charm-octavia-diskimage-retrofit

retrofit-image action uses public endpoint for glance

Bug #1895088 reported by Vern Hart
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
charm-octavia-diskimage-retrofit
Fix Released
High
Frode Nordahl
charm-octavia-diskimage-retrofit 20.10

Bug Description

I have an environment where octavia-diskimage-retrofit does not have access to my public endpoints.

The retrofit-image action seems to use the admin endpoint for keystone and the default endpoint for glance, which ends up being the public endpoint.

Looking at the code it is non-obvious to me how to tell keystone that we want internal endpoints.

I managed to override it with a manual lookup but this feels like a kludge (even if it were corrected to use a config variable instead of hard-coded).

What follows is my rudimentary patch that gets me moving forward. There's got to be a better way to do this.

$ diff -u lib/charm/openstack/octavia_diskimage_retrofit.py{.orig,}
--- lib/charm/openstack/octavia_diskimage_retrofit.py.orig 2020-09-10 06:01:13.644776587 +0000
+++ lib/charm/openstack/octavia_diskimage_retrofit.py 2020-09-10 06:10:39.142958401 +0000
@@ -88,7 +88,8 @@
         """
         session = glance_retrofitter.session_from_identity_credentials(
             keystone_endpoint)
- glance = glance_retrofitter.get_glance_client(session)
+ glance_internal = session.auth.get_endpoint(session,service_type='image',interface='internal')
+ glance = glance_retrofitter.get_glance_client(session, endpoint=glance_internal)

         ubuntu_release = self.get_ubuntu_release(
             series=self.config['retrofit-series'])

$ diff -u lib/charm/openstack/glance_retrofitter.py{.orig,}
--- lib/charm/openstack/glance_retrofitter.py.orig 2020-09-10 04:23:53.246442608 +0000
+++ lib/charm/openstack/glance_retrofitter.py 2020-09-10 05:58:02.195975967 +0000
@@ -47,7 +47,7 @@
     return session

-def get_glance_client(session):
+def get_glance_client(session, endpoint=None):
     """Get Glance Client from Keystone Session.

     :param session: Keystone Session object
@@ -55,7 +55,7 @@
     :returns: Glance Client
     :rtype: glanceclient.Client
     """
- return glanceclient.Client('2', session=session)
+ return glanceclient.Client('2', session=session, endpoint=endpoint)

 def get_product_name(stream=None, variant=None, release=None, arch=None):

Revision history for this message
Vern Hart (vern) wrote :
Revision history for this message
Nobuto Murata (nobuto) wrote :

fwiw, use-internal-endpoint option is explicitly disabled atm.
https://api.jujucharms.com/charmstore/v5/octavia-diskimage-retrofit-13/archive/layer.yaml
> "config":
> "deletes":
> - "ssl_ca"
> - "ssl_cert"
> - "ssl_key"
> - "use-internal-endpoints"
> - "use-syslog"
> - "verbose"

It needs to be added back and some login needs to be implemented altogether I guess.

Frode Nordahl (fnordahl)
Changed in charm-octavia-diskimage-retrofit:
status: New → In Progress
Frode Nordahl (fnordahl)
Changed in charm-octavia-diskimage-retrofit:
importance: Undecided → High
assignee: nobody → Frode Nordahl (fnordahl)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-octavia-diskimage-retrofit (master)

Fix proposed to branch: master
Review: https://review.opendev.org/751203

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-octavia-diskimage-retrofit (master)

Reviewed: https://review.opendev.org/751203
Committed: https://git.openstack.org/cgit/openstack/charm-octavia-diskimage-retrofit/commit/?id=035c228f7c3cc73637fdada16adf41e34b3a6a46
Submitter: Zuul
Branch: master

commit 035c228f7c3cc73637fdada16adf41e34b3a6a46
Author: Frode Nordahl <email address hidden>
Date: Fri Sep 11 10:24:35 2020 +0200

    Add use-internal-endpoints configuration option

    Point OpenStack clients in the charm code at the requested
    endpoint type.

    Co-authored-by: Vern Hart <email address hidden>
    Change-Id: Iad176d8b6a05b0c3a5bf4df3fdbb8097757799d3
    Closes-Bug: #1895088

Changed in charm-octavia-diskimage-retrofit:
status: In Progress → Fix Committed
Revision history for this message
Vern Hart (vern) wrote :

Just to circle back on this. This fix does indeed work.

Alex Kavanagh (ajkavanagh)
Changed in charm-octavia-diskimage-retrofit:
milestone: none → 20.10
Alex Kavanagh (ajkavanagh)
Changed in charm-octavia-diskimage-retrofit:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.