OpenStack Heat

Can't create ceilometer alarm if enable re-auth: Expecting to find domain in project

Bug #1531406 reported by huangtianhua
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Heat
Fix Released
High
huangtianhua
OpenStack Heat mitaka-rc1 "RC1"

Bug Description

1. set conf 'reauthentication_auth_method = trusts'
2. create a stack with ceilometer alarm
3. the stack create failed, the reason: BadRequest: Expecting to find domain in project

The bug #1529058 fix one this problem if disable re-auth.
I think first step to fix this is to store the user_domain and project_domain for trust context.

huangtianhua (huangtianhua)
Changed in heat:
assignee: nobody → huangtianhua (huangtianhua)
importance: Undecided → High
summary: - Can't create ceilometer alarm if enable re-auth
+ Can't create ceilometer alarm if enable re-auth: Expecting to find
+ domain in project
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to heat (master)

Fix proposed to branch: master
Review: https://review.openstack.org/264537

Changed in heat:
status: New → In Progress
huangtianhua (huangtianhua)
Changed in heat:
milestone: none → mitaka-3
Peter Razumovsky (prazumovsky)
Changed in heat:
milestone: mitaka-3 → mitaka-rc1
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to heat (master)

Reviewed: https://review.openstack.org/264537
Committed: https://git.openstack.org/cgit/openstack/heat/commit/?id=20214477c80759836b10d1ae45d16d404b077463
Submitter: Jenkins
Branch: master

commit 20214477c80759836b10d1ae45d16d404b077463
Author: huangtianhua <email address hidden>
Date: Thu Jan 7 11:04:54 2016 +0800

    Make sure create ceilometer alarm successful

    If enable re-auth, we will use the stored context
    instead of request context, then we can't create
    ceilometer alarm resource. There are two problems
    when create ceilometer client:
    1. the stored context has no domain info, an error
    raised from keystone: BadRequest: Expecting to find
    domain in project. So this patch will retrive the
    user/project domain ids from the auth_ref.
    2. after fix the first problem, then another error
    raised from keystone: Forbidden: You are not authorized
    to perform the requested action. Due keystone doesn't
    allow to create a token by a trust-scoped token when
    get aodh endpoint. So this patch will pass 'aodh_endpoint'
    to ceilometer client to avoid this.

    Change-Id: I44ed5c10b6dec6f39714f4f74cf51a10ef6104a6
    Closes-Bug: #1531406

Changed in heat:
status: In Progress → Fix Released
Revision history for this message
Thierry Carrez (ttx) wrote : Fix included in openstack/heat 6.0.0.0rc1

This issue was fixed in the openstack/heat 6.0.0.0rc1 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to heat (stable/liberty)

Fix proposed to branch: stable/liberty
Review: https://review.openstack.org/326405

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to heat (stable/liberty)

Reviewed: https://review.openstack.org/326405
Committed: https://git.openstack.org/cgit/openstack/heat/commit/?id=0e07b6d36ed541e89dc763ca014fe9d4322c5e35
Submitter: Jenkins
Branch: stable/liberty

commit 0e07b6d36ed541e89dc763ca014fe9d4322c5e35
Author: huangtianhua <email address hidden>
Date: Thu Jan 7 11:04:54 2016 +0800

    Make sure create ceilometer alarm successful

    If enable re-auth, we will use the stored context
    instead of request context, then we can't create
    ceilometer alarm resource. There are two problems
    when create ceilometer client:
    1. the stored context has no domain info, an error
    raised from keystone: BadRequest: Expecting to find
    domain in project. So this patch will retrive the
    user/project domain ids from the auth_ref.
    2. after fix the first problem, then another error
    raised from keystone: Forbidden: You are not authorized
    to perform the requested action. Due keystone doesn't
    allow to create a token by a trust-scoped token when
    get aodh endpoint. So this patch will pass 'aodh_endpoint'
    to ceilometer client to avoid this.

    Closes-Bug: #1531406
    (cherry picked from commit 20214477c80759836b10d1ae45d16d404b077463)

    Conflicts:
     heat/engine/clients/os/ceilometer.py

    Change-Id: I44ed5c10b6dec6f39714f4f74cf51a10ef6104a6

tags: added: in-stable-liberty
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to heat (stable/liberty)

Fix proposed to branch: stable/liberty
Review: https://review.openstack.org/327716

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to heat (stable/liberty)

Reviewed: https://review.openstack.org/327716
Committed: https://git.openstack.org/cgit/openstack/heat/commit/?id=f2b45776090463a417eeca98db4a6fa55ba0f64b
Submitter: Jenkins
Branch: stable/liberty

commit f2b45776090463a417eeca98db4a6fa55ba0f64b
Author: huangtianhua <email address hidden>
Date: Thu Jan 7 11:04:54 2016 +0800

    Make sure create ceilometer alarm successful

    If enable re-auth, we will use the stored context
    instead of request context, then we can't create
    ceilometer alarm resource. There are two problems
    when create ceilometer client:
    1. the stored context has no domain info, an error
    raised from keystone: BadRequest: Expecting to find
    domain in project. So this patch will retrive the
    user/project domain ids from the auth_ref.
    2. after fix the first problem, then another error
    raised from keystone: Forbidden: You are not authorized
    to perform the requested action. Due keystone doesn't
    allow to create a token by a trust-scoped token when
    get aodh endpoint. So this patch will pass 'aodh_endpoint'
    to ceilometer client to avoid this.
    Also we need to pass metering endpoint as `aodh_endpoint`,
    because there is no separate alarming endpoint in liberty
    ceilometer.

    Closes-Bug: #1531406
    (cherry picked from commit 20214477c80759836b10d1ae45d16d404b077463)

    Conflicts:
     heat/engine/clients/os/ceilometer.py

    Change-Id: I027872cb453139cea4b6f3ec12e3f7f11049752e

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/heat 5.0.2

This issue was fixed in the openstack/heat 5.0.2 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.