Hi Drew,
I don't seem to be able to reproduce the issue. The IdentityServiceContext
in openstack dashboard does allow for the relation data to have come in
upper-case (or mixed case). The idea is that openstack-dashboard charm tells
keystone the role it wants to use via the identity service relation.
The keystone charm then checks to see if it has a role that matches (case
insensative). If it finds a match it tells the dashboard charm the
case sensative name of the role that matches.
The IdentityServiceContext looks at the names of the roles provided
by keystone using the created_roles key. It does a case insensative
search comparing each role against the charm config option 'default-role'.
If it finds a match it uses the role name provided by keystone preserving
the case as specified by the keystone charm.
In the example of a deployment where the keystone setup was done by pre-20.05
charms, the member role is called Member and this does not change when the
charms are upgraded. However, the dashbaord switches from expecting the
role to be called Member to expecting to be called member. The charms cope
with this. As decribed above after the upgrade the dashboard charm now
expects the role to be called 'member':
$ juju config openstack-dashboard default-role
member
And it tells keystone this is the name of the role it wants:
$ juju run --application openstack-dashboard "relation-get -r identity-service:5 requested_roles openstack-dashboard/0"
member
The keystone charm spots there is already a role with
that name but with different case and tells the dashbaord:
$ juju run --application openstack-dashboard "relation-get -r identity-service:5 created_roles keystone/0"
Member
The dashboard charm IdentityServiceContext resolves this and correctly
identifies it should be using the capatalised member:
Below are the steps I went through to try and replicate the error, would
you mind taking a look and letting me know if any of it deviates from
your setup?
(comment below replicated here: https:/ /paste. ubuntu. com/p/B4Qjn2YJ9 V/)
Hi Drew, Context
I don't seem to be able to reproduce the issue. The IdentityService
in openstack dashboard does allow for the relation data to have come in
upper-case (or mixed case). The idea is that openstack-dashboard charm tells
keystone the role it wants to use via the identity service relation.
The keystone charm then checks to see if it has a role that matches (case
insensative). If it finds a match it tells the dashboard charm the
case sensative name of the role that matches.
The IdentityService Context looks at the names of the roles provided
by keystone using the created_roles key. It does a case insensative
search comparing each role against the charm config option 'default-role'.
If it finds a match it uses the role name provided by keystone preserving
the case as specified by the keystone charm.
In the example of a deployment where the keystone setup was done by pre-20.05
charms, the member role is called Member and this does not change when the
charms are upgraded. However, the dashbaord switches from expecting the
role to be called Member to expecting to be called member. The charms cope
with this. As decribed above after the upgrade the dashboard charm now
expects the role to be called 'member':
$ juju config openstack-dashboard default-role
member
And it tells keystone this is the name of the role it wants:
$ juju run --application openstack-dashboard "relation-get -r identity-service:5 requested_roles openstack- dashboard/ 0"
member
The keystone charm spots there is already a role with
that name but with different case and tells the dashbaord:
$ juju run --application openstack-dashboard "relation-get -r identity-service:5 created_roles keystone/0"
Member
The dashboard charm IdentityService Context resolves this and correctly
identifies it should be using the capatalised member:
$ juju run --application openstack-dashboard "cd hooks; export PYTHONPATH=../; python3 -c 'import horizon_contexts; print(horizon_ contexts. IdentityService Context( )())'" b2b826720dda027 5b7'}
{'service_port': '5000', 'service_host': '172.20.0.9', 'service_protocol': 'http', 'api_version': '3', 'default_role': 'Member', 'admin_domain_id': '31d65a195f7e4f
Below are the steps I went through to try and replicate the error, would
you mind taking a look and letting me know if any of it deviates from
your setup?
