Bug #1459629 “security group list always uses identity admin end...” : Bugs : python-openstackclient

Terry Howe (thowe-g) on 2015-05-28

Changed in python-openstackclient:
assignee:	nobody → Terry Howe (thowe-g)
status:	New → Confirmed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-05-28: Fix proposed to python-openstackclient (master)

#1

Fix proposed to branch: master
Review: https://review.openstack.org/186385

Changed in python-openstackclient:
status:	Confirmed → In Progress

Revision history for this message

Terry Howe (thowe-g) wrote on 2015-05-28:

#2

A stack trace or more detail on the failure would help, but I get a 404 when I run that. I added the 404 to the ignore exceptions on that.

Revision history for this message

Jan Klare (j-klare) wrote on 2015-06-01:

#3

Download full text (14.1 KiB)

Hi,

here a debug trace of what happens:

(openstack_clients)jklare@Jans-MacBook-Pro ~ $ openstack --debug security group list

DEBUG: openstackclient.shell options: Namespace(auth_type='', auth_url='https://public.de:4430/v2.0', cloud='', debug=True, deferred_help=False, domain_id='', domain_name='', endpoint='', insecure=None, log_file=None, os_cacert='', os_compute_api_version='2', os_default_domain='default', os_identity_api_version='2', os_image_api_version='1', os_n
etwork_api_version='2', os_object_api_version='1', os_project_id=None, os_project_name=None, os_volume_api_version='1', password='somepassword', project_domain_id='', project_domain_name='', project_id='', project_name='xion', region_name='RegionOne', timing=False, token='', trust_id='', url='', user_domain_id='', user_domain_name='', user_id='', username='j
.<email address hidden>', verbose_level=3, verify=None)
DEBUG: openstackclient.shell defaults: {'auth_type': 'osc_password', 'image_api_version': '1', 'compute_api_version': '2', 'database_api_version': '1.0', 'baremetal_api_version': '1', 'identity_api_version': '2', 'volume_api_version': '1', 'image_api_use_tasks': False, 'floating_ip_source': 'neutron', 'network_api_version': '2', 'object_api_version': '1'}
DEBUG: openstackclient.shell cloud cfg: {'auth_type': 'osc_password', 'compute_api_version': '2', 'database_api_version': '1.0', 'network_api_version': '2', 'object_api_version': '1', 'image_api_version': '1', 'verbose_level': 3, 'region_name': 'RegionOne', 'baremetal_api_version': '1', 'auth': {'username': '<email address hidden>', 'password': 'somepassword', 'pr
oject_name': 'xion', 'auth_url': 'https://public.de:4430/v2.0'}, 'default_domain': 'default', 'image_api_use_tasks': False, 'floating_ip_source': 'neutron', 'timing': False, 'deferred_help': False, 'identity_api_version': '2', 'volume_api_version': '1', 'debug': True}
DEBUG: openstackclient.shell compute API version 2, cmd group openstack.compute.v2
DEBUG: openstackclient.shell network API version 2, cmd group openstack.network.v2
DEBUG: openstackclient.shell image API version 1, cmd group openstack.image.v1
DEBUG: openstackclient.shell volume API version 1, cmd group openstack.volume.v1
DEBUG: openstackclient.shell identity API version 2, cmd group openstack.identity.v2
DEBUG: openstackclient.shell object_store API version 1, cmd group openstack.object_store.v1
INFO: openstackclient.shell command: security group list -> openstackclient.compute.v2.security_group.ListSecurityGroup
DEBUG: openstackclient.api.auth Auth plugin osc_password selected
DEBUG: openstackclient.api.auth auth_type: osc_password
INFO: openstackclient.common.clientmanager Using auth plugin: osc_password
DEBUG: openstackclient.common.clientmanager Get auth_ref
DEBUG: keystoneclient.session REQ: curl -g -i -X GET https://public.de:4430/v2.0 -H "Accept: application/json" -H "User-Agent: python-openstackclient"
INFO: requests.packages.urllib3.connectionpool Starting new HTTPS connection (1): public.de
DEBUG: requests.packages.urllib3.connectionpool "GET /v2.0 HTTP/1.1" 200 629
DEBUG: keystoneclient.session RESP: [200] content-length: 629 vary: X-Auth-Token keep-alive: timeout=5, max=100 connection: Keep...

