Juju Charms Collection
ceph-radosgw package

Cannot create relation between ceph-radosgw and keystone charms

Bug #1542074 reported by Mike Deats
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ceph-radosgw (Juju Charms Collection)
Fix Released
High
Edward Hope-Morley
Juju Charms Collection 16.07

Bug Description

Using Ubuntu 14.04 LTS with the Openstack Liberty release (openstack-origin: "cloud:trusty-liberty"), I get the following error when trying to add the relation between ceph-radosgw and keystone. Note that both charms are running as LXC containers:

2016-02-04 22:55:17 DEBUG juju-log identity-service:48: Updating ca cert from keystone
2016-02-04 22:55:17 INFO identity-service-relation-changed Traceback (most recent call last):
2016-02-04 22:55:17 INFO identity-service-relation-changed File "/var/lib/juju/agents/unit-ceph-radosgw-0/charm/hooks/identity-service-relation-changed", line 446, in <module>
2016-02-04 22:55:17 INFO identity-service-relation-changed hooks.execute(sys.argv)
2016-02-04 22:55:17 INFO identity-service-relation-changed File "/var/lib/juju/agents/unit-ceph-radosgw-0/charm/hooks/charmhelpers/core/hookenv.py", line 717, in execute
2016-02-04 22:55:17 INFO identity-service-relation-changed self._hooks[hook_name]()
2016-02-04 22:55:17 INFO identity-service-relation-changed File "/var/lib/juju/agents/unit-ceph-radosgw-0/charm/hooks/charmhelpers/core/host.py", line 397, in wrapped_f
2016-02-04 22:55:17 INFO identity-service-relation-changed f(*args, **kwargs)
2016-02-04 22:55:17 INFO identity-service-relation-changed File "/var/lib/juju/agents/unit-ceph-radosgw-0/charm/hooks/identity-service-relation-changed", line 366, in identity_changed
2016-02-04 22:55:17 INFO identity-service-relation-changed identity_joined(relid)
2016-02-04 22:55:17 INFO identity-service-relation-changed File "/var/lib/juju/agents/unit-ceph-radosgw-0/charm/hooks/identity-service-relation-changed", line 360, in identity_joined
2016-02-04 22:55:17 INFO identity-service-relation-changed setup_keystone_certs()
2016-02-04 22:55:17 INFO identity-service-relation-changed File "/var/lib/juju/agents/unit-ceph-radosgw-0/charm/hooks/identity-service-relation-changed", line 240, in setup_keystone_certs
2016-02-04 22:55:17 INFO identity-service-relation-changed fd.write(ca_cert)
2016-02-04 22:55:17 INFO identity-service-relation-changed UnicodeEncodeError: 'ascii' codec can't encode characters in position 1226-1228: ordinal not in range(128)
2016-02-04 22:55:17 INFO juju.worker.uniter.context context.go:579 handling reboot
2016-02-04 22:55:17 ERROR juju.worker.uniter.operation runhook.go:107 hook "identity-service-relation-changed" failed: exit status 1
2016-02-04 22:55:17 DEBUG juju.worker.uniter modes.go:31 [AGENT-STATUS] failed: clear resolved flag and run relation-changed (48; keystone/0) hook
2016-02-04 22:55:17 DEBUG juju.worker.uniter modes.go:31 [AGENT-STATUS] error: hook failed: "identity-service-relation-changed"

Tags: openstack sts
Revision history for this message
Mike Deats (mikedeats) wrote :

After some investigation, it looks like ceph was trying to use the HTTP proxy when contacting Keystone. Adding the Keystone IP to the no-proxy variable fixed the problem.

Revision history for this message
Edward Hope-Morley (hopem) wrote :

Hi Mike, thanks for raising this bug. The problem you are hitting appears to be that the identity relation hook has failed due to ca_cert containing unexpected unicode characters thus causing python to fail when it tries to encode as a string using str(). This is simple enough to fix and I'll get it queued up. In the meantime can you please tell me the what version of Ubuntu and what version of Openstack this is?

Changed in ceph-radosgw (Juju Charms Collection):
milestone: none → 16.04
importance: Undecided → High
tags: added: openstack sts
Revision history for this message
Mike Deats (mikedeats) wrote :

Ubuntu 14.04, Openstack Liberty

James Page (james-page)
Changed in ceph-radosgw (Juju Charms Collection):
milestone: 16.04 → 16.07
Edward Hope-Morley (hopem)
Changed in ceph-radosgw (Juju Charms Collection):
assignee: nobody → Edward Hope-Morley (hopem)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-ceph-radosgw (master)

Fix proposed to branch: master
Review: https://review.openstack.org/314063

Changed in ceph-radosgw (Juju Charms Collection):
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-ceph-radosgw (master)

Reviewed: https://review.openstack.org/314063
Committed: https://git.openstack.org/cgit/openstack/charm-ceph-radosgw/commit/?id=fea65c36409e71314881775012e27aba6666698b
Submitter: Jenkins
Branch: master

commit fea65c36409e71314881775012e27aba6666698b
Author: Edward Hope-Morley <email address hidden>
Date: Mon May 9 12:41:21 2016 +0100

    Guard against invalid cert returned from keystone

    Sometimes keystone returns invalid string data when doing a
    GET for SSL certs during setup phases so we now check
    returned data and ignore if invalid. Also perform some
    code cleanup around cert management and add unit tests.

    Closes-Bug: 1542074
    Change-Id: I6c28f540d902296cfd83a99f4e052ba8b2771e9e

Changed in ceph-radosgw (Juju Charms Collection):
status: In Progress → Fix Committed
Liam Young (gnuoy)
Changed in ceph-radosgw (Juju Charms Collection):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.