I changed code as follows for now.
diff --git a/heat/engine/resources/user.py b/heat/engine/resources/user.py index d14ed46..2ab4d43 100644 --- a/heat/engine/resources/user.py +++ b/heat/engine/resources/user.py @@ -135,15 +135,15 @@ class AccessKey(resource.Resource): else: try: kp = self.keystone().get_ec2_keypair(user_id) + if kp.access == self.resource_id: + self._secret = kp.secret + else: + logger.error("Unexpected ec2 keypair, for %s access %s" + (user_id, kp.access)) except Exception as ex: logger.warn('could not get secret for %s Error:%s' % (self.properties['UserName'], str(ex))) - if kp.access == self.resource_id: - self._secret = kp.secret - else: - logger.error("Unexpected ec2 keypair, for %s access %s" % - (user_id, kp.access))
return self._secret or '000-000-000'
Though 'Authorization Failed' occurred, heat-watch set-state came to be finished normally.
(engine.log) : 2012-12-06 18:50:06 DEBUG [heat.openstack.common.rpc.amqp] received {u'_context_roles': u'admin,KeystoneAdmin,KeystoneServiceAdmin', u'_msg_id': u'2d58da6b2cd0401fb80024cc8fcdbb0a', u'args': {u'state': u'ALARM', u'watch_name': u'autoscaling.MEMAlarmHigh'}, u'_context_password': None, u'_context_auth_url': u'http://127.0.0.1:5000/v2.0', u'_context_aws_auth_uri': u'http://localhost:5000/v2.0/ec2tokens', u'_context_service_tenant': u'service', u'_context_service_password': u'service', u'_context_aws_creds': u'{"ec2Credentials": {"access": "a79308023b3d48a4ac6fa9b8a5c32f33", "host": "127.0.0.1:8003", "verb": "GET", "params": {"SignatureVersion": "2", "AWSAccessKeyId": "a79308023b3d48a4ac6fa9b8a5c32f33", "StateValue": "ALARM", "Version": "2010-08-01", "Timestamp": "2012-12-06T09:50:05Z", "StateReason": "", "SignatureMethod": "HmacSHA256", "AlarmName": "autoscaling.MEMAlarmHigh", "Action": "SetAlarmState"}, "signature": "VqvXaeqgsWM/vsJ+JG5uC26Gy2vKm6+P9ru+/BgrEz0=", "path": "/v1/"}}', u'_context_service_user': u'heat', u'_context_tenant': u'admin', u'_context_auth_token': '<SANITIZED>', u'_context_is_admin': True, u'version': u'1.0', u'_context_tenant_id': u'db2e96b25cbf4bedbe3d456565fc9606', u'method': u'set_watch_state', u'_context_username': None} 2012-12-06 18:50:06 DEBUG [heat.openstack.common.rpc.amqp] unpacked context: {'username': None, 'service_user': u'heat', 'service_tenant': u'service', 'roles': u'admin,KeystoneAdmin,KeystoneServiceAdmin', 'aws_auth_uri': u'http://localhost:5000/v2.0/ec2tokens', 'tenant_id': u'db2e96b25cbf4bedbe3d456565fc9606', 'auth_token': '<SANITIZED>', 'service_password': u'service', 'auth_url': u'http://127.0.0.1:5000/v2.0', 'is_admin': True, 'password': None, 'aws_creds': u'{"ec2Credentials": {"access": "a79308023b3d48a4ac6fa9b8a5c32f33", "host": "127.0.0.1:8003", "verb": "GET", "params": {"SignatureVersion": "2", "AWSAccessKeyId": "a79308023b3d48a4ac6fa9b8a5c32f33", "StateValue": "ALARM", "Version": "2010-08-01", "Timestamp": "2012-12-06T09:50:05Z", "StateReason": "", "SignatureMethod": "HmacSHA256", "AlarmName": "autoscaling.MEMAlarmHigh", "Action": "SetAlarmState"}, "signature": "VqvXaeqgsWM/vsJ+JG5uC26Gy2vKm6+P9ru+/BgrEz0=", "path": "/v1/"}}', 