Ironic

glanceclient raise HTTPUnauthorized exception

Bug #1266201 reported by Haomeng,Wang on 2014-01-05

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Ironic	Fix Released	High	Chris Krelle	Ironic 2014.1 "icehouse"

Bug Description

With default configurations, our Ironic call glanceclient to get image information, but get HTTPUnauthorized exception as below log messsage:

apply patch - https://review.openstack.org/#/c/61160/

deploy - curl -i -X PUT -H 'Content-Type: application/json' -H 'Accept: application/json' -H 'User-Agent: python-ironicclient' http://127.0.0.1:6385/v1/nodes/7f942ba9-af64-47ef-8c27-ae7870bc30e8/states/provision -d '{"target":"active"}' -H 'X-Auth-Token: MI...'

2014-01-05 03:14:29.458 5267 DEBUG ironic.conductor.manager [req-5cb82e04-0bfd-43d0-8ceb-a9c9de387dcc admin admin] RPC do_node_deploy called for node 7f942ba9-af64-47ef-8c27-ae7870bc30e8. do_node_deploy /opt/stack/ironic/ironic/conductor/manager.py:236
2014-01-05 03:14:29.511 5267 DEBUG ironic.openstack.common.lockutils [req-5cb82e04-0bfd-43d0-8ceb-a9c9de387dcc admin admin] Got semaphore "node_resource" lock /opt/stack/ironic/ironic/openstack/common/lockutils.py:170
2014-01-05 03:14:29.513 5267 DEBUG ironic.openstack.common.lockutils [req-5cb82e04-0bfd-43d0-8ceb-a9c9de387dcc admin admin] Got semaphore / lock "acquire" inner /opt/stack/ironic/ironic/openstack/common/lockutils.py:250
2014-01-05 03:14:29.525 5267 DEBUG ironic.openstack.common.lockutils [req-5cb82e04-0bfd-43d0-8ceb-a9c9de387dcc admin admin] Semaphore / lock released "acquire" inner /opt/stack/ironic/ironic/openstack/common/lockutils.py:254
2014-01-05 03:14:29.533 5267 DEBUG ironic.common.glance_service.base_image_service [-] Getting image metadata from glance. Image: glance://6eee94d7-c870-4f9e-9b59-0d8fec1a24ca _show /opt/stack/ironic/ironic/common/glance_service/base_image_service.py:184
2014-01-05 03:14:29.534 5267 DEBUG glanceclient.common.http [-] curl -i -X HEAD -H 'Content-Type: application/octet-stream' -H 'User-Agent: python-glanceclient' http://192.168.235.131:9292/v1/images/6eee94d7-c870-4f9e-9b59-0d8fec1a24ca log_curl_request /opt/stack/python-glanceclient/glanceclient/common/http.py:142
2014-01-05 03:14:29.539 5267 DEBUG glanceclient.common.http [-]
HTTP/1.1 401 Unauthorized
date: Sat, 04 Jan 2014 19:14:29 GMT
content-length: 0
content-type: text/html; charset=UTF-8
log_http_response /opt/stack/python-glanceclient/glanceclient/common/http.py:152
2014-01-05 03:14:29.540 5267 ERROR glanceclient.common.http [-] Request returned failure status.
2014-01-05 03:14:29.552 5267 DEBUG ironic.openstack.common.lockutils [req-5cb82e04-0bfd-43d0-8ceb-a9c9de387dcc admin admin] Got semaphore "node_resource" lock /opt/stack/ironic/ironic/openstack/common/lockutils.py:170
2014-01-05 03:14:29.553 5267 DEBUG ironic.openstack.common.lockutils [req-5cb82e04-0bfd-43d0-8ceb-a9c9de387dcc admin admin] Got semaphore / lock "release" inner /opt/stack/ironic/ironic/openstack/common/lockutils.py:250
2014-01-05 03:14:29.554 5267 DEBUG ironic.openstack.common.lockutils [req-5cb82e04-0bfd-43d0-8ceb-a9c9de387dcc admin admin] Semaphore / lock released "release" inner /opt/stack/ironic/ironic/openstack/common/lockutils.py:254
2014-01-05 03:14:29.574 5267 ERROR ironic.openstack.common.rpc.amqp [req-5cb82e04-0bfd-43d0-8ceb-a9c9de387dcc admin admin] Exception during message handling
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp Traceback (most recent call last):
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp File "/opt/stack/ironic/ironic/openstack/common/rpc/amqp.py", line 434, in _process_data
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp **args)
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp File "/opt/stack/ironic/ironic/openstack/common/rpc/dispatcher.py", line 172, in dispatch
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp result = getattr(proxyobj, method)(ctxt, **kwargs)
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp File "/opt/stack/ironic/ironic/conductor/manager.py", line 267, in do_node_deploy
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp node['target_provision_state'] = states.NOSTATE
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp File "/opt/stack/ironic/ironic/openstack/common/excutils.py", line 70, in __exit__
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp six.reraise(self.type_, self.value, self.tb)
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp File "/opt/stack/ironic/ironic/conductor/manager.py", line 261, in do_node_deploy
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp task.driver.deploy.prepare(task, node)
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp File "/opt/stack/ironic/ironic/drivers/modules/pxe.py", line 538, in prepare
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp pxe_info = _get_tftp_image_info(node)
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp File "/opt/stack/ironic/ironic/drivers/modules/pxe.py", line 400, in _get_tftp_image_info
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp iproperties = glance_service.show(d_info['image_source'])['properties']
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp File "/opt/stack/ironic/ironic/common/glance_service/v1/image_service.py", line 30, in show
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp return self._show(image_id, method='get')
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp File "/opt/stack/ironic/ironic/common/glance_service/base_image_service.py", line 86, in wrapper
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp return func(self, *args, **kwargs)
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp File "/opt/stack/ironic/ironic/common/glance_service/base_image_service.py", line 188, in _show
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp image = self.call(method, image_id)
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp File "/opt/stack/ironic/ironic/common/glance_service/base_image_service.py", line 121, in call
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp return getattr(self.client.images, method)(*args, **kwargs)
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp File "/opt/stack/python-glanceclient/glanceclient/v1/images.py", line 114, in get
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp % urllib.quote(str(image_id)))
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp File "/opt/stack/python-glanceclient/glanceclient/common/http.py", line 289, in raw_request
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp return self._http_request(url, method, **kwargs)
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp File "/opt/stack/python-glanceclient/glanceclient/common/http.py", line 249, in _http_request
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp raise exc.from_response(resp, body_str)
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp HTTPUnauthorized: HTTPUnauthorized (HTTP 401)
2014-01-05 03:14:29.574 5267 TRACE ironic.openstack.common.rpc.amqp