Hi,

here a debug trace of what happens:

(openstack_clients)jklare@Jans-MacBook-Pro ~ $ openstack --debug security group list

DEBUG: openstackclient.shell options: Namespace(auth_type='', auth_url='https://public.de:4430/v2.0', cloud='', debug=True, deferred_help=False, domain_id='', domain_name='', endpoint='', insecure=None, log_file=None, os_cacert='', os_compute_api_version='2', os_default_domain='default', os_identity_api_version='2', os_image_api_version='1', os_n
etwork_api_version='2', os_object_api_version='1', os_project_id=None, os_project_name=None, os_volume_api_version='1', password='somepassword', project_domain_id='', project_domain_name='', project_id='', project_name='xion', region_name='RegionOne', timing=False, token='', trust_id='', url='', user_domain_id='', user_domain_name='', user_id='', username='j
.klare@x-ion.de', verbose_level=3, verify=None)
DEBUG: openstackclient.shell defaults: {'auth_type': 'osc_password', 'image_api_version': '1', 'compute_api_version': '2', 'database_api_version': '1.0', 'baremetal_api_version': '1', 'identity_api_version': '2', 'volume_api_version': '1', 'image_api_use_tasks': False, 'floating_ip_source': 'neutron', 'network_api_version': '2', 'object_api_version': '1'}
DEBUG: openstackclient.shell cloud cfg: {'auth_type': 'osc_password', 'compute_api_version': '2', 'database_api_version': '1.0', 'network_api_version': '2', 'object_api_version': '1', 'image_api_version': '1', 'verbose_level': 3, 'region_name': 'RegionOne', 'baremetal_api_version': '1', 'auth': {'username': 'j.klare@x-ion.de', 'password': 'somepassword', 'pr
oject_name': 'xion', 'auth_url': 'https://public.de:4430/v2.0'}, 'default_domain': 'default', 'image_api_use_tasks': False, 'floating_ip_source': 'neutron', 'timing': False, 'deferred_help': False, 'identity_api_version': '2', 'volume_api_version': '1', 'debug': True}
DEBUG: openstackclient.shell compute API version 2, cmd group openstack.compute.v2
DEBUG: openstackclient.shell network API version 2, cmd group openstack.network.v2
DEBUG: openstackclient.shell image API version 1, cmd group openstack.image.v1
DEBUG: openstackclient.shell volume API version 1, cmd group openstack.volume.v1
DEBUG: openstackclient.shell identity API version 2, cmd group openstack.identity.v2
DEBUG: openstackclient.shell object_store API version 1, cmd group openstack.object_store.v1
INFO: openstackclient.shell command: security group list -> openstackclient.compute.v2.security_group.ListSecurityGroup
DEBUG: openstackclient.api.auth Auth plugin osc_password selected
DEBUG: openstackclient.api.auth auth_type: osc_password
INFO: openstackclient.common.clientmanager Using auth plugin: osc_password
DEBUG: openstackclient.common.clientmanager Get auth_ref
DEBUG: keystoneclient.session REQ: curl -g -i -X GET https://public.de:4430/v2.0 -H "Accept: application/json" -H "User-Agent: python-openstackclient"
INFO: requests.packages.urllib3.connectionpool Starting new HTTPS connection (1): public.de
DEBUG: requests.packages.urllib3.connectionpool "GET /v2.0 HTTP/1.1" 200 629
DEBUG: keystoneclient.session RESP: [200] content-length: 629 vary: X-Auth-Token keep-alive: timeout=5, max=100 connection: Keep-Alive date: Mon, 01 Jun 2015 13:03:54 GMT content-type: application/json
RESP BODY: {"version": {"status": "stable", "updated": "2014-04-17T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v2.0+json"}, {"base": "application/xml", "type": "application/vnd.openstack.identity-v2.0+xml"}], "id": "v2.0", "links": [{"href": "https://public.de:4430/v2.0/", "rel": "self"}, {
"href": "http://docs.openstack.org/api/openstack-identity-service/2.0/content/", "type": "text/html", "rel": "describedby"}, {"href": "http://docs.openstack.org/api/openstack-identity-service/2.0/identity-dev-guide-2.0.pdf", "type": "application/pdf", "rel": "describedby"}]}}

