OpenStack Dashboard (Horizon)

Horizon gating on dsvm-integration job is broken due to recent changes in devstack/keystone

Bug #1585682 reported by Timur Sufiev
42
This bug affects 8 people
Affects Status Importance Assigned to Milestone
OpenStack Dashboard (Horizon)
Fix Released
Critical
Timur Sufiev
OpenStack Dashboard (Horizon) newton-1 "n1"
OpenStack Identity (keystone)
Invalid
Undecided
Unassigned
django-openstack-auth
Fix Released
Critical
Timur Sufiev

Bug Description

More importantly, Horizon in devstack is broken too due to the inability to get list of projects / switch the current project for a user, see

DEBUG:keystoneauth.session:Request returned failure status: 404
Unable to retrieve project list.
Traceback (most recent call last):
  File "/home/tsufiev/develop/django_openstack_auth/openstack_auth/user.py", line 314, in authorized_tenants
    is_federated=self.is_federated)
  File "/home/tsufiev/develop/django_openstack_auth/openstack_auth/utils.py", line 325, in get_project_list
    projects = client.projects.list(user=kwargs.get('user_id'))
  File "/home/tsufiev/develop/horizon/.venv/local/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner
    return wrapped(*args, **kwargs)
  File "/home/tsufiev/develop/horizon/.venv/local/lib/python2.7/site-packages/keystoneclient/v3/projects.py", line 107, in list
    **kwargs)
  File "/home/tsufiev/develop/horizon/.venv/local/lib/python2.7/site-packages/keystoneclient/base.py", line 75, in func
    return f(*args, **new_kwargs)
  File "/home/tsufiev/develop/horizon/.venv/local/lib/python2.7/site-packages/keystoneclient/base.py", line 383, in list
    self.collection_key)
  File "/home/tsufiev/develop/horizon/.venv/local/lib/python2.7/site-packages/keystoneclient/base.py", line 124, in _list
    resp, body = self.client.get(url, **kwargs)
  File "/home/tsufiev/develop/horizon/.venv/local/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 173, in get
    return self.request(url, 'GET', **kwargs)
  File "/home/tsufiev/develop/horizon/.venv/local/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 330, in request
    resp = super(LegacyJsonAdapter, self).request(*args, **kwargs)
  File "/home/tsufiev/develop/horizon/.venv/local/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 98, in request
    return self.session.request(url, method, **kwargs)
  File "/home/tsufiev/develop/horizon/.venv/local/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner
    return wrapped(*args, **kwargs)
  File "/home/tsufiev/develop/horizon/.venv/local/lib/python2.7/site-packages/keystoneauth1/session.py", line 468, in request
    raise exceptions.from_response(resp, method, url)
NotFound: The resource could not be found. (HTTP 404)

Revision history for this message
Timur Sufiev (tsufiev-x) wrote :

The Keystone endpoint url Horizon is using is http://<hostip>:5000/v3, then a request is made to http://<hostip>/identity/users/<userid>/projects to return project list which results in Http404

Revision history for this message
Morgan Fainberg (mdrnstm) wrote :

When did this start happening? can you provide a logstash query to show?

Thanks!

Changed in keystone:
status: New → Incomplete
Revision history for this message
Lin Hua Cheng (lin-hua-cheng) wrote :

The issue is related to the issue Matt reported in: http://lists.openstack.org/pipermail/openstack-dev/2016-February/086852.html

Revision history for this message
Lin Hua Cheng (lin-hua-cheng) wrote :

weird, I would expect this patch https://github.com/openstack/django_openstack_auth/commit/e008112d0f964b00bd5cb633262365ebc7f9395b would have fixed this issue.

Revision history for this message
Lin Hua Cheng (lin-hua-cheng) wrote :

my bad, didn't notice that it is trying to hit "/identity" might be a different issue.

Revision history for this message
Lin Hua Cheng (lin-hua-cheng) wrote :

the right url horizon should be hitting should be: http://<hostip>/identity/v3/users/<userid>/

Revision history for this message
Rob Cresswell (robcresswell-deactivatedaccount) wrote :

Two potentially relevant devstack commits:
https://review.openstack.org/#/c/193894/
https://review.openstack.org/#/c/312238/

I've not investigated either yet, but at first glance they seem related. It's unclear to me whether one of the patches has missed something, or whether its just exposed a problem with the URL Horizon is configured to hit.

Revision history for this message
Rob Cresswell (robcresswell-deactivatedaccount) wrote :

A clean revert of https://review.openstack.org/#/c/193894/ got my env working again (or it coincidentally worked once)

Rob Cresswell (robcresswell-deactivatedaccount)
Changed in horizon:
assignee: nobody → Rob Cresswell (robcresswell)
milestone: none → newton-1
Revision history for this message
Samuel de Medeiros Queiroz (samueldmq) wrote :

As pointed out by Lin, the URL is missing a '/v3' in it.