'tenant': u'admin'} 2012-12-06 18:50:06 WARNING [heat.engine.watchrule] WATCH: stack:0f9cf00c-e921-4653-949b-9ce222c52180, watch_name:autoscaling.MEMAlarmHigh ALARM 2012-12-06 18:50:06 DEBUG [heat.engine.watchrule] Overriding state NODATA for watch autoscaling.MEMAlarmHigh with ALARM 2012-12-06 18:50:06 DEBUG [heat.openstack.common.rpc.amqp] Pool creating new connection 2012-12-06 18:50:06 INFO [heat.engine.resources.autoscaling] WebServerScaleUpPolicy Alarm, adjusting Group WebServerGroup by 1 2012-12-06 18:50:06 DEBUG [heat.engine.resources.autoscaling] adjusting capacity from 2 to 3 2012-12-06 18:50:06 INFO [heat.engine.resource] creating Instance "WebServerGroup-2" 2012-12-06 18:50:06 DEBUG [amqplib] Start from server, version: 8.0, properties: {u'information': 'Licensed under the MPL. See http://www.rabbitmq.com/', u'product': 'RabbitMQ', u'copyright': 'Copyright (C) 2007-2011 VMware, Inc.', u'capabilities': {}, u'platform': 'Erlang/OTP', u'version': '2.7.1'}, mechanisms: ['PLAIN', 'AMQPLAIN'], locales: ['en_US'] 2012-12-06 18:50:06 DEBUG [keystoneclient.client] Request returned failure status: 401 2012-12-06 18:50:06 DEBUG [keystoneclient.v2_0.client] Authorization Failed. 2012-12-06 18:50:06 WARNING [heat.engine.resources.user] could not get secret for autoscaling.CfnUser Error:Unable to communicate with identity service: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Not Authorized"}}. (HTTP 401) 2012-12-06 18:50:06 INFO [heat.engine.resources.user] autoscaling.WebServerKeys.GetAtt(SecretAccessKey) == <SANITIZED> 2012-12-06 18:50:06 DEBUG [amqplib] Open OK! known_hosts [] 2012-12-06 18:50:06 DEBUG [amqplib] using channel_id: 1 2012-12-06 18:50:06 DEBUG [amqplib] Channel open 2012-12-06 18:50:06 INFO [heat.openstack.common.rpc.common] Connected to AMQP server on localhost:5672 2012-12-06 18:50:06 DEBUG [amqplib] Closed channel #1 2012-12-06 18:50:06 DEBUG [amqplib] using channel_id: 1 2012-12-06 18:50:06 DEBUG [amqplib] Channel open 2012-12-06 18:50:06 DEBUG [novaclient.client] Using Endpoint URL: http://127.0.0.1:35357/v2.0/tokens/d954951bcba0437db5307d09da8a0224?belongsTo=db2e96b25cbf4bedbe3d456565fc9606 2012-12-06 18:50:06 DEBUG [amqplib] Closed channel #1 2012-12-06 18:50:06 DEBUG [amqplib] using channel_id: 1 2012-12-06 18:50:06 DEBUG [amqplib] Channel open 2012-12-06 18:50:27 DEBUG [heat.engine.resources.loadbalancer] haproxy server:192.168.0.5 2012-12-06 18:50:27 WARNING [heat.engine.resources.loadbalancer] Instance (WebServerGroup-1) not found: The resource could not be found. (HTTP 404) (Request-ID: req-47df1d53-296c-401f-a00a-2ff2ff3ade14) 2012-12-06 18:50:27 DEBUG [heat.engine.resources.loadbalancer] haproxy server:0.0.0.0 2012-12-06 18:50:27 DEBUG [heat.engine.resources.loadbalancer] haproxy server:192.168.0.6
I changed code as follows for now.
