OpenStack Heat

Bug #1087527
Comment #1

Comment 1 for bug 1087527

Revision history for this message

Masashi Nakamichi (mnakamichi) wrote on 2012-12-07:

I changed code as follows for now.

diff --git a/heat/engine/resources/user.py b/heat/engine/resources/user.py
index d14ed46..2ab4d43 100644
--- a/heat/engine/resources/user.py
+++ b/heat/engine/resources/user.py
@@ -135,15 +135,15 @@ class AccessKey(resource.Resource):
             else:
                 try:
                     kp = self.keystone().get_ec2_keypair(user_id)
+ if kp.access == self.resource_id:
+ self._secret = kp.secret
+ else:
+ logger.error("Unexpected ec2 keypair, for %s access %s"
+ (user_id, kp.access))
                 except Exception as ex:
                     logger.warn('could not get secret for %s Error:%s' %
                                 (self.properties['UserName'],
                                  str(ex)))
- if kp.access == self.resource_id:
- self._secret = kp.secret
- else:
- logger.error("Unexpected ec2 keypair, for %s access %s" %
- (user_id, kp.access))

return self._secret or '000-000-000'

Though 'Authorization Failed' occurred, heat-watch set-state came to be finished normally.

(engine.log)
:
2012-12-06 18:50:06 2012-12-06 18:50:06 2012-12-06 18:50:06 2012-12-06 18:50:06 2012-12-06 18:50:06 2012-12-06 18:50:06 2012-12-06 18:50:06 2012-12-06 18:50:06 2012-12-06 18:50:06 2012-12-06 18:50:06 2012-12-06 18:50:06 2012-12-06 18:50:06 2012-12-06 18:50:06 2012-12-06 18:50:06 2012-12-06 18:50:06 2012-12-06 18:50:06 2012-12-06 18:50:06 2012-12-06 18:50:06 2012-12-06 18:50:06 2012-12-06 18:50:06 2012-12-06 18:50:06 2012-12-06 18:50:06 2012-12-06 18:50:06 2012-12-06 18:50:06 2012-12-06 18:50:27 2012-12-06 18:50:27 2012-12-06 18:50:27 2012-12-06 18:50:27 DEBUG [heat.openstack.common.rpc.amqp] received {u'_context_roles': u'admin,KeystoneAdmin,KeystoneServiceAdmin', u'_msg_id': u'2d58da6b2cd0401fb80024cc8fcdbb0a', u'args': {u'state': u'ALARM', u'watch_name': u'autoscaling.MEMAlarmHigh'}, u'_context_password': None, u'_context_auth_url': u'http://127.0.0.1:5000/v2.0', u'_context_aws_auth_uri': u'http://localhost:5000/v2.0/ec2tokens', u'_context_service_tenant': u'service', u'_context_service_password': u'service', u'_context_aws_creds': u'{"ec2Credentials": {"access": "a79308023b3d48a4ac6fa9b8a5c32f33", "host": "127.0.0.1:8003", "verb": "GET", "params": {"SignatureVersion": "2", "AWSAccessKeyId": "a79308023b3d48a4ac6fa9b8a5c32f33", "StateValue": "ALARM", "Version": "2010-08-01", "Timestamp": "2012-12-06T09:50:05Z", "StateReason": "", "SignatureMethod": "HmacSHA256", "AlarmName": "autoscaling.MEMAlarmHigh", "Action": "SetAlarmState"}, "signature": "VqvXaeqgsWM/vsJ+JG5uC26Gy2vKm6+P9ru+/BgrEz0=", "path": "/v1/"}}', u'_context_service_user': u'heat', u'_context_tenant': u'admin', u'_context_auth_token': '<SANITIZED>', u'_context_is_admin': True, u'version': u'1.0', u'_context_tenant_id': u'db2e96b25cbf4bedbe3d456565fc9606', u'method': u'set_watch_state', u'_context_username': None}
