Heat stack delete failing on invalidToken exception during _delete_credentials
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Heat |
New
|
Undecided
|
Unassigned | ||
OpenStack Heat Charm |
Invalid
|
Undecided
|
Unassigned |
Bug Description
We have a site where we are having a failure to delete a heat stack due to an issue with the heat credentials store in the database.
Traceback of the failure looks like this:
2018-06-11 22:45:58.839 267852 INFO heat.engine.stack [-] Stack DELETE FAILED (CBAM-ec2d9576f
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service [-] Unhandled error in asynchronous task
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service Traceback (most recent call last):
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service File "/usr/lib/
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service gt.wait()
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service File "/usr/lib/
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service return self._exit_
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service File "/usr/lib/
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service current.
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service File "/usr/lib/
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service result = function(*args, **kwargs)
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service File "/usr/lib/
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service return func(*args, **kwargs)
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service File "/usr/lib/
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service return f(*args, **kwargs)
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service File "/usr/lib/
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service {'func': func.__name__, 'msg': errmsg})
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service File "/usr/lib/
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service self.force_
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service File "/usr/lib/
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service six.reraise(
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service File "/usr/lib/
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service return func(stack, *args, **kwargs)
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service File "/usr/lib/
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service abandon)
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service File "/usr/lib/
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service user_creds = self._try_
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service File "/usr/lib/
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service user_creds = ucreds_
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service File "/usr/lib/
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service user_creds_db = db_api.
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service File "/usr/lib/
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service return IMPL.user_
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service File "/usr/lib/
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service db_result.
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service File "/usr/lib/
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service value = decryptor(data, encryption_key)
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service File "/usr/lib/
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service return sym.decrypt(
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service File "/usr/lib/
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service raise InvalidToken
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service InvalidToken
2018-06-11 22:45:58.848 267852 ERROR heat.engine.service
If master branch is to be believed: https:/
While I'm looking through the trace, I can see that there is an exception handler for exception.Error at _try_get_user_creds https:/
If this truly is to do with the auth_encryption_key changing/failing to decrypt the value in the database, is it possible this changed somehow due to charm changes?
The cloud is a xenial/Mitaka cloud running 17.02 charms.
It appears that this is not a charm bug, but needs to be run upstream to heat. The stack was created and attempted to be deleted under 48 hours later, and there were no changes to heat configs within that timeframe that would have changed the encryption key, hence, I believe this is bad exception handling within swift.heat. engine. stack._ try_get_ user_creds( ) function that should trap also InvalidToken and InvalidEncrypti onKey exceptions as well as exception.Error to allow for deletion of the stack.