Requests to Metadata API fail with 500 if Neutron network plugin is used
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Critical
|
Phil Day | ||
Havana |
Fix Released
|
Critical
|
Matt Riedemann |
Bug Description
In TripleO devtest story we are using Nova + Baremetal Driver + Neutron. The provisioned baremetal instance obtains its configuration from Metadata API. Currently all requests to Metadata API fail with error 500.
In nova-api log I can see the following traceback:
2013-11-27 11:44:01,423.423 5895 ERROR nova.api.
2013-11-27 11:44:01,423.423 5895 TRACE nova.api.
2013-11-27 11:44:01,423.423 5895 TRACE nova.api.
2013-11-27 11:44:01,423.423 5895 TRACE nova.api.
2013-11-27 11:44:01,423.423 5895 TRACE nova.api.
2013-11-27 11:44:01,423.423 5895 TRACE nova.api.
2013-11-27 11:44:01,423.423 5895 TRACE nova.api.
2013-11-27 11:44:01,423.423 5895 TRACE nova.api.
2013-11-27 11:44:01,423.423 5895 TRACE nova.api.
2013-11-27 11:44:01,423.423 5895 TRACE nova.api.
2013-11-27 11:44:01,423.423 5895 TRACE nova.api.
2013-11-27 11:44:01,423.423 5895 TRACE nova.api.
2013-11-27 11:44:01,423.423 5895 TRACE nova.api.
2013-11-27 11:44:01,423.423 5895 TRACE nova.api.
2013-11-27 11:44:01,423.423 5895 TRACE nova.api.
Analyzing this issue we found that Metadata API stopped working since change https:/
The commit message looks pretty sane and that fix seems to be the right thing to do, because we don't want to do neutron requests on behalf of neutron service user we have in nova config, but rather on behalf of the admin user instead who made the original request to nova api. So it seems that context.is_admin should be extended to make it possible to distinguish between those two cases of admin users: the real admin users, and the cases when nova api needs to talk to neutron.
The problem is that all metadata queries are handled using default admin context (user and other vars are set to None while is_admin=True), so with https:/
description: | updated |
Changed in nova: | |
status: | New → Confirmed |
importance: | Undecided → High |
Changed in nova: | |
importance: | High → Critical |
Changed in nova: | |
assignee: | nobody → Phil Day (philip-day) |
Changed in nova: | |
milestone: | none → icehouse-1 |
Changed in nova: | |
status: | Fix Committed → Fix Released |
Changed in nova: | |
milestone: | icehouse-1 → 2014.1 |
Also note that the first occurance of this was a
CI job that started at Nov 26 23:00:02 UTC
The Job the kicked off 2 hours previous was ok, its been failing ever sense