DEBUG [heat.openstack.common.rpc.amqp] unpacked context: {'username': None, 'service_user': u'heat', 'service_tenant': u'service', 'roles': u'admin,KeystoneAdmin,KeystoneServiceAdmin', 'aws_auth_uri': u'http://localhost:5000/v2.0/ec2tokens', 'tenant_id': u'db2e96b25cbf4bedbe3d456565fc9606', 'auth_token': '<SANITIZED>', 'service_password': u'service', 'auth_url': u'http://127.0.0.1:5000/v2.0', 'is_admin': True, 'password': None, 'aws_creds': u'{"ec2Credentials": {"access": "a79308023b3d48a4ac6fa9b8a5c32f33", "host": "127.0.0.1:8003", "verb": "GET", "params": {"SignatureVersion": "2", "AWSAccessKeyId": "a79308023b3d48a4ac6fa9b8a5c32f33", "StateValue": "ALARM", "Version": "2010-08-01", "Timestamp": "2012-12-06T09:50:05Z", "StateReason": "", "SignatureMethod": "HmacSHA256", "AlarmName": "autoscaling.MEMAlarmHigh", "Action": "SetAlarmState"}, "signature": "VqvXaeqgsWM/vsJ+JG5uC26Gy2vKm6+P9ru+/BgrEz0=", "path": "/v1/"}}', 'tenant': u'admin'}
WARNING [heat.engine.watchrule] WATCH: stack:0f9cf00c-e921-4653-949b-9ce222c52180, watch_name:autoscaling.MEMAlarmHigh ALARM
DEBUG [heat.engine.watchrule] Overriding state NODATA for watch autoscaling.MEMAlarmHigh with ALARM
DEBUG [heat.openstack.common.rpc.amqp] Pool creating new connection
INFO [heat.engine.resources.autoscaling] WebServerScaleUpPolicy Alarm, adjusting Group WebServerGroup by 1
DEBUG [heat.engine.resources.autoscaling] adjusting capacity from 2 to 3
INFO [heat.engine.resource] creating Instance "WebServerGroup-2"
DEBUG [amqplib] Start from server, version: 8.0, properties: {u'information': 'Licensed under the MPL. See http://www.rabbitmq.com/', u'product': 'RabbitMQ', u'copyright': 'Copyright (C) 2007-2011 VMware, Inc.', u'capabilities': {}, u'platform': 'Erlang/OTP', u'version': '2.7.1'}, mechanisms: ['PLAIN', 'AMQPLAIN'], locales: ['en_US']
DEBUG [keystoneclient.client] Request returned failure status: 401
DEBUG [keystoneclient.v2_0.client] Authorization Failed.
WARNING [heat.engine.resources.user] could not get secret for autoscaling.CfnUser Error:Unable to communicate with identity service: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Not Authorized"}}. (HTTP 401)
INFO [heat.engine.resources.user] autoscaling.WebServerKeys.GetAtt(SecretAccessKey) == <SANITIZED>
DEBUG [amqplib] Open OK! known_hosts []
DEBUG [amqplib] using channel_id: 1
DEBUG [amqplib] Channel open
INFO [heat.openstack.common.rpc.common] Connected to AMQP server on localhost:5672
DEBUG [amqplib] Closed channel #1
DEBUG [amqplib] using channel_id: 1
DEBUG [amqplib] Channel open
DEBUG [novaclient.client] Using Endpoint URL: http://127.0.0.1:35357/v2.0/tokens/d954951bcba0437db5307d09da8a0224?belongsTo=db2e96b25cbf4bedbe3d456565fc9606
DEBUG [amqplib] Closed channel #1
DEBUG [amqplib] using channel_id: 1
DEBUG [amqplib] Channel open
DEBUG [heat.engine.resources.loadbalancer] haproxy server:192.168.0.5
WARNING [heat.engine.resources.loadbalancer] Instance (WebServerGroup-1) not found: The resource could not be found. (HTTP 404) (Request-ID: req-47df1d53-296c-401f-a00a-2ff2ff3ade14)
DEBUG [heat.engine.resources.loadbalancer] haproxy server:0.0.0.0
DEBUG [heat.engine.resources.loadbalancer] haproxy server:192.168.0.6

