Unable to authorize with keystone, fails to allocate floating IP
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Keystone Charm |
Expired
|
Low
|
Unassigned | ||
OpenStack Nova Cloud Controller Charm |
Expired
|
Low
|
Unassigned | ||
keystone (Juju Charms Collection) |
Invalid
|
Low
|
Unassigned | ||
nova-cloud-controller (Juju Charms Collection) |
Invalid
|
Low
|
Unassigned |
Bug Description
This was found with a Landscape Autopilot openstack deployment in CI: https:/
Test configuration:
SERVER_PPA=trunk, OPENSTACK_
The deployment of the openstack cloud was successful, but a test to perform a juju bootstrap within that cloud failed. Bootstrap failed with an error that indicated that multiple floating IPs had been allocated for the bootstrap node, however, the error was traced back to nova-api-os-compute being unable to allocate any floating IPs:
[From landscape-
2016-09-13 13:24:59.957 68912 WARNING keystonemiddlew
2016-09-13 13:24:59.994 68912 WARNING keystonemiddlew
2016-09-13 13:25:06.184 68913 WARNING nova.api.
2016-09-13 13:25:09.950 68911 ERROR nova.network.
...
Traceback
...
2016-09-13 13:25:09.955 68911 ERROR nova.api.
It's unclear to me how the nova instance didn't have the proper credentials to authenticate. I've attached logs from the keystone and nova-cloud-
tags: | removed: kanban-cross-team |
Changed in charm-keystone: | |
importance: | Undecided → Low |
status: | New → Incomplete |
Changed in keystone (Juju Charms Collection): | |
status: | Incomplete → Invalid |
Changed in charm-nova-cloud-controller: | |
importance: | Undecided → Low |
status: | New → Incomplete |
Changed in nova-cloud-controller (Juju Charms Collection): | |
status: | Incomplete → Invalid |
I hit this exact failure. Restarting all apache2 services on all keystone units fixed it. The weird thing is, keystone/2 was constantly erroring like this:
(keystone. common. wsgi): 2016-12-16 21:58:55,700 WARNING Authorization failed. The request you have made requires authentication. from 10.5.1.76 common. controller) : 2016-12-16 21:59:08,183 WARNING RBAC: Bypassing authorization common. wsgi): 2016-12-16 21:59:08,188 WARNING Could not find token: e1ab5fc118354ed bad22a541a1ad4f f4 common. wsgi): 2016-12-16 21:59:25,725 WARNING Authorization failed. The request you have made requires authentication. from 10.5.1.76 common. wsgi): 2016-12-16 21:59:55,742 WARNING Authorization failed. The request you have made requires authentication. from 10.5.1.76 common. controller) : 2016-12-16 22:00:03,301 WARNING RBAC: Bypassing authorization
(keystone.
(keystone.
(keystone.
(keystone.
(keystone.
*BUT*
10.5.1.76 is actually keystone/0. That IP address was the only error in the logs. I'll attach logs from the keystone units.