch_request
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/flask_restful/__init__.py", line 467, in wrapper
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application resp = resource(*args, **kwargs)
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/flask/views.py", line 107, in view
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application return current_app.ensure_sync(self.dispatch_request)(**kwargs)
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/flask_restful/__init__.py", line 582, in dispatch_request
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application resp = meth(*args, **kwargs)
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/keystone/api/domains.py", line 89, in get
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application return self._get_domain(domain_id)
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/keystone/api/domains.py", line 97, in _get_domain
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application domain = PROVIDERS.resource_api.get_domain(domain_id)
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/keystone/common/manager.py", line 115, in wrapped
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application __ret_val = __f(*args, **kwargs)
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/decorator.py", line 232, in fun
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application return caller(func, *(extras + args), **kw)
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/dogpile/cache/region.py", line 1577, in get_or_create_for_user_func
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application return self.get_or_create(
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/dogpile/cache/region.py", line 1042, in get_or_create
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application with Lock(
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/dogpile/lock.py", line 185, in __enter__
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application return self._enter()
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/dogpile/lock.py", line 94, in _enter
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application generated = self._enter_create(value, createdtime)
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/dogpile/lock.py", line 178, in _enter_create
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application return self.creator()
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/dogpile/cache/region.py", line 995, in gen_value
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application created_value = creator(
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application File "/var/lib/kolla/venv/lib/python3.10/site-packages/keystone/resource/core.py", line 718, in get_domain
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application raise exception.DomainNotFound(domain_id=domain_id)
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application keystone.exception.DomainNotFound: Could not find domain: eng.
2024-02-15 20:42:03.225 25 ERROR keystone.server.flask.application
2024-02-15 20:42:08.030 23 WARNING py.warnings [None req-1d1b3838-65b0-4620-8554-eae9b43bd2d8 f55d38aca4384bfdb32806d5ca452c66 32f16f689e8445e0bf74c59c57096b3a - - default default] /var/lib/kolla/venv/lib/python3.10/site-packages/oslo_policy/policy.py:1129: UserWarning: Policy "identity:list_domains": "role:reader and system_scope:all" failed scope check. The token used to make the request was project scoped but the policy requires ['system'] scope. This behavior may change in the future where using the intended scope is required
warnings.warn(msg)
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/2053297/+subscriptions