DEBUG: keystoneclient.auth.identity.v2 Making authentication request to https://public.de:4430/v2.0/tokens
DEBUG: requests.packages.urllib3.connectionpool "POST /v2.0/tokens HTTP/1.1" 200 10774
DEBUG: openstackclient.compute.v2.security_group.ListSecurityGroup take_action(Namespace(all_projects=False, columns=[], formatter='table', max_width=0, quote_mode='nonnumeric'))
DEBUG: openstackclient.compute.client Instantiating compute client: <class 'novaclient.v2.client.Client'>
DEBUG: keystoneclient.auth.identity.v2 Making authentication request to https://public.de:4430/v2.0/tokens
DEBUG: requests.packages.urllib3.connectionpool "POST /v2.0/tokens HTTP/1.1" 200 10774
DEBUG: keystoneclient.session REQ: curl -g -i -X GET https://public.de:4434/v2/d573fe4fe3f5426fbcd212ca129a9e3e/os-security-groups -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: TOKEN"
INFO: requests.packages.urllib3.connectionpool Starting new HTTPS connection (1): public.de
DEBUG: requests.packages.urllib3.connectionpool "GET /v2/d573fe4fe3f5426fbcd212ca129a9e3e/os-security-groups HTTP/1.1" 200 3287
DEBUG: keystoneclient.session RESP: [200] content-length: 3287 x-compute-request-id: req-45b3a65e-ef75-49dc-b659-3843e0f3ccd6 keep-alive: timeout=5, max=100 connection: Keep-Alive date: Mon, 01 Jun 2015 13:03:54 GMT content-type: application/json
RESP BODY: {"security_groups": [{"rules": [{"from_port": -1, "group": {}, "ip_protocol": "icmp", "to_port": -1, "parent_group_id": "735f1d59-63a4-4156-a8b7-8c725305b4f9", "ip_range": {"cidr": "0.0.0.0/0"}, "id": "50c2001a-d693-42f0-b95b-1f2161d59d14"}, {"from_port": 1, "group": {}, "ip_protocol": "udp", "to_port": 65535, "parent_group_id": "735f1d59-63a4-4156-a8
b7-8c725305b4f9", "ip_range": {"cidr": "0.0.0.0/0"}, "id": "72ad5d51-d7bd-4b6b-94cc-076551a21a5b"}, {"from_port": 1, "group": {}, "ip_protocol": "tcp", "to_port": 65535, "parent_group_id": "735f1d59-63a4-4156-a8b7-8c725305b4f9", "ip_range": {"cidr": "0.0.0.0/0"}, "id": "fa396b1c-70c6-4d9f-a725-668addf0c9c4"}], "tenant_id": "d573fe4fe3f5426fbcd212ca129a9e3e", "id
": "735f1d59-63a4-4156-a8b7-8c725305b4f9", "name": "OoO", "description": "Openstack on Openstack"}, {"rules": [{"from_port": 80, "group": {}, "ip_protocol": "tcp", "to_port": 80, "parent_group_id": "93801a9a-6bb4-43c3-8621-a296a98b4a65", "ip_range": {"cidr": "0.0.0.0/0"}, "id": "d0787b47-db4b-4d98-82fc-25f80176a7a9"}, {"from_port": 443, "group": {}, "ip_protocol
": "tcp", "to_port": 443, "parent_group_id": "93801a9a-6bb4-43c3-8621-a296a98b4a65", "ip_range": {"cidr": "0.0.0.0/0"}, "id": "de6c1a56-1753-4c73-8c2f-55e697c823be"}], "tenant_id": "d573fe4fe3f5426fbcd212ca129a9e3e", "id": "93801a9a-6bb4-43c3-8621-a296a98b4a65", "name": "Webserver", "description": "Ports for Webserver"}, {"rules": [{"from_port": 5000, "group": {
}, "ip_protocol": "tcp", "to_port": 5000, "parent_group_id": "d53b46b6-77be-4ec7-a888-f88e7908e093", "ip_range": {"cidr": "0.0.0.0/0"}, "id": "d7e7f22e-e25c-4060-99a0-385821213308"}], "tenant_id": "d573fe4fe3f5426fbcd212ca129a9e3e", "id": "d53b46b6-77be-4ec7-a888-f88e7908e093", "name": "coreostesting", "description": "opens some ports NOT SECURE AT ALL"}, {"rule
s": [{"from_port": 0, "group": {}, "ip_protocol": "icmp", "to_port": 0, "parent_group_id": "472097c6-790c-4f11-827c-ee9af97679af", "ip_range": {"cidr": "0.0.0.0/0"}, "id": "44dee61a-dcff-488c-b50e-2aa882696f02"}, {"from_port": null, "group": {"tenant_id": "d573fe4fe3f5426fbcd212ca129a9e3e", "name": "default"}, "ip_protocol": null, "to_port": null, "parent_group_
id": "472097c6-790c-4f11-827c-ee9af97679af", "ip_range": {}, "id": "aa26a71c-3e21-4120-81e9-574c2d1cf883"}, {"from_port": null, "group": {"tenant_id": "d573fe4fe3f5426fbcd212ca129a9e3e", "name": "default"}, "ip_protocol": null, "to_port": null, "parent_group_id": "472097c6-790c-4f11-827c-ee9af97679af", "ip_range": {}, "id": "ab850511-b456-4a6c-8314-3262e17c4cbd"
}, {"from_port": 22, "group": {}, "ip_protocol": "tcp", "to_port": 22, "parent_group_id": "472097c6-790c-4f11-827c-ee9af97679af", "ip_range": {"cidr": "0.0.0.0/0"}, "id": "bc15cad7-e647-4509-a823-f0ee580c5552"}], "tenant_id": "d573fe4fe3f5426fbcd212ca129a9e3e", "id": "472097c6-790c-4f11-827c-ee9af97679af", "name": "default", "description": "default"}, {"rules":
[{"from_port": 6743, "group": {}, "ip_protocol": "tcp", "to_port": 6743, "parent_group_id": "4e343552-359d-4045-b6b8-6966f93e3526", "ip_range": {"cidr": "0.0.0.0/0"}, "id": "4515615c-d5ca-4f16-a5ec-653d212e1fe5"}], "tenant_id": "d573fe4fe3f5426fbcd212ca129a9e3e", "id": "4e343552-359d-4045-b6b8-6966f93e3526", "name": "janssuperunsecurestuff", "description": "jans
superunsecurestuff"}]}

