Juniper Openstack

keystone v3 :: domains are not shown under identity tab in horizon.

Bug #1605466 reported by Ritam Gangopadhyay on 2016-07-22

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Juniper Openstack	Status tracked in Trunk
R3.1	Fix Released	Medium	Ritam Gangopadhyay	Juniper Openstack r3.1.0.0-fcs
Trunk	New	Medium	Ritam Gangopadhyay

Bug Description

Though domain creation using curl api call passes but domain tab is missing under the identity tab in the horizon page.

screen shot attached.

Try this login - http://10.204.221.17/horizon

username admin
password contrail123
domain default

Tags:

Revision history for this message

Ritam Gangopadhyay (ritam) wrote on 2016-07-22:

screen.png Edit (98.4 KiB, image/png)

Ritam Gangopadhyay (ritam) on 2016-07-22

tags:

added: blocker

Revision history for this message

Rahul (rahuls) wrote on 2016-07-25:

Please check OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT in horizon conf file.

Revision history for this message

Ritam Gangopadhyay (ritam) wrote on 2016-07-25:

Please take a look at the single node setup nodeb2.

root@nodeb2:~# grep -rn "OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT" /etc/
/etc/openstack-dashboard/local_settings.py:62:OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
root@nodeb2:~#

Jeba Paulaiyan (jebap) on 2016-07-25

tags:

added: keystonev3

Revision history for this message

Rahul (rahuls) wrote on 2016-07-27:

Mitaka only?

How is the admin user setup in this particular node? After commenting out following I see the domain page, domain_token is not found for this credential:

        request = context['request']
        domain_token = request.session.get('domain_token')
        #return super(Domains, self).can_access(context) and domain_token
        return super(Domains, self).can_access(context)

Revision history for this message

Rahul (rahuls) wrote on 2016-07-28:

Spent some more time on this, domain token is not seen in authentication.

This setup is missing following in policy files and once its enabled the domain id isn't seen and none of project_list operations work. So maybe more conf settings need to be changed here.

https://wiki.openstack.org/wiki/Horizon/DomainWorkFlow#keystone_v3

Snip.....
=================================================

You can start testing with the default /etc/keystone/policy.json file but at some point you will want to switch in the following file: https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json

Change the following line in the policy.v3cloudsample.json and swap it with the /etc/keystone/policy.json Remember: He who laughs last had a backup!

old:
...
"cloud_admin": "rule:admin_required and domain_id:admin_domain_id",
...

new:
...
# use 'default' or whatever your cloud admin domain id is
"cloud_admin": "rule:admin_required and domain_id:default",
...

===========================================================

In our setups we aren't adding "... and domain_id:default"

Revision history for this message

Rahul (rahuls) wrote on 2016-07-29:

Ritam to have a setup with domain:id default in policy files.

Rahul (rahuls) on 2016-08-03

tags:

added: releasenote

Sudheendra Rao (sudheendra-k) on 2016-08-03

information type:

Proprietary → Public

Revision history for this message

Rahul (rahuls) wrote on 2016-08-04:

Following patch can help when domain token is not found:

root@nodea16:/usr/share/openstack-dashboard/openstack_dashboard/dashboards/identity/domains# diff -ruN panel.py panel.orig
--- panel.py 2016-08-04 13:04:42.777537612 +0530
+++ panel.orig 2016-08-04 13:04:15.360639419 +0530
@@ -35,4 +35,4 @@

request = context['request']
domain_token = request.session.get('domain_token')
- return super(Domains, self).can_access(context)
+ return super(Domains, self).can_access(context) and domain_token

Revision history for this message

Rahul (rahuls) wrote on 2016-08-04:

Discard above comment.

Following patch can help when domain token is not found:

root@nodea16:/usr/share/openstack-dashboard/openstack_dashboard/dashboards/identity/domains# diff -ruN panel.orig panel.py
--- panel.orig 2016-08-04 13:04:15.360639419 +0530
+++ panel.py 2016-08-04 13:04:42.777537612 +0530
@@ -35,4 +35,4 @@

request = context['request']
domain_token = request.session.get('domain_token')
- return super(Domains, self).can_access(context) and domain_token
+ return super(Domains, self).can_access(context)