glance_store

Keystone v3 incompatable with keystone v2

Bug #1507610 reported by Niall Bunting
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
glance_store
Fix Released
High
Niall Bunting

Bug Description

Overview:
After an upgrade to using keystone v3 the old style of location ceases to work. This happens because it raises a 404 which in turn raises a 401. As it tries to go to the location /v2.0/auth/tokens which did not exist in v2, but rather the link is /v2.0/tokens.

How to reproduce:
Create an image with the 'old style' location. Something like this:

| locations | [{"url": "swift+http://service%3Aglance- |
| | swift:redacted@10.0.0.8:5000/v2.0/glance/2f174860-efe3-4d5a-8f73-83e7298523b8", |
| | "metadata": {}}]

Then upgrade to keystone v3. And try to run a copy-from or image-download. Such as:
glance image-download 2f174860-efe3-4d5a-8f73-83e7298523b8 --file /opt/out

Output:
Keystone v3:
sudo ngrep -W byline port 5000 -d lo
interface: lo (127.0.0.0/255.0.0.0)
filter: (ip or ip6) and ( port 5000 )
####
T 10.0.0.8:45256 -> 10.0.0.8:5000 [AP]
POST /v2.0/auth/tokens HTTP/1.1.
Host: 10.0.0.8:5000.
Content-Length: 222.
Accept-Encoding: gzip, deflate.
Accept: application/json.
User-Agent: python-keystoneclient.
Connection: keep-alive.
Content-Type: application/json.
.
{"auth": {"scope": {"project": {"domain": {"id": "default"}, "name": "service"}}, "identity": {"password": {"user": {"domain": {"id": "default"}, "password": "redacted", "name": "glance-swift"}}, "methods": ["password"]}}}
##
T 10.0.0.8:5000 -> 10.0.0.8:45256 [AP]
HTTP/1.1 404 Not Found.
Date: Mon, 19 Oct 2015 13:54:27 GMT.
Server: Apache/2.4.7 (Ubuntu).
Vary: X-Auth-Token.
x-openstack-request-id: req-c8c78196-1b77-4b4f-b0dc-8baa5144c30f.
Content-Length: 93.
Keep-Alive: timeout=5, max=100.
Connection: Keep-Alive.
Content-Type: application/json.
.
{"error": {"message": "The resource could not be found.", "code": 404, "title": "Not Found"}}

V2:
sudo ngrep -W byline port 5000 -d lo
interface: lo (127.0.0.0/255.0.0.0)
filter: (ip or ip6) and ( port 5000 )
####
T 10.0.0.8:45247 -> 10.0.0.8:5000 [AP]
POST /v2.0/tokens HTTP/1.1.
Host: 10.0.0.8:5000.
Content-Length: 112.
Accept-Encoding: gzip, deflate.
Accept: application/json.
User-Agent: python-keystoneclient.
Connection: keep-alive.
Content-Type: application/json.
.
{"auth": {"tenantName": "service", "passwordCredentials": {"username": "glance-swift", "password": "redacted"}}}
##
T 10.0.0.8:5000 -> 10.0.0.8:45247 [AP]
HTTP/1.1 200 OK.
Date: Mon, 19 Oct 2015 13:53:42 GMT.
Server: Apache/2.4.7 (Ubuntu).
Vary: X-Auth-Token.
x-openstack-request-id: req-cb538a90-5134-476d-b789-27fcf0576ad8.
Content-Length: 3407.
Keep-Alive: timeout=5, max=100.
Connection: Keep-Alive.
Content-Type: application/json.

Niall Bunting (niall-bunting)
Changed in glance:
assignee: nobody → Niall Bunting (niall-bunting)
Niall Bunting (niall-bunting)
affects: glance → glance-store
Revision history for this message
Niall Bunting (niall-bunting) wrote :

https://review.openstack.org/#/c/238074/

Changed in glance-store:
status: New → In Progress
Revision history for this message
Niall Bunting (niall-bunting) wrote :

It seems this is not a bug people are really up for fixing, and would rather have it always read from the config. See: http://lists.openstack.org/pipermail/openstack-dev/2015-December/081278.html

Kairat Kushaev (kkushaev)
Changed in glance-store:
importance: Undecided → High
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on glance_store (master)

Change abandoned by Niall Bunting (<email address hidden>) on branch: master
Review: https://review.openstack.org/238074
Reason: Kairat has an alternative review.

Revision history for this message
Ian Cordasco (icordasc) wrote :

I believe this is fixed by the change to keystoneauth1.

Changed in glance-store:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.