It should be 'http://<hostip>/identity/v3/users/<userid>/projects' rather than 'http://<hostip>/identity/users/<userid>/projects'

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to horizon (master)

Fix proposed to branch: master
Review: https://review.openstack.org/321640

Changed in horizon:
assignee: Rob Cresswell (robcresswell) → Timur Sufiev (tsufiev-x)
status: New → In Progress
Revision history for this message
Timur Sufiev (tsufiev-x) wrote :

Not a keystone bug actually. The proper fix consists of updating fix_auth_url_version() in openstack_auth.utils and reusing this function in openstack_dashboard.api.keystone.

Changed in keystone:
status: Incomplete → Invalid
Changed in django-openstack-auth:
assignee: nobody → Timur Sufiev (tsufiev-x)
importance: Undecided → Critical
Revision history for this message
Timur Sufiev (tsufiev-x) wrote :

Here is a patch to django_openstack_auth: https://review.openstack.org/#/c/321639

OpenStack Infra (hudson-openstack)
Changed in django-openstack-auth:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to django_openstack_auth (master)

Reviewed: https://review.openstack.org/321639
Committed: https://git.openstack.org/cgit/openstack/django_openstack_auth/commit/?id=405cb08207cf87145975d534634165caa701c92b
Submitter: Jenkins
Branch: master

commit 405cb08207cf87145975d534634165caa701c92b
Author: Timur Sufiev <email address hidden>
Date: Thu May 26 19:07:36 2016 +0300

    Fix Keystone url version suffix when webpath is present

    There was a false assumption within utils.fix_auth_url_version()
    routine that everything that goes after hostname:port part of Keystone
    auth_url is could be only version suffix. Once '/identity' webpath was
    enabled in Keystone Apache configuration in Devstack by default, the
    falsehood was exposed and broken all integration tests. This is fixed.

    While debugging fix_auth_url_version() I noticed another side-effect
    of the fix: Horizon no longer needs to specify version suffix inside
    OPENSTACK_KEYSTONE_URL setting, the fixed function works perfectly
    without it. This will be mentioned in release notes for the dependent
    Horizon patch.

    Partial-Bug: #1585682
    Needed-By: Icebfc291ec2b06ed84934c75cfd8c9d91cb2a895
    Change-Id: Iea9b8e8378e6c5fb4c60df0073968d8caf7fbc5e

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to horizon (master)

Reviewed: https://review.openstack.org/321640
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=caa5e910598707d2cfc56faedb6dff97c574e50c
Submitter: Jenkins
Branch: master

commit caa5e910598707d2cfc56faedb6dff97c574e50c
Author: Timur Sufiev <email address hidden>
Date: Thu May 26 19:09:51 2016 +0300

    Fix Keystone version suffix when Keystone webpath is present

    In this patch the URLs that are coming from service catalog are fixed
    to contain the proper version.

    Update requirements.txt in the same commit, because otherwise
    integration tests won't pass for OpenStack Proposal Bot commit which
    should update DOA version.

    Closes-Bug: #1585682
    Depends-On: Iea9b8e8378e6c5fb4c60df0073968d8caf7fbc5e
    Change-Id: Icebfc291ec2b06ed84934c75cfd8c9d91cb2a895

Changed in horizon:
status: In Progress → Fix Released
Timur Sufiev (tsufiev-x)
Changed in django-openstack-auth:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to django_openstack_auth (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/323785

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to horizon (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/323787

Revision history for this message
Davanum Srinivas (DIMS) (dims-v) wrote : Fix included in openstack/horizon 10.0.0.0b1

This issue was fixed in the openstack/horizon 10.0.0.0b1 development milestone.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to django_openstack_auth (stable/mitaka)

Reviewed: https://review.openstack.org/323785
Committed: https://git.openstack.org/cgit/openstack/django_openstack_auth/commit/?id=932ca49e769980043996f5872c6513d9fc68bb48
Submitter: Jenkins
Branch: stable/mitaka

commit 932ca49e769980043996f5872c6513d9fc68bb48
Author: Timur Sufiev <email address hidden>
Date: Thu May 26 19:07:36 2016 +0300

    Fix Keystone url version suffix when webpath is present

    There was a false assumption within utils.fix_auth_url_version()
    routine that everything that goes after hostname:port part of Keystone
    auth_url is could be only version suffix. Once '/identity' webpath was
    enabled in Keystone Apache configuration in Devstack by default, the
    falsehood was exposed and broken all integration tests. This is fixed.

    While debugging fix_auth_url_version() I noticed another side-effect
    of the fix: Horizon no longer needs to specify version suffix inside
    OPENSTACK_KEYSTONE_URL setting, the fixed function works perfectly
    without it. This will be mentioned in release notes for the dependent
    Horizon patch.

    Partial-Bug: #1585682
    Needed-By: Icebfc291ec2b06ed84934c75cfd8c9d91cb2a895
    Change-Id: Iea9b8e8378e6c5fb4c60df0073968d8caf7fbc5e
    (cherry picked from commit 405cb08207cf87145975d534634165caa701c92b)

tags: added: in-stable-mitaka
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on horizon (stable/mitaka)

Change abandoned by Timur Sufiev (<email address hidden>) on branch: stable/mitaka
Review: https://review.openstack.org/323787

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.