Heat (juno) failing to log authentication errors

Bug #1450923 reported by Lars Kellogg-Stedman
20
This bug affects 4 people
Affects Status Importance Assigned to Milestone
OpenStack Heat
Fix Released
Medium
Rakesh H S
Juno
Fix Released
Undecided
Unassigned

Bug Description

I am trying to create a very simple stack from the following template:

    heat_template_version: 2013-05-23

    resources:

      my_key:
        type: "OS::Nova::KeyPair"
        properties:
          name: mykey
          public_key: ...key data here...

The one resources gets as far as INIT_COMPLETE, then no further
progress happens with the stack create:

    $ heat resource-list keypairs
    +---------------+----------------------+-------------------+-----------------+----------------------+
    | resource_name | physical_resource_id | resource_type | resource_status | updated_time |
    +---------------+----------------------+-------------------+-----------------+----------------------+
    | my_key | | OS::Nova::KeyPair | INIT_COMPLETE | 2015-05-01T19:58:12Z |
    +---------------+----------------------+-------------------+-----------------+----------------------+

The heat-engine log only contains the following:

    INFO heat.engine.service [req-7792b333-5a8b-4476-96c0-562bb1d2a80b None] Creating stack keypairs
    INFO heat.engine.resource [req-7792b333-5a8b-4476-96c0-562bb1d2a80b None] Validating KeyPair "my_key"

If I enable debug logging, I get:

    DEBUG keystoneclient.auth.identity.v3 [-] Making authentication request to http://127.0.0.1:35357/v3/auth/tokens get_auth_ref /usr/lib/python2.7/site-packages/keystoneclient/auth/identity/v3.py:117
    DEBUG keystoneclient.session [-] Request returned failure status: 401 request /usr/lib/python2.7/site-packages/keystoneclient/session.py:345
    DEBUG keystoneclient.v3.client [-] Authorization failed. get_raw_token_from_identity_service /usr/lib/python2.7/site-packages/keystoneclient/v3/client.py:267

In turns out this was a bad stack_domain_admin_password.

So, the bug as I see it is:

- An authentication failure should get logged at something higher than
  DEBUG priority.
- An authentication failure should probably put the stack into
  CREATE_FAILED state.

Changed in heat:
status: New → Triaged
importance: Undecided → Medium
Rakesh H S (rh-s)
Changed in heat:
assignee: nobody → Rakesh H S (rh-s)
Revision history for this message
sara (ichi-sara) wrote :

i'm running through the same issue? Any idea how to fix this authentication prob?

Revision history for this message
Marcel Jordan (mortzel) wrote :

Same Problem here when using Keystone v3 with multi-domain-driver in Juno on Centos 7.

default -> SQL -> Services and Heat
dom -> LDAP -> User

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to heat (stable/juno)

Fix proposed to branch: stable/juno
Review: https://review.openstack.org/214165

Rakesh H S (rh-s)
Changed in heat:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to heat (stable/juno)

Reviewed: https://review.openstack.org/214165
Committed: https://git.openstack.org/cgit/openstack/heat/commit/?id=46bef7ae3bbff3abcfc36a173e86636791d218ed
Submitter: Jenkins
Branch: stable/juno

commit 46bef7ae3bbff3abcfc36a173e86636791d218ed
Author: Ethan Lynn <email address hidden>
Date: Wed Nov 12 14:01:19 2014 +0800

    Catch v3 keystone unauthorized error when creating stack

    If v3 keystone unauthorized error raise during creating stack,
    then this stack will remaid in status of create_in_progress. This
    patch modify heat keystoneclient to catch unauthorized error and
    set stack status to failed.

    Closes-Bug: #1376213
    Closes-Bug: #1450923
    Change-Id: I9a34c20fc6ac3ce235aaba4eac25a6d5ceb43f5f
    (cherry picked from commit dca8e37e651c32aca7224fda208e1241efbf23f2)

tags: added: in-stable-juno
Rakesh H S (rh-s)
Changed in heat:
status: In Progress → Fix Committed
Changed in heat:
milestone: none → liberty-3
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in heat:
milestone: liberty-3 → 5.0.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.