I changed code as follows for now.

diff --git a/heat/engine/resources/user.py b/heat/engine/resources/user.py
index d14ed46..2ab4d43 100644
--- a/heat/engine/resources/user.py
+++ b/heat/engine/resources/user.py
@@ -135,15 +135,15 @@ class AccessKey(resource.Resource):
             else:
                 try:
                     kp = self.keystone().get_ec2_keypair(user_id)
+                    if kp.access == self.resource_id:
+                        self._secret = kp.secret
+                    else:
+                        logger.error("Unexpected ec2 keypair, for %s access %s"
+                                     (user_id, kp.access))
                 except Exception as ex:
                     logger.warn('could not get secret for %s Error:%s' %
                                 (self.properties['UserName'],
                                  str(ex)))
-                if kp.access == self.resource_id:
-                    self._secret = kp.secret
-                else:
-                    logger.error("Unexpected ec2 keypair, for %s access %s" %
-                                 (user_id, kp.access))

return self._secret or '000-000-000'

Though 'Authorization Failed' occurred, heat-watch set-state came to be finished normally.

(engine.log)
    :
2012-12-06 18:50:06    DEBUG [heat.openstack.common.rpc.amqp] received {u'_context_roles': u'admin,KeystoneAdmin,KeystoneServiceAdmin', u'_msg_id': u'2d58da6b2cd0401fb80024cc8fcdbb0a', u'args': {u'state': u'ALARM', u'watch_name': u'autoscaling.MEMAlarmHigh'}, u'_context_password': None, u'_context_auth_url': u'http://127.0.0.1:5000/v2.0', u'_context_aws_auth_uri': u'http://localhost:5000/v2.0/ec2tokens', u'_context_service_tenant': u'service', u'_context_service_password': u'service', u'_context_aws_creds': u'{"ec2Credentials": {"access": "a79308023b3d48a4ac6fa9b8a5c32f33", "host": "127.0.0.1:8003", "verb": "GET", "params": {"SignatureVersion": "2", "AWSAccessKeyId": "a79308023b3d48a4ac6fa9b8a5c32f33", "StateValue": "ALARM", "Version": "2010-08-01", "Timestamp": "2012-12-06T09:50:05Z", "StateReason": "", "SignatureMethod": "HmacSHA256", "AlarmName": "autoscaling.MEMAlarmHigh", "Action": "SetAlarmState"}, "signature": "VqvXaeqgsWM/vsJ+JG5uC26Gy2vKm6+P9ru+/BgrEz0=", "path": "/v1/"}}', u'_context_service_user': u'heat', u'_context_tenant': u'admin', u'_context_auth_token': '<SANITIZED>', u'_context_is_admin': True, u'version': u'1.0', u'_context_tenant_id': u'db2e96b25cbf4bedbe3d456565fc9606', u'method': u'set_watch_state', u'_context_username': None}
2012-12-06 18:50:06    DEBUG [heat.openstack.common.rpc.amqp] unpacked context: {'username': None, 'service_user': u'heat', 'service_tenant': u'service', 'roles': u'admin,KeystoneAdmin,KeystoneServiceAdmin', 'aws_auth_uri': u'http://localhost:5000/v2.0/ec2tokens', 'tenant_id': u'db2e96b25cbf4bedbe3d456565fc9606', 'auth_token': '<SANITIZED>', 'service_password': u'service', 'auth_url': u'http://127.0.0.1:5000/v2.0', 'is_admin': True, 'password': None, 'aws_creds': u'{"ec2Credentials": {"access": "a79308023b3d48a4ac6fa9b8a5c32f33", "host": "127.0.0.1:8003", "verb": "GET", "params": {"SignatureVersion": "2", "AWSAccessKeyId": "a79308023b3d48a4ac6fa9b8a5c32f33", "StateValue": "ALARM", "Version": "2010-08-01", "Timestamp": "2012-12-06T09:50:05Z", "StateReason": "", "SignatureMethod": "HmacSHA256", "AlarmName": "autoscaling.MEMAlarmHigh", "Action": "SetAlarmState"}, "signature": "VqvXaeqgsWM/vsJ+JG5uC26Gy2vKm6+P9ru+/BgrEz0=", "path": "/v1/"}}', 'tenant': u'admin'}
