Mirantis OpenStack

Heat doesn't pass user/password to services

Bug #1483841 reported by Leontii Istomin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mirantis OpenStack
Fix Released
High
Oleksii Chuprykov
Mirantis OpenStack 7.0
7.0.x
Won't Fix
High
MOS Maintenance
Mirantis OpenStack 7.0
8.0.x
Fix Released
High
Oleksii Chuprykov
Mirantis OpenStack 8.0

Bug Description

In case when we try to create/delete big Heat stack we can face with issue when keystone token expires and action become to failed state. At the moment (build 7.0-98) we have token expiration time equals to 1 hour. Actions with Heat stacks which take more than 1 hour fails.

We can use "trust" keystone feature to avoid this behavior.

Leontii Istomin (listomin)
Changed in mos:
status: New → Opinion
Dina Belova (dbelova)
Changed in mos:
importance: Undecided → High
Dina Belova (dbelova)
Changed in mos:
status: Opinion → Confirmed
tags: added: heat murano sahara
Revision history for this message
Sergey Kraynev (skraynev) wrote :

We have a same bug in community: https://bugs.launchpad.net/heat/+bug/1306294

I discussed it with Steven, who responsible to fix it. He promised to finish it in Liberty release.
Unfortunately it's mostly depends on code, which was merged in keystone and heat during L release, and it's quite difficult backport to Kilo.

So I'd suggest to move it to MOS 8.0.
For MOS 7.0 I see two possible solution:
 - mark it as Won't Fix and constantly increase token lifetime for scale testing
 - add patch to puppets with constant increasing this ^ option.

Note, that this approach is implemented in Tripleo project (token expiration time is 4 hour for them)

Dina, I need your answer about preferable solution?

Changed in mos:
assignee: Peter Razumovsky (prazumovsky) → Dina Belova (dbelova)
Revision history for this message
Sergey Kraynev (skraynev) wrote :

So after discussion it with Dina. We decided to add it to release notes with explanation, what should be done for creating stacks which requires more than 1 hour. And do not add any patches for puppets with changing token lifetime.

Changed in mos:
assignee: Dina Belova (dbelova) → Sergey Kraynev (skraynev)
tags: added: release-notes
Changed in mos:
status: Confirmed → Won't Fix
Revision history for this message
Sergey Kraynev (skraynev) wrote :

Also I marked this bug as Won't Fix.
If solution in community will be possible to port to Kilo, I will re-open it

Olena Logvinova (ologvinova)
tags: added: done
Alexander Adamov (aadamov)
tags: added: release-notes-done
removed: release-notes
Olena Logvinova (ologvinova)
tags: removed: done
Olena Logvinova (ologvinova)
tags: added: rn7.0
Revision history for this message
Sergey Kraynev (skraynev) wrote :

Patch with potential fix https://review.openstack.org/#/c/226384/
Need to check it on scale lab with mentioned in bug description scenario.

Revision history for this message
Oleksii Chuprykov (ochuprykov) wrote :

Need ISO for MOS 8.0 for fixing it.

Revision history for this message
Oleksii Chuprykov (ochuprykov) wrote :

Merged in upstream master: https://review.openstack.org/#/c/226384/ . Merged patch in mos https://review.fuel-infra.org/#/c/14365/ , merge sync here https://review.fuel-infra.org/#/c/14516/ . Verified in MOS 8.0. Also there is bug in MOS Keystone with using fernet tokens that breaks reauth: https://bugs.launchpad.net/mos/+bug/1525848 .

Revision history for this message
Sergey Kraynev (skraynev) wrote :

Note for previous comment:
Bug in keystone was fixed in upstream. There is a patch on review in MOS:
https://review.fuel-infra.org/#/c/14714/

Anastasia Kuznetsova (akuznetsova)
tags: added: area-heat
removed: heat
Revision history for this message
Evgeny Sikachev (esikachev) wrote :

verified on 200 nodes scale. iso 482

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.