DEBUG: openstackclient.identity.client Instantiating identity client: <class 'openstackclient.identity.client.IdentityClientv2'>
DEBUG: keystoneclient.session REQ: curl -g -i -X GET https://internal.de:4431/ -H "Accept: application/json" -H "User-Agent: python-openstackclient"
INFO: requests.packages.urllib3.connectionpool Starting new HTTPS connection (1): internal.de
WARNING: keystoneclient.auth.identity.base Failed to contact the endpoint at https://internal.de:4431/v2.0 for discovery. Fallback to using that endpoint as the base url.
DEBUG: keystoneclient.session REQ: curl -g -i -X GET https://internal.de:4431/v2.0/tenants -H "User-Agent: python-keystoneclient" -H "Accept: application/json" -H "X-Auth-Token: TOKEN"
INFO: requests.packages.urllib3.connectionpool Starting new HTTPS connection (2): internal.de
ERROR: openstack Unable to establish connection to https:/internal.de:4431/v2.0/tenants
Traceback (most recent call last):
  File "/Users/jklare/venvs/openstack_clients/lib/python2.7/site-packages/cliff/app.py", line 310, in run_subcommand
    result = cmd.run(parsed_args)
  File "/Users/jklare/venvs/openstack_clients/lib/python2.7/site-packages/cliff/display.py", line 92, in run
    column_names, data = self.take_action(parsed_args)
  File "/Users/jklare/venvs/openstack_clients/lib/python2.7/site-packages/openstackclient/compute/v2/security_group.py", line 163, in take_action
    projects = self.app.client_manager.identity.projects.list()
  File "/Users/jklare/venvs/openstack_clients/lib/python2.7/site-packages/keystoneclient/v2_0/tenants.py", line 123, in list
    tenant_list = self._list('/tenants%s' % query, 'tenants')
  File "/Users/jklare/venvs/openstack_clients/lib/python2.7/site-packages/keystoneclient/base.py", line 113, in _list
    resp, body = self.client.get(url, **kwargs)
  File "/Users/jklare/venvs/openstack_clients/lib/python2.7/site-packages/keystoneclient/adapter.py", line 170, in get
    return self.request(url, 'GET', **kwargs)
  File "/Users/jklare/venvs/openstack_clients/lib/python2.7/site-packages/keystoneclient/adapter.py", line 206, in request
    resp = super(LegacyJsonAdapter, self).request(*args, **kwargs)
  File "/Users/jklare/venvs/openstack_clients/lib/python2.7/site-packages/keystoneclient/adapter.py", line 95, in request
    return self.session.request(url, method, **kwargs)
  File "/Users/jklare/venvs/openstack_clients/lib/python2.7/site-packages/openstackclient/common/session.py", line 40, in request
    resp = super(TimingSession, self).request(url, method, **kwargs)
  File "/Users/jklare/venvs/openstack_clients/lib/python2.7/site-packages/keystoneclient/utils.py", line 318, in inner
    return func(*args, **kwargs)
  File "/Users/jklare/venvs/openstack_clients/lib/python2.7/site-packages/keystoneclient/session.py", line 382, in request
    resp = send(**kwargs)
  File "/Users/jklare/venvs/openstack_clients/lib/python2.7/site-packages/keystoneclient/session.py", line 426, in _send_request
    raise exceptions.ConnectionRefused(msg)
ConnectionRefused: Unable to establish connection to https://internal.de:4431/v2.0/tenants
DEBUG: openstackclient.shell clean_up ListSecurityGroup: Unable to establish connection to https://internal.de:4431/v2.0/tenants
ERROR: openstackclient.shell Traceback (most recent call last):
  File "/Users/jklare/venvs/openstack_clients/lib/python2.7/site-packages/openstackclient/shell.py", line 152, in run
    return super(OpenStackShell, self).run(argv)
  File "/Users/jklare/venvs/openstack_clients/lib/python2.7/site-packages/cliff/app.py", line 242, in run
    result = self.run_subcommand(remainder)
  File "/Users/jklare/venvs/openstack_clients/lib/python2.7/site-packages/cliff/app.py", line 310, in run_subcommand
    result = cmd.run(parsed_args)
  File "/Users/jklare/venvs/openstack_clients/lib/python2.7/site-packages/cliff/display.py", line 92, in run
    column_names, data = self.take_action(parsed_args)
  File "/Users/jklare/venvs/openstack_clients/lib/python2.7/site-packages/openstackclient/compute/v2/security_group.py", line 163, in take_action
    projects = self.app.client_manager.identity.projects.list()
  File "/Users/jklare/venvs/openstack_clients/lib/python2.7/site-packages/keystoneclient/v2_0/tenants.py", line 123, in list
    tenant_list = self._list('/tenants%s' % query, 'tenants')
  File "/Users/jklare/venvs/openstack_clients/lib/python2.7/site-packages/keystoneclient/base.py", line 113, in _list
    resp, body = self.client.get(url, **kwargs)
  File "/Users/jklare/venvs/openstack_clients/lib/python2.7/site-packages/keystoneclient/adapter.py", line 170, in get
    return self.request(url, 'GET', **kwargs)
  File "/Users/jklare/venvs/openstack_clients/lib/python2.7/site-packages/keystoneclient/adapter.py", line 206, in request
    resp = super(LegacyJsonAdapter, self).request(*args, **kwargs)
  File "/Users/jklare/venvs/openstack_clients/lib/python2.7/site-packages/keystoneclient/adapter.py", line 95, in request
    return self.session.request(url, method, **kwargs)
  File "/Users/jklare/venvs/openstack_clients/lib/python2.7/site-packages/openstackclient/common/session.py", line 40, in request
    resp = super(TimingSession, self).request(url, method, **kwargs)
  File "/Users/jklare/venvs/openstack_clients/lib/python2.7/site-packages/keystoneclient/utils.py", line 318, in inner
    return func(*args, **kwargs)
  File "/Users/jklare/venvs/openstack_clients/lib/python2.7/site-packages/keystoneclient/session.py", line 382, in request
    resp = send(**kwargs)
  File "/Users/jklare/venvs/openstack_clients/lib/python2.7/site-packages/keystoneclient/session.py", line 426, in _send_request
    raise exceptions.ConnectionRefused(msg)
ConnectionRefused: Unable to establish connection to https://internal.de:4431/v2.0/tenants