2012-12-06 18:50:06  WARNING [heat.engine.watchrule] WATCH: stack:0f9cf00c-e921-4653-949b-9ce222c52180, watch_name:autoscaling.MEMAlarmHigh ALARM
2012-12-06 18:50:06    DEBUG [heat.engine.watchrule] Overriding state NODATA for watch autoscaling.MEMAlarmHigh with ALARM
2012-12-06 18:50:06    DEBUG [heat.openstack.common.rpc.amqp] Pool creating new connection
2012-12-06 18:50:06     INFO [heat.engine.resources.autoscaling] WebServerScaleUpPolicy Alarm, adjusting Group WebServerGroup by 1
2012-12-06 18:50:06    DEBUG [heat.engine.resources.autoscaling] adjusting capacity from 2 to 3
2012-12-06 18:50:06     INFO [heat.engine.resource] creating Instance "WebServerGroup-2" 
2012-12-06 18:50:06    DEBUG [amqplib] Start from server, version: 8.0, properties: {u'information': 'Licensed under the MPL.  See http://www.rabbitmq.com/', u'product': 'RabbitMQ', u'copyright': 'Copyright (C) 2007-2011 VMware, Inc.', u'capabilities': {}, u'platform': 'Erlang/OTP', u'version': '2.7.1'}, mechanisms: ['PLAIN', 'AMQPLAIN'], locales: ['en_US']
2012-12-06 18:50:06    DEBUG [keystoneclient.client] Request returned failure status: 401
2012-12-06 18:50:06    DEBUG [keystoneclient.v2_0.client] Authorization Failed.
2012-12-06 18:50:06  WARNING [heat.engine.resources.user] could not get secret for autoscaling.CfnUser Error:Unable to communicate with identity service: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Not Authorized"}}. (HTTP 401)
2012-12-06 18:50:06     INFO [heat.engine.resources.user] autoscaling.WebServerKeys.GetAtt(SecretAccessKey) == <SANITIZED>
2012-12-06 18:50:06    DEBUG [amqplib] Open OK! known_hosts []
2012-12-06 18:50:06    DEBUG [amqplib] using channel_id: 1
2012-12-06 18:50:06    DEBUG [amqplib] Channel open
2012-12-06 18:50:06     INFO [heat.openstack.common.rpc.common] Connected to AMQP server on localhost:5672
2012-12-06 18:50:06    DEBUG [amqplib] Closed channel #1
2012-12-06 18:50:06    DEBUG [amqplib] using channel_id: 1
2012-12-06 18:50:06    DEBUG [amqplib] Channel open
2012-12-06 18:50:06    DEBUG [novaclient.client] Using Endpoint URL: http://127.0.0.1:35357/v2.0/tokens/d954951bcba0437db5307d09da8a0224?belongsTo=db2e96b25cbf4bedbe3d456565fc9606
2012-12-06 18:50:06    DEBUG [amqplib] Closed channel #1
2012-12-06 18:50:06    DEBUG [amqplib] using channel_id: 1
2012-12-06 18:50:06    DEBUG [amqplib] Channel open
2012-12-06 18:50:27    DEBUG [heat.engine.resources.loadbalancer] haproxy server:192.168.0.5
2012-12-06 18:50:27  WARNING [heat.engine.resources.loadbalancer] Instance (WebServerGroup-1) not found: The resource could not be found. (HTTP 404) (Request-ID: req-47df1d53-296c-401f-a00a-2ff2ff3ade14)
2012-12-06 18:50:27    DEBUG [heat.engine.resources.loadbalancer] haproxy server:0.0.0.0
2012-12-06 18:50:27    DEBUG [heat.engine.resources.loadbalancer] haproxy server:192.168.0.6