Juju Charms Collection
glance-simplestreams-sync package

gss relies on service_host (public api) endpoints ignoring ingress-address for the identity endpoint

Bug #1786232 reported by Dmitrii Shcherbakov
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
glance-simplestreams-sync (Juju Charms Collection)
New
Undecided
Unassigned

Bug Description

ingress address provided by keystone is 10.232.6.200 (oam-space) while service_host is 10.232.45.236 (public space)

The LXD container used by GSS will only have an oam interface causing a silent connection failure as gss doesn't report anything via its status:

juju deploy cs:bionic/glance-simplestreams-sync --to lxd:4 --bind oam-space

  File "./glance-simplestreams-sync.py", line 495, in <module>
    main()
  File "./glance-simplestreams-sync.py", line 433, in main
    ksc = get_keystone_client(id_conf['api_version'])
  File "./glance-simplestreams-sync.py", line 188, in get_keystone_client
    project_id=os.environ['OS_PROJECT_ID'])
  File "/usr/lib/python2.7/dist-packages/keystoneclient/v3/client.py", line 250, in __init__
    self.authenticate()
  File "/usr/lib/python2.7/dist-packages/keystoneclient/httpclient.py", line 578, in authenticate
    resp = self.get_raw_token_from_identity_service(**kwargs)
  File "/usr/lib/python2.7/dist-packages/keystoneclient/v3/client.py", line 336, in get_raw_token_from_identity_service
    _('Authorization failed: %s') % e)
keystoneauth1.exceptions.auth.AuthorizationFailure: Authorization failed: Unable to establish connection to http://10.232.45.236:5000/v3/auth/tokens

juju run --unit glance-simplestreams-sync/1 'relation-get -r identity-service:65 - keystone/0'
admin_domain_id: 24eecdf281e544ba9d41bae91299ea5a
admin_token: Cg36p9Z2VVY8kXxpw4fqMj2mr9knGhjfBRW7gdXWGtF27Y86P6dhJYzX3RB9ffhy
api_version: "3"
auth_host: 10.232.6.200
auth_port: "35357"
auth_protocol: http
egress-subnets: 10.232.6.200/32
ingress-address: 10.232.6.200
private-address: 10.232.6.200
service_domain: service_domain
service_domain_id: 2510a9c3f8984216837e55dc3e25a344
service_host: 10.232.45.236
service_password: sKXt8VJkTwG8sxLtxLNnVjLYV4CNqW6Hcz7KdbHLTFLyyNjGH7dVJHz34fqsPbys
service_port: "5000"
service_protocol: http
service_tenant: services
service_tenant_id: 451a055f18b84f1c9b9b48e13bce754b
service_username: image-stream

Tags: cpe-onsite
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.