contail-api couldn't list domains using project scope auth
Bug #1724691 reported by
Ignatious Johnson Christopher
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
R3.2 |
Fix Committed
|
Medium
|
Ignatious Johnson Christopher | |||
R4.0 |
Fix Committed
|
Medium
|
Ignatious Johnson Christopher | |||
R4.1 |
Fix Committed
|
Medium
|
Ignatious Johnson Christopher | |||
Trunk |
Fix Committed
|
Medium
|
Ignatious Johnson Christopher |
Bug Description
contail-api couldn't list domains when using Keystone v3 with project scope auth
contrail-status
----------------
contrail-api:0 initializing (Generic Connection:
Project scoped auth don't have access to list-projects and list-domains.
Api-server do list-domains during initialization.
So when project scoped auth parameters are used in contrail- keystone- auth.conf api-server is in initializing state.
Solutions:
1. Use domain scope auth parameters in contrail- keystone- auth.conf instead of project scope.
contrail- keystone- auth.conf ------- ------- ------- - /keystoneIp: 35357/v3 <keystoneIp> c0ntrail123 name=admin servers= 127.0.0. 1:11211 /etc/contrail/ ssl/certs/ keystone. pem /etc/contrail/ ssl/certs/ keystone. pem /etc/contrail/ ssl/certs/ keystone_ ca.pem
-------
[KEYSTONE]
auth_url=https:/
auth_host=
auth_protocol=https
auth_port=35357
admin_user=admin
admin_password=
admin_tenant_
memcache_
insecure=False
certfile=
keyfile=
cafile=
auth_type = password
user_domain_name = Default
domain_name = Default <<<<<<<<< Domain scope auth
2. Use project scoped auth parameters in contrail- keystone- auth.conf, also set admin_project_name and admin_project_ domain_ name in [resource] section of keystone.conf
contrail- keystone- auth.conf ------- ------- ------- - /keystoneIp: 35357/v3 <keystoneIp> c0ntrail123 name=admin servers= 127.0.0. 1:11211 /etc/contrail/ ssl/certs/ keystone. pem /etc/contrail/ ssl/certs/ keystone. pem /etc/contrail/ ssl/certs/ keystone_ ca.pem
-------
[KEYSTONE]
auth_url=https:/
auth_host=
auth_protocol=https
auth_port=35357
admin_user=admin
admin_password=
admin_tenant_
memcache_
insecure=False
certfile=
keyfile=
cafile=
auth_type = password
user_domain_name = Default
project_domain_name = Default <<<<< Project scope auth
keystone.conf domain_ name = Default <<<<<
---------------
[resource]
admin_project_
#admin_project_name = admin <<<<<