However glance CLI works fine with same env:

See original description

Haomeng,Wang (whaom) on 2014-01-05

description:

updated

Revision history for this message

Haomeng,Wang (whaom) wrote on 2014-01-06:

I think our Ironic did not enable keystone client to get token first, then to pass the token to glance client to get permission.

Revision history for this message

aeva black (tenbrae) wrote on 2014-01-10:

It looks like ironic.common.glance_service is not passing (or perhaps not receiving) the context.auth_token properly...

Changed in ironic:
status:	New → Triaged
importance:	Undecided → High
milestone:	none → icehouse-2

Ghe Rivero (ghe.rivero) on 2014-01-10

Changed in ironic:
assignee:	nobody → Ghe Rivero (ghe.rivero)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-01-10: Fix proposed to ironic (master)

Fix proposed to branch: master
Review: https://review.openstack.org/66008

Changed in ironic:
status:	Triaged → In Progress

OpenStack Infra (hudson-openstack) on 2014-01-10

Changed in ironic:
assignee:	Ghe Rivero (ghe.rivero) → Chris Krelle (nobodycam)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-01-10: Fix merged to ironic (master)

Reviewed: https://review.openstack.org/66008
Committed: https://git.openstack.org/cgit/openstack/ironic/commit/?id=79b12ab21c1f2eca2dde5b60a87dc4f0dc1f4d9e
Submitter: Jenkins
Branch: master

commit 79b12ab21c1f2eca2dde5b60a87dc4f0dc1f4d9e
Author: Ghe Rivero <email address hidden>
Date: Fri Jan 10 16:32:36 2014 +0000

Use correct auth context inside pxe driver

    Until now, general auth context was used inside the pxe driver
    making it fail when authenticating against glance. We should be using
    instead task.context

Change-Id: I173b912c67ab77dda433d2f1f93e674852b7d054
Closes-Bug: #1266201

Changed in ironic:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2014-01-22

Changed in ironic:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2014-04-17

Changed in ironic:
milestone:	icehouse-2 → 2014.1

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.