Juniper Openstack

contrail SSL enabled cluster: permission issue to access vnc_api_lib.ini

Bug #1613178 reported by Ignatious Johnson Christopher on 2016-08-15

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Juniper Openstack	Status tracked in Trunk
R3.1	Fix Committed	High	Ignatious Johnson Christopher	Juniper Openstack r3.1.1.0
Trunk	Fix Committed	High	Ignatious Johnson Christopher	Juniper Openstack r3.2.0.0-fcs "r3.2.0.0"

Bug Description

In contrail SSL enabled cluster, neutron user doesn't have permission to access /etc/contrail/vnc_api_lib.ini, due to which nova boot fails.

DEBUG (shell:905) Unexpected API Error. Please report this at http://bugs.launchpad.net/nova/ and attach the Nova API log if possible.
<class 'neutronclient.common.exceptions.InternalServerError'> (HTTP 500) (Request-ID: req-150773ff-b1a0-4686-b6ae-55975e841091)
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/novaclient/shell.py", line 903, in main
    OpenStackComputeShell().main(argv)
  File "/usr/lib/python2.7/dist-packages/novaclient/shell.py", line 830, in main
    args.func(self.cs, args)
  File "/usr/lib/python2.7/dist-packages/novaclient/v2/shell.py", line 520, in do_boot
    server = cs.servers.create(*boot_args, **boot_kwargs)
  File "/usr/lib/python2.7/dist-packages/novaclient/v2/servers.py", line 942, in create
    **boot_kwargs)
  File "/usr/lib/python2.7/dist-packages/novaclient/v2/servers.py", line 540, in _boot
    return_raw=return_raw, **kwargs)
  File "/usr/lib/python2.7/dist-packages/novaclient/base.py", line 169, in _create
    _resp, body = self.api.client.post(url, body=body)
  File "/usr/lib/python2.7/dist-packages/keystoneclient/adapter.py", line 176, in post
    return self.request(url, 'POST', **kwargs)
  File "/usr/lib/python2.7/dist-packages/novaclient/client.py", line 93, in request
    raise exceptions.from_response(resp, body, url, method)
ClientException: Unexpected API Error. Please report this at http://bugs.launchpad.net/nova/ and attach the Nova API log if possible.
<class 'neutronclient.common.exceptions.InternalServerError'> (HTTP 500) (Request-ID: req-150773ff-b1a0-4686-b6ae-55975e841091)
ERROR (ClientException): Unexpected API Error. Please report this at http://bugs.launchpad.net/nova/ and attach the Nova API log if possible.
<class 'neutronclient.common.exceptions.InternalServerError'> (HTTP 500) (Request-ID: req-150773ff-b1a0-4686-b6ae-55975e841091)
root@a5s194:/opt/contrail/utils#

Tags:

Revision history for this message

Ignatious Johnson Christopher (ijohnson-x) wrote on 2016-08-15:

Workaround:
-------------

fab -R cfgm -- "usermod -a -G contrail neutron"
fab -R cfgm -- "service neutron-server restart"

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-08-25: [Review update] master

Review in progress for https://review.opencontrail.org/23591
Submitter: Ignatious Johnson Christopher (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-08-30: A change has been merged

Reviewed: https://review.opencontrail.org/23591
Committed: http://github.org/Juniper/contrail-fabric-utils/commit/c184b2fe5f31ee1f475d4f51657e8b5f9ecaf624
Submitter: Zuul
Branch: master

commit c184b2fe5f31ee1f475d4f51657e8b5f9ecaf624
Author: Ignatious Johnson Christopher <email address hidden>
Date: Thu Aug 25 11:51:33 2016 -0700

copying the api server certs to openstack node for the heat to connect
to api-server.

Change-Id: Ib49b0cb139d6940e1985197693a6b48b221ccb86
Closes-Bug: 1613178
Closes-Bug: 1612826

Jeba Paulaiyan (jebap) on 2016-11-07

no longer affects:

juniperopenstack/r3.2

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-11-14: [Review update] R3.1

Review in progress for https://review.opencontrail.org/26057
Submitter: Ignatious Johnson Christopher (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-11-15: A change has been merged

#11

Reviewed: https://review.opencontrail.org/26057
Committed: http://github.org/Juniper/contrail-fabric-utils/commit/9fafa7d4c32260532a6b991c2684134d1f9dff4c
Submitter: Zuul
Branch: R3.1

commit 9fafa7d4c32260532a6b991c2684134d1f9dff4c
Author: Ignatious Johnson Christopher <email address hidden>
Date: Thu Aug 25 11:51:33 2016 -0700

copying the api server certs to openstack node for the heat to connect
to api-server.

Change-Id: Ib49b0cb139d6940e1985197693a6b48b221ccb86
Closes-Bug: 1613178
Closes-Bug: 1612826
(cherry picked from commit c184b2fe5f31ee1f475d4f51657e8b5f9ecaf624)

Jeba Paulaiyan (jebap) on 2016-11-17

tags:

removed: releasenote

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.