(openstack_clients)jklare@Jans-MacBook-Pro ~ $

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-06-03: Fix merged to python-openstackclient (master)

#4

Reviewed: https://review.openstack.org/186385
Committed: https://git.openstack.org/cgit/openstack/python-openstackclient/commit/?id=b2cf651100b2a6dc1b934b86390eff94ef9f8fdc
Submitter: Jenkins
Branch: master

commit b2cf651100b2a6dc1b934b86390eff94ef9f8fdc
Author: TerryHowe <email address hidden>
Date: Thu May 28 07:27:24 2015 -0600

Fix security group list command

    Security group list command tries to get a project list and
    this may fail with a multitude of exceptions including but
    not limited to 401, 404, ConnectionRefused and EndpointNotFound.
    Rather than try to capture every possibility, this patch just
    catches the base class. Converting project ids to names is
    less important than having a working security group list command.

Change-Id: I68214d2680bad907f9d04ad3ca2f62cf3feee028
Closes-Bug: #1459629

Changed in python-openstackclient:
status:	In Progress → Fix Committed

Dean Troyer (dtroyer) on 2015-06-03

Changed in python-openstackclient:
milestone:	none → m12

Steve Martinelli (stevemar) on 2015-06-15

Changed in python-openstackclient:
importance:	Undecided → Medium
status:	Fix Committed → Fix Released

python-openstackclient

security group list always uses identity admin endpoint

Bug Description

Other bug subscribers

Remote bug watches