Thanks
Liam
Deploy pre-20.05 charms:
series: bionic shared- db", "mysql:shared-db"] dashboard: shared- db", "mysql:shared-db"] dashboard: identity- service" , "keystone: identity- service" ] charmers/ percona- cluster charmers/ keystone- 312 dashboard: charmers/ openstack- dashboard- 302
relations:
- ["keystone:
- ["openstack-
- ["openstack-
applications:
mysql:
charm: cs:~openstack-
num_units: 1
keystone:
charm: cs:~openstack-
num_units: 1
openstack-
charm: cs:~openstack-
num_units: 1
$ charm show cs:~openstack- charmers/ openstack- dashboard- 302 archive-upload-time upload- time: 21T19:53: 31.028Z"
archive-
UploadTime: "2020-04-
$ charm show cs:~openstack- charmers/ keystone- 312 archive-upload-time upload- time: 21T20:02: 32.122Z"
archive-
UploadTime: "2020-04-
mysql> select * from keystone.role; ------- ------- ------- ------- +------ ---+--- ----+-- ------- --+ ------- ------- ------- ------- +------ ---+--- ----+-- ------- --+ 4b85a9ffa86865c ed | Member | {} | <<null>> | 2bb1c81c49a3b2d d4 | service | {} | <<null>> | 28c4d038cf18206 bc | Admin | {} | <<null>> | ------- ------- ------- ------- +------ ---+--- ----+-- ------- --+
+------
| id | name | extra | domain_id |
+------
| 2723b273fdd2450
| 458f92b228d84e5
| efa82636975d437
+------
3 rows in set (0.00 sec)
$ juju config openstack-dashboard default-role
Member
# grep -i member /etc/openstack- dashboard/ * dashboard/ local_settings. py:OPENSTACK_ KEYSTONE_ DEFAULT_ ROLE = "Member"
/etc/openstack-
$ juju run --application openstack-dashboard "relation-get -r identity-service:5 - keystone/0" 2b826720dda0275 b7
admin_domain_id: 31d65a195f7e4fb
api_version: "3"
auth_host: 172.20.0.9
auth_port: "35357"
auth_protocol: http
egress-subnets: 172.20.0.9/32
ingress-address: 172.20.0.9
private-address: 172.20.0.9
region: RegionOne
service_host: 172.20.0.9
service_port: "5000"
service_protocol: http
And the test below works:
Identity -> Projects -> Manage Members
Upgrade to 20.11 charms:
$ juju upgrade-charm --switch cs:~openstack- charmers/ keystone keystone charmers/ keystone- 319" to the model. charmers/ openstack- dashboard openstack-dashboard charmers/ openstack- dashboard- 309" to the model.
Added charm "cs:~openstack-
$ juju upgrade-charm --switch cs:~openstack-
Added charm "cs:~openstack-
mysql> select * from keystone.role; ------- ------- ------- ------- +------ ---+--- ----+-- ------- --+ ------- ------- ------- ------- +------ ---+--- ----+-- ------- --+ 4b85a9ffa86865c ed | Member | {} | <<null>> | 2bb1c81c49a3b2d d4 | service | {} | <<null>> | 28c4d038cf18206 bc | Admin | {} | <<null>> | ------- ------- ------- ------- +------ ---+--- ----+-- ------- --+
+------
| id | name | extra | domain_id |
+------
| 2723b273fdd2450
| 458f92b228d84e5
| efa82636975d437
+------
3 rows in set (0.00 sec)
$ juju config openstack-dashboard default-role
member
$ juju run --application openstack-dashboard "relation-get -r identity-service:5 - keystone/0" 2b826720dda0275 b7
admin_domain_id: 31d65a195f7e4fb
api_version: "3"
auth_host: 172.20.0.9
auth_port: "35357"
auth_protocol: http
created_roles: Member
egress-subnets: 172.20.0.9/32
ingress-address: 172.20.0.9
private-address: 172.20.0.9
region: RegionOne
service_host: 172.20.0.9
service_port: "5000"
service_protocol: http
# grep -i member /etc/openstack- dashboard/ * dashboard/ local_settings. py:OPENSTACK_ KEYSTONE_ DEFAULT_ ROLE = "Member"
/etc/openstack-
And the test below still works:
Identity -> Projects -> Manage Members
*1 https:/ /github. com/openstack/ charm-openstack -dashboard/ blob/master/ hooks/horizon_ contexts. py#L126