Keystone v3 incompatable with keystone v2
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
glance_store |
Fix Released
|
High
|
Niall Bunting |
Bug Description
Overview:
After an upgrade to using keystone v3 the old style of location ceases to work. This happens because it raises a 404 which in turn raises a 401. As it tries to go to the location /v2.0/auth/tokens which did not exist in v2, but rather the link is /v2.0/tokens.
How to reproduce:
Create an image with the 'old style' location. Something like this:
| locations | [{"url": "swift+http://
| | swift:redacted@
| | "metadata": {}}]
Then upgrade to keystone v3. And try to run a copy-from or image-download. Such as:
glance image-download 2f174860-
Output:
Keystone v3:
sudo ngrep -W byline port 5000 -d lo
interface: lo (127.0.
filter: (ip or ip6) and ( port 5000 )
####
T 10.0.0.8:45256 -> 10.0.0.8:5000 [AP]
POST /v2.0/auth/tokens HTTP/1.1.
Host: 10.0.0.8:5000.
Content-Length: 222.
Accept-Encoding: gzip, deflate.
Accept: application/json.
User-Agent: python-
Connection: keep-alive.
Content-Type: application/json.
.
{"auth": {"scope": {"project": {"domain": {"id": "default"}, "name": "service"}}, "identity": {"password": {"user": {"domain": {"id": "default"}, "password": "redacted", "name": "glance-swift"}}, "methods": ["password"]}}}
##
T 10.0.0.8:5000 -> 10.0.0.8:45256 [AP]
HTTP/1.1 404 Not Found.
Date: Mon, 19 Oct 2015 13:54:27 GMT.
Server: Apache/2.4.7 (Ubuntu).
Vary: X-Auth-Token.
x-openstack-
Content-Length: 93.
Keep-Alive: timeout=5, max=100.
Connection: Keep-Alive.
Content-Type: application/json.
.
{"error": {"message": "The resource could not be found.", "code": 404, "title": "Not Found"}}
V2:
sudo ngrep -W byline port 5000 -d lo
interface: lo (127.0.
filter: (ip or ip6) and ( port 5000 )
####
T 10.0.0.8:45247 -> 10.0.0.8:5000 [AP]
POST /v2.0/tokens HTTP/1.1.
Host: 10.0.0.8:5000.
Content-Length: 112.
Accept-Encoding: gzip, deflate.
Accept: application/json.
User-Agent: python-
Connection: keep-alive.
Content-Type: application/json.
.
{"auth": {"tenantName": "service", "passwordCreden
##
T 10.0.0.8:5000 -> 10.0.0.8:45247 [AP]
HTTP/1.1 200 OK.
Date: Mon, 19 Oct 2015 13:53:42 GMT.
Server: Apache/2.4.7 (Ubuntu).
Vary: X-Auth-Token.
x-openstack-
Content-Length: 3407.
Keep-Alive: timeout=5, max=100.
Connection: Keep-Alive.
Content-Type: application/json.
Changed in glance: | |
assignee: | nobody → Niall Bunting (niall-bunting) |
affects: | glance → glance-store |
Changed in glance-store: | |
importance: | Undecided → High |
https:/ /review. openstack. org/#/c/ 238074/