Not able to authenticate with keystone

Bug #1911424 reported by Arif Ali
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Manila Charm
Low
Gustavo Sanchez
OpenStack Manila Generic Backend Charm
Low
Gustavo Sanchez

Bug Description

Hi all,

Deployed a simple cloud with manila-generic for testing, and ran into Keystone authentication errors

On the manila/manila-generic unit in the /var/log/manila/manila-share.log, we get the following error, with this backtrace https://paste.ubuntu.com/p/RjpXmP94D3/

ERROR manila.share.manager Unauthorized: The request you have made requires authentication.

The keystone logs showed the following warning

(keystone.auth.core): 2021-01-12 15:57:09,813 WARNING Could not find domain: default.

In /etc/manila/manila.conf we see that both project_domain_id and user_domain_id are set to default, as shown below, however, I think this should be project_domain_name and user_domain_name respectively

~~~

[nova]
username = manila_manilav2
password = zrSm9x29TL4MYZNdwrwrKNGnSWhspcSKc9cGtNZsxNcNwf5YYLwCKCCkYVpNdhRp
project_domain_id = default
project_name = services
user_domain_id = default
auth_uri = http://10.0.1.224:5000
auth_url = http://10.0.1.224:35357
auth_type = password

[neutron]
username = manila_manilav2
password = zrSm9x29TL4MYZNdwrwrKNGnSWhspcSKc9cGtNZsxNcNwf5YYLwCKCCkYVpNdhRp
project_domain_id = default
project_name = services
user_domain_id = default
auth_uri = http://10.0.1.224:5000
auth_url = http://10.0.1.224:35357
auth_type = password

[cinder]
username = manila_manilav2
password = zrSm9x29TL4MYZNdwrwrKNGnSWhspcSKc9cGtNZsxNcNwf5YYLwCKCCkYVpNdhRp
project_domain_id = default
project_name = services
user_domain_id = default
auth_uri = http://10.0.1.224:5000
auth_url = http://10.0.1.224:35357
auth_type = password

~~~

I see that we are grabbing the id in the template as shown here https://github.com/openstack/charm-manila-generic/blob/master/src/templates/mitaka/manila.conf#L27

And in the corresponding line in charm-manila is at https://github.com/openstack/charm-manila/blob/master/src/reactive/manila_handlers.py#L76

Now it could be that in most installations you will have an ID of default, but it seems with at least in my environment I had the following and hence failing

$ openstack domain list
+----------------------------------+----------------+---------+-----------------+
| ID | Name | Enabled | Description |
+----------------------------------+----------------+---------+-----------------+
| 556d1f80b7ce4ef0af3c8fef0877d157 | admin_domain | True | Created by Juju |
| 6e1e018e8aa748beaf3e697182a3ef6a | default | True | Created by Juju |
| fad5b51664d34cf3b7d513f99fcc3d35 | service_domain | True | Created by Juju |
+----------------------------------+----------------+---------+-----------------+

I worked around this issue in my test environment by stopping the jujud daemons for both manila and manila-generic charm, and replaced project_domain_id and user_domain_id with project_domain_name and user_domain_name respectively, and restarted all the manila deamons

Revision history for this message
Alex Kavanagh (ajkavanagh) wrote :

Hi Arif

Thanks for the bug report.

Please note that manila-generic is a testing charm only and is not for production use in ANY form. Therefore, occasionally, it may not be up to date with the rest of the charms.

Please could you provide a few more details:

Juju version
Ubuntu version
Charm versions (stable or next or specific version) of keystone, manila, manila-generic
Openstack version
Config for manila
config for keystone

Was the model stable // without errors?

Many thanks.

Changed in charm-manila-generic:
status: New → Incomplete
Revision history for this message
Arif Ali (arif-ali) wrote :

juju version: 2.8.7
Ubuntu: bionic
OpenStack: queens

First tested with manila-20 and manila-generic-24, then upgraded to latest charms for these, and had the same problem.

Here is my export-bundle https://paste.ubuntu.com/p/CvrzkmgFXD/

Understood about the manila-generic charm being test, and was only testing :). I wanted to ensure that the charm-manila was working as expected for a customer, and found this particular issue.

I think the issue is mainly around https://github.com/openstack/charm-manila/blob/master/src/reactive/manila_handlers.py#L76, and whether that should be user_domain_id or user_domain_name, or we have both available as variables to be used for other backend charms?

The model was stable and without errors

Revision history for this message
Arif Ali (arif-ali) wrote :

OK, testing this now on stein, we do in-fact get an ID of default, so makes sense from that perspective, and the name is Default instead of default, and hence will work out of the box for stein and onwards it seems.

Would it be better to get the ID of the default domain directly from keystone rather than being hardcoded in the manila charm?

Revision history for this message
Alex Kavanagh (ajkavanagh) wrote :

> Would it be better to get the ID of the default domain directly from keystone rather than being hardcoded in the manila charm?

Yes, that would be useful. In theory manila can be used without a plugin, but I'm not sure if the manila-charm is setup to do that. It's really designed to be used with ganesha but I release that you are looking at a solution on bionic-queens.

tags: added: onboarding
Changed in charm-manila-generic:
status: Incomplete → Triaged
importance: Undecided → Low
tags: added: good-first-bug
removed: onboarding
Changed in charm-manila-generic:
assignee: nobody → Gustavo Sanchez (gustavosr98)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-manila-generic (master)
Changed in charm-manila-generic:
status: Triaged → In Progress
Changed in charm-manila:
status: New → In Progress
importance: Undecided → Low
assignee: nobody → Gustavo Sanchez (gustavosr98)
Revision history for this message
Aurelien Lourot (aurelien-lourot) wrote :
Changed in charm-manila:
status: In Progress → Fix Committed
Changed in charm-manila-generic:
status: In Progress → Fix Committed
Changed in charm-manila:
milestone: none → 21.10
Changed in charm-manila-generic:
milestone: none → 21.10
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-manila-generic (master)

Reviewed: https://review.opendev.org/c/openstack/charm-manila-generic/+/804537
Committed: https://opendev.org/openstack/charm-manila-generic/commit/4d80c34b81af6aa5b6eed52ec194dc9b730fbcc2
Submitter: "Zuul (22348)"
Branch: master

commit 4d80c34b81af6aa5b6eed52ec194dc9b730fbcc2
Author: Gustavo Sanchez <email address hidden>
Date: Fri Aug 13 11:54:35 2021 -0400

    Fix keystone authentication

    Changes project_domain_id and user_domain_id to *_name in manila.conf

    Add defensive mechanism to fallback to `_id` if `_name` is not set

    Closes-Bug: #1911424
    Change-Id: I6240b7b7e4590a21f034b9c70247e87ec18d867d

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-manila (master)

Reviewed: https://review.opendev.org/c/openstack/charm-manila/+/804536
Committed: https://opendev.org/openstack/charm-manila/commit/2511bce6b77f2112afd179374717243581ffc985
Submitter: "Zuul (22348)"
Branch: master

commit 2511bce6b77f2112afd179374717243581ffc985
Author: Gustavo Sanchez <email address hidden>
Date: Fri Aug 13 11:38:22 2021 -0400

    Fix keystone authentication

    Changes project_domain_id and user_domain_id to *_name in manila-plugin endpoint

    Closes-Bug: #1911424
    Change-Id: Ia289d4899e3e802197853a61e8e36b7ad87d0fd8

Changed in charm-manila-generic:
status: Fix Committed → Fix Released
Changed in charm-manila:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers