OpenStack Heat

RDS DBInstance cfn-init error on creation

Bug #1097362 reported by Steven Hardy
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Heat
Fix Released
Medium
Steven Hardy
OpenStack Heat 2013.1 "grizzly"
Grizzly
Fix Released
Medium
Steven Hardy
OpenStack Heat grizzly-2 "g2"

Bug Description

The RDS DBInstance nested template specifies --access-key/--secret-key as parameters to cfn-init, which means that cfn-init attempts to retrieve resource metadata via the CFN API for the nested stack.

However this causes an error because we don't allow retrieval of (internally defined) nested-stack resources via the CFN API, so we should remove these credentials, which will make cfn-init use the data provided via nova user-data in /var/lib/cloud/data/cfn-init-data (which is does anyway after failing to retrieve the metadata from the CFN API, but we get an ugly traceback in the engine log and a potentially confusing error in the heat-provision.log)

Steven Hardy (shardy)
Changed in heat:
status: New → Triaged
importance: Undecided → Medium
assignee: nobody → Steven Hardy (shardy)
milestone: none → grizzly-2
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to heat (master)

Fix proposed to branch: master
Review: https://review.openstack.org/19227

Changed in heat:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to heat (master)

Reviewed: https://review.openstack.org/19227
Committed: http://github.com/openstack/heat/commit/5fedcd1ce0dac22a947bd1c6d306ef58fb377145
Submitter: Jenkins
Branch: master

commit 5fedcd1ce0dac22a947bd1c6d306ef58fb377145
Author: Steven Hardy <email address hidden>
Date: Tue Jan 8 19:21:56 2013 +0000

    heat engine : DBInstance don't pass credentials to cfn-init

    Don't create user/accesskey and pass them to cfn-init as resource
    metadata for internal nested stacks is not available via the cfn API
    so passing them causes an error in the engine logs (and creates some
    unnecessary keystone credentials)

    fixes bug 1097362

    Change-Id: If2fe484d834e3e5730b21a18c363a5bf5a4c45f6
    Signed-off-by: Steven Hardy <email address hidden>

Changed in heat:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in heat:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in heat:
milestone: grizzly-2 → 2013.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.