Upstream update for h.2 causes keystone error
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cisco Openstack |
Fix Released
|
High
|
Mark T. Voelker | ||
Havana |
Fix Released
|
High
|
Mark T. Voelker |
Bug Description
After h.1 was cut we pulled in updates to several puppet modules from upstream during feature development work. AIO nodes (at least) now throw a keystone error near the end of the catalog run:
Debug: Executing '/usr/bin/keystone --endpoint http://
Debug: Executing '/usr/bin/keystone --endpoint http://
Error: /Stage[
At first glance it looks as if this command is incomplete (no tenant-id specified), but needs a closer look to see why that might be happening. The command originates in puppet-keystone's lib/puppet/
Changed in openstack-cisco: | |
importance: | Undecided → High |
A few notes:
1.) Ignore the bit above about no tenant-id being specified. I think that's just log truncation, as the error would be very different if that were what was actually going on:
root@control01: /usr/share/ puppet/ modules/ keystone# /usr/bin/keystone --endpoint http:// 127.0.0. 1:35357/ v2.0/ user-role-list --user-id 81b61a28cb6b445 ca3c9160f23c482 36 --tenant-id --tenant- id: expected one argument /usr/share/ puppet/ modules/ keystone#
usage: keystone user-role-list [--user <user>] [--tenant <tenant>]
keystone user-role-list: error: argument --tenant/
root@control01:
2.) This could be related to an old-but- not-yet- fixed python- keystoneclient bug:
https:/ /bugs.launchpad .net/python- keystoneclient/ +bug/1058750
3.) Digging a bit, the --user-id argument in the command is the admin user (which the error message itself also indicates). The missing tenant_id that got truncated out of the message could be for either the 'openstack' or 'services' tenants (the only two that exist on the system at the time). From the error message we know it's the former. Note also that both the admin and service tenants do exist, as does the admin user, and the admin user is assigned to the _member_ role:
root@control01:~# /usr/bin/keystone --endpoint http:// 127.0.0. 1:35357/ v2.0/ user-list ------- ------- ------- ------- +------ ------+ ------- --+---- ------- ------- --+ ------- ------- ------- ------- +------ ------+ ------- --+---- ------- ------- --+ 595d1cd109c9db4 41 | admin | True | root@localhost | c90e0c51c8bdf38 27 | ceilometer | True | root@localhost | 4b6864abb63f022 24 | cinder | True | cinder@localhost | 3991de927237a8a 36 | glance | True | glance@localhost | bbc512e92c44ca7 5a | heat | True | heat@localhost | 694d1859e20bbd6 5f | heat-cfn | True | heat-cfn@localhost | 1aabff86f860122 c5 | neutron | True | neutron@localhost | 7b4a662c55ee6b1 a4 | nova | True | nova@localhost | 09c1ce79fed5fe2 32 | swift | True | swift@localhost | ------- ------- ------- ------- +------ ------+ ------- --+---- ------- ------- --+ 127.0.0. 1:35357/ v2.0/ tenant-list ------- ------- ------- ------- +------ -----+- ------- -+ ------- ------- ------- ------- +------ -----+- ------- -+ 4a3267ea96298d2 bb | openstack | True | 4a0d33a48712eb8 2e | services | True | ------- ------- ------- ------- +------ -----+- ------- -+ 127.0.0. 1:35357/ v2.0/ role-list
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+------
| id | name | enabled | email |
+------
| 5d4c0ea62e1e403
| fafbfe1716ba4d2
| e6184021519f457
| efa487e0eb3e4bf
| 431e72e0982f485
| b914db6256f0493
| 0e717c467ecb474
| 78cb3f44f1e2434
| e8fcb0bf580e4b6
+------
root@control01:~# /usr/bin/keystone --endpoint http://
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+------
| id | name | enabled |
+------
| 6b250e187fd44d8
| 446d49a370fc481
+------
root@control01:~# /usr/bin/keystone --endpoint http://
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+----...