diff --git a/heat/ engine/ resources/ user.py b/heat/ engine/ resources/ user.py engine/ resources/ user.py engine/ resources/ user.py resource. Resource) :
try:
kp = self.keystone( ).get_ec2_ keypair( user_id) error(" Unexpected ec2 keypair, for %s access %s"
except Exception as ex:
logger. warn('could not get secret for %s Error:%s' %
(self. properties[ 'UserName' ],
str( ex))) error(" Unexpected ec2 keypair, for %s access %s" %
index d14ed46..2ab4d43 100644
--- a/heat/
+++ b/heat/
@@ -135,15 +135,15 @@ class AccessKey(
else:
+ if kp.access == self.resource_id:
+ self._secret = kp.secret
+ else:
+ logger.
+ (user_id, kp.access))
- if kp.access == self.resource_id:
- self._secret = kp.secret
- else:
- logger.
- (user_id, kp.access))
return self._secret or '000-000-000'
Though 'Authorization Failed' occurred, heat-watch set-state came to be finished normally.
(engine.log) .common. rpc.amqp] received {u'_context_roles': u'admin, KeystoneAdmin, KeystoneService Admin', u'_msg_id': u'2d58da6b2cd04 01fb80024cc8fcd bb0a', u'args': {u'state': u'ALARM', u'watch_name': u'autoscaling. MEMAlarmHigh' }, u'_context_ password' : None, u'_context_ auth_url' : u'http:// 127.0.0. 1:5000/ v2.0', u'_context_ aws_auth_ uri': u'http:// localhost: 5000/v2. 0/ec2tokens', u'_context_ service_ tenant' : u'service', u'_context_ service_ password' : u'service', u'_context_ aws_creds' : u'{"ec2Credenti als": {"access": "a79308023b3d48 a4ac6fa9b8a5c32 f33", "host": "127.0.0.1:8003", "verb": "GET", "params": {"SignatureVers ion": "2", "AWSAccessKeyId": "a79308023b3d48 a4ac6fa9b8a5c32 f33", "StateValue": "ALARM", "Version": "2010-08-01", "Timestamp": "2012-12- 06T09:50: 05Z", "StateReason": "", "SignatureMethod": "HmacSHA256", "AlarmName": "autoscaling. MEMAlarmHigh" , "Action": "SetAlarmState"}, "signature": "VqvXaeqgsWM/ vsJ+JG5uC26Gy2v Km6+P9ru+ /BgrEz0= ", "path": "/v1/"}}', u'_context_ service_ user': u'heat', u'_context_tenant': u'admin', u'_context_ auth_token' : '<SANITIZED>', u'_context_ is_admin' : True, u'version': u'1.0', u'_context_ tenant_ id': u'db2e96b25cbf4 bedbe3d456565fc 9606', u'method': u'set_watch_state', u'_context_ username' : None} .common. rpc.amqp] unpacked context: {'username': None, 'service_user': u'heat', 'service_tenant': u'service', 'roles': u'admin, KeystoneAdmin, KeystoneService Admin', 'aws_auth_uri': u'http:// localhost: 5000/v2. 0/ec2tokens', 'tenant_id': u'db2e96b25cbf4 bedbe3d456565fc 9606', 'auth_token': '<SANITIZED>', 'service_password': u'service', 'auth_url': u'http:// 127.0.0. 1:5000/ v2.0', 'is_admin': True, 'password': None, 'aws_creds': u'{"ec2Credenti als": {"access": "a79308023b3d48 a4ac6fa9b8a5c32 f33", "host": "127.0.0.1:8003", "verb": "GET", "params": {"SignatureVers ion": "2", "AWSAccessKeyId": "a79308023b3d48 a4ac6fa9b8a5c32 f33", "StateValue": "ALARM", "Version": "2010-08-01", "Timestamp": "2012-12- 06T09:50: 05Z", "StateReason": "", "SignatureMethod": "HmacSHA256", "AlarmName": "autoscaling. MEMAlarmHigh" , "Action": "SetAlarmState"}, "signature": "VqvXaeqgsWM/ vsJ+JG5uC26Gy2v Km6+P9ru+ /BgrEz0= ", "path": "/v1/"}}', 'tenant': u'admin'} watchrule] WATCH: stack:0f9cf00c- e921-4653- 949b-9ce222c521 80, watch_name: autoscaling. MEMAlarmHigh ALARM watchrule] Overriding state NODATA for watch autoscaling. MEMAlarmHigh with ALARM .common. rpc.amqp] Pool creating new connection resources. autoscaling] WebServerScaleU pPolicy Alarm, adjusting Group WebServerGroup by 1 resources. autoscaling] adjusting capacity from 2 to 3 resource] creating Instance "WebServerGroup-2" www.rabbitmq. com/', u'product': 'RabbitMQ', u'copyright': 'Copyright (C) 2007-2011 VMware, Inc.', u'capabilities': {}, u'platform': 'Erlang/OTP', u'version': '2.7.1'}, mechanisms: ['PLAIN', 'AMQPLAIN'], locales: ['en_US'] .client] Request returned failure status: 401 .v2_0.client] Authorization Failed. resources. user] could not get secret for autoscaling.CfnUser Error:Unable to communicate with identity service: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Not Authorized"}}. (HTTP 401) resources. user] autoscaling. WebServerKeys. GetAtt( SecretAccessKey ) == <SANITIZED> .common. rpc.common] Connected to AMQP server on localhost:5672 127.0.0. 1:35357/ v2.0/tokens/ d954951bcba0437 db5307d09da8a02 24?belongsTo= db2e96b25cbf4be dbe3d456565fc96 06 resources. loadbalancer] haproxy server:192.168.0.5 resources. loadbalancer] Instance (WebServerGroup-1) not found: The resource could not be found. (HTTP 404) (Request-ID: req-47df1d53- 296c-401f- a00a-2ff2ff3ade 14) resources. loadbalancer] haproxy server:0.0.0.0 resources. loadbalancer] haproxy server:192.168.0.6
:
2012-12-06 18:50:06 DEBUG [heat.openstack
2012-12-06 18:50:06 DEBUG [heat.openstack
2012-12-06 18:50:06 WARNING [heat.engine.
2012-12-06 18:50:06 DEBUG [heat.engine.
2012-12-06 18:50:06 DEBUG [heat.openstack
2012-12-06 18:50:06 INFO [heat.engine.
2012-12-06 18:50:06 DEBUG [heat.engine.
2012-12-06 18:50:06 INFO [heat.engine.
2012-12-06 18:50:06 DEBUG [amqplib] Start from server, version: 8.0, properties: {u'information': 'Licensed under the MPL. See http://
2012-12-06 18:50:06 DEBUG [keystoneclient
2012-12-06 18:50:06 DEBUG [keystoneclient
2012-12-06 18:50:06 WARNING [heat.engine.
2012-12-06 18:50:06 INFO [heat.engine.
2012-12-06 18:50:06 DEBUG [amqplib] Open OK! known_hosts []
2012-12-06 18:50:06 DEBUG [amqplib] using channel_id: 1
2012-12-06 18:50:06 DEBUG [amqplib] Channel open
2012-12-06 18:50:06 INFO [heat.openstack
2012-12-06 18:50:06 DEBUG [amqplib] Closed channel #1
2012-12-06 18:50:06 DEBUG [amqplib] using channel_id: 1
2012-12-06 18:50:06 DEBUG [amqplib] Channel open
2012-12-06 18:50:06 DEBUG [novaclient.client] Using Endpoint URL: http://
2012-12-06 18:50:06 DEBUG [amqplib] Closed channel #1
2012-12-06 18:50:06 DEBUG [amqplib] using channel_id: 1
2012-12-06 18:50:06 DEBUG [amqplib] Channel open
2012-12-06 18:50:27 DEBUG [heat.engine.
2012-12-06 18:50:27 WARNING [heat.engine.
2012-12-06 18:50:27 DEBUG [heat.engine.
2012-12-06 18:50:27 DEBUG [heat.engine.