Fuel for OpenStack

Heat::keystone::domain is lacking tenant_name

Bug #1468795 reported by Nikita Koshikov on 2015-06-25

6

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Fuel for OpenStack	Fix Released	High	Ivan Berezovskiy	Fuel for OpenStack 7.0
	Mirantis OpenStack	Invalid	High	MOS Heat	Mirantis OpenStack 7.0

Bug Description

In our heat task we use class heat::keystone::domain that invokes:

$cmd_evn = [
    "OS_USERNAME=${keystone_admin}",
    "OS_PASSWORD=${keystone_password}",
    "OS_AUTH_URL=${auth_url}",
    "HEAT_DOMAIN=${domain_name}",
    "HEAT_DOMAIN_ADMIN=${domain_admin}",
    "HEAT_DOMAIN_PASSWORD=${domain_password}"
  ]
  exec { 'heat_domain_create':
    path => '/usr/bin',
    command => 'heat-keystone-setup-domain &>/dev/null',
    environment => $cmd_evn,
    require => Package['heat-common'],
    tries => 10,
    try_sleep => 3
  }

The problem appear when we using keystone + LDAP database for users. heat-keystone-setup-domain ask for token - but do not pass project_name. If we use sql - keystone will pass default value, but for LDAP this doesn't work and require explicit project_name - when requesting token.
Upstream code added support for tenant_name in this commit https://github.com/openstack/heat/commit/501ae172d05c58654bc0c988bc0277a866c235d9.

So we need repack our heat package and sync puppet heat manifest with upstream.
Pupet fix was introduce in this commit https://github.com/openstack/puppet-heat/commit/c280fa550114744adb0b572982c0820ace9b207b

This is latest(GA fuel 6.1 version.

Tags:

Bartłomiej Piotrowski (bpiotrowski) on 2015-06-26

Changed in fuel:
milestone:	none → 7.0
Changed in mos:
milestone:	none → 7.0
assignee:	nobody → MOS Heat (mos-heat)
importance:	Undecided → High
status:	New → Confirmed
Changed in fuel:
status:	New → Triaged
Changed in mos:
status:	Confirmed → Triaged
Changed in fuel:
importance:	Undecided → High
assignee:	nobody → Bartlomiej Piotrowski (bpiotrowski)

Revision history for this message

Bartłomiej Piotrowski (bpiotrowski) wrote on 2015-06-26:

#1

Fix is included in upstream module merge that's on review: https://review.openstack.org/#/c/192714/

Changed in fuel:
assignee:	Bartlomiej Piotrowski (bpiotrowski) → MOS Deployment Team (mos-deployment)
status:	Triaged → In Progress

Ivan Berezovskiy (iberezovskiy) on 2015-06-26

Changed in fuel:
assignee:	MOS Deployment Team (mos-deployment) → Ivan Berezovskiy (iberezovskiy)

Revision history for this message

Sergey Kraynev (skraynev) wrote on 2015-07-01:

#2

According to the bug description this bug affects only Fuel part, so on MOS side bug can be marked as Invalid

Changed in mos:
status:	Triaged → Invalid

Revision history for this message

Bartłomiej Piotrowski (bpiotrowski) wrote on 2015-07-06:

#3

Sergey, this is not true. The bug is valid in both projects, as commit mentioned by Nikita is not present in Heat we ship.

Changed in mos:
status:	Invalid → Confirmed

Revision history for this message

Bartłomiej Piotrowski (bpiotrowski) wrote on 2015-07-06:

#4

Indeed invalid as 7.0 aims for Kilo.

Changed in mos:
status:	Confirmed → Invalid

Ivan Berezovskiy (iberezovskiy) on 2015-07-17

Changed in fuel:
status:	In Progress → Fix Committed

Revision history for this message

Anastasia Kuznetsova (akuznetsova) wrote on 2015-09-08:

#5

Verified on ISO 286

Steps to verify:
root@node-2:~# dpkg -l | grep heat
ii heat-api 2015.1.1-1~u14.04+mos7060 all OpenStack orchestration service - ReST API
ii heat-api-cfn 2015.1.1-1~u14.04+mos7060 all OpenStack orchestration service - CFN API
ii heat-api-cloudwatch 2015.1.1-1~u14.04+mos7060 all OpenStack orchestration service - CloudWatch API
ii heat-common 2015.1.1-1~u14.04+mos7060 all OpenStack orchestration service - common files
ii heat-docker 2015.1.1-1~u14.04+mos7060 all OpenStack orchestration service docker resource
ii heat-engine 2015.1.1-1~u14.04+mos7060 all OpenStack orchestration service - engine
ii python-heat 2015.1.1-1~u14.04+mos7060 all OpenStack orchestration service - Python files
ii python-heatclient 0.4.0-1~u14.04+mos403 all client library and CLI for OpenStack Heat

root@node-2:~# cat /etc/puppet/modules/heat/manifests/keystone/domain.pp | grep -C 10 TENANT_NAME
  $keystone_password = undef,
  $keystone_tenant = undef,
  $domain_name = 'heat',
  $domain_admin = 'heat_admin',
  $domain_password = 'changeme',
) {

include ::heat::params

  $cmd_evn = [
    "OS_TENANT_NAME=${keystone_tenant}",
    "OS_USERNAME=${keystone_admin}",
    "OS_PASSWORD=${keystone_password}",
    "OS_AUTH_URL=${auth_url}",
    "HEAT_DOMAIN=${domain_name}",
    "HEAT_DOMAIN_ADMIN=${domain_admin}",
    "HEAT_DOMAIN_PASSWORD=${domain_password}"
  ]
  exec { 'heat_domain_create':
    path => '/usr/bin',
    command => 'heat-keystone-setup-domain',

Changed in fuel:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.