OpenStack Heat

Resource group with a nested wait condition handle fails on create

Bug #1402894 reported by Miguel Grinberg
18
This bug affects 4 people
Affects Status Importance Assigned to Milestone
OpenStack Heat
Fix Released
Medium
Miguel Grinberg
OpenStack Heat 2015.1.0 "kilo"
Juno
Fix Released
High
Steven Hardy
OpenStack Heat 2014.2.4

Bug Description

I'm launching a template that includes a ResourceGroup that points to a nested template. The nested template includes a wait condition handle resource, among other things. If the name of the wait condition handle resource is too long, then the creation of the resource group fails.

The log points out the problem clearly:

2014-12-16 02:51:34.276 WARNING heat.common.keystoneclient [-] Truncating the username blah3-cluster-d3wjowmze6mh-1-arutohsvjpqb-wait_condition_handle-coov3oce6jhx to the last 64 characters.

...

2014-12-16 02:51:34.381 INFO heat.engine.resource [-] CREATE: HeatWaitConditionHandle "wait_condition_handle" [f8d5816146344bcba8e2539f09a73da1] Stack "blah3-cluster-d3wjowmze6mh-1-arutohsvjpqb" [63b36781-7287-482c-ae30-196d86da0433]
2014-12-16 02:51:34.381 TRACE heat.engine.resource Traceback (most recent call last):
2014-12-16 02:51:34.381 TRACE heat.engine.resource File "/opt/stack/heat/heat/engine/resource.py", line 459, in _action_recorder
2014-12-16 02:51:34.381 TRACE heat.engine.resource yield
2014-12-16 02:51:34.381 TRACE heat.engine.resource File "/opt/stack/heat/heat/engine/resource.py", line 529, in _do_action
2014-12-16 02:51:34.381 TRACE heat.engine.resource yield self.action_handler_task(action, args=handler_args)
2014-12-16 02:51:34.381 TRACE heat.engine.resource File "/opt/stack/heat/heat/engine/scheduler.py", line 295, in wrapper
2014-12-16 02:51:34.381 TRACE heat.engine.resource step = next(subtask)
2014-12-16 02:51:34.381 TRACE heat.engine.resource File "/opt/stack/heat/heat/engine/resource.py", line 500, in action_handler_task
2014-12-16 02:51:34.381 TRACE heat.engine.resource handler_data = handler(*args)
2014-12-16 02:51:34.381 TRACE heat.engine.resource File "/opt/stack/heat/heat/engine/resources/wait_condition.py", line 149, in handle_create
2014-12-16 02:51:34.381 TRACE heat.engine.resource token = self._user_token()
2014-12-16 02:51:34.381 TRACE heat.engine.resource File "/opt/stack/heat/heat/engine/stack_user.py", line 66, in _user_token
2014-12-16 02:51:34.381 TRACE heat.engine.resource project_id=project_id, password=password)
2014-12-16 02:51:34.381 TRACE heat.engine.resource File "/opt/stack/heat/heat/common/heat_keystoneclient.py", line 408, in stack_domain_user_token
2014-12-16 02:51:34.381 TRACE heat.engine.resource authenticated=False)
2014-12-16 02:51:34.381 TRACE heat.engine.resource File "/usr/local/lib/python2.7/dist-packages/keystoneclient/session.py", line 438, in post
2014-12-16 02:51:34.381 TRACE heat.engine.resource return self.request(url, 'POST', **kwargs)
2014-12-16 02:51:34.381 TRACE heat.engine.resource File "/usr/local/lib/python2.7/dist-packages/keystoneclient/utils.py", line 318, in inner
2014-12-16 02:51:34.381 TRACE heat.engine.resource return func(*args, **kwargs)
2014-12-16 02:51:34.381 TRACE heat.engine.resource File "/usr/local/lib/python2.7/dist-packages/keystoneclient/session.py", line 354, in request
2014-12-16 02:51:34.381 TRACE heat.engine.resource raise exceptions.from_response(resp, method, url)
2014-12-16 02:51:34.381 TRACE heat.engine.resource Unauthorized: Could not find user: blah3-cluster-d3wjowmze6mh-1-arutohsvjpqb-wait_condition_handle-coov3oce6jhx (Disable debug mode to suppress these details.) (HTTP 401)

Revision history for this message
Miguel Grinberg (miguelgrinberg) wrote :

Reproduction templates:

slave.yaml:

heat_template_version: 2013-05-23

resources:
  wait_condition:
    type: OS::Heat::WaitCondition
    properties:
      handle: { get_resource: wait_handle }
      count: 1
      timeout: 600

  wait_handle:
    type: OS::Heat::WaitConditionHandle

master.yaml:

heat_template_version: 2013-05-23

resources:
  cluster:
    type: OS::Heat::ResourceGroup
    properties:
      count: 2
      resource_def:
        type: slave.yaml

To reproduce, just run: heat stack-create test -f master.yaml

Changed in heat:
assignee: nobody → Miguel Grinberg (miguelgrinberg)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to heat (master)

Fix proposed to branch: master
Review: https://review.openstack.org/142005

Changed in heat:
status: New → In Progress
Angus Salkeld (asalkeld)
Changed in heat:
importance: Undecided → Medium
milestone: none → kilo-2
Steven Hardy (shardy)
tags: added: juno-backport-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to heat (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/146429

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Related fix proposed to branch: master
Review: https://review.openstack.org/146439

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on heat (master)

Change abandoned by Steven Hardy (<email address hidden>) on branch: master
Review: https://review.openstack.org/146429

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to heat (master)

Reviewed: https://review.openstack.org/142005
Committed: https://git.openstack.org/cgit/openstack/heat/commit/?id=0ba4dacbe292a182ac4ccd69f1133aa6cdba8045
Submitter: Jenkins
Branch: master

commit 0ba4dacbe292a182ac4ccd69f1133aa6cdba8045
Author: Miguel Grinberg <email address hidden>
Date: Tue Dec 16 06:45:22 2014 +0000

    Authenticate the domain user with id instead of username

    This change makes the authentication process that requests a domain user
    token provide user_id and password instead of username and password.
    Authenticating with the user_id is more reliable, as that works even when
    the username is truncated or modified in any other way before it is passed
    to Keystone.

    Change-Id: I7b2897c2be1e4ad7f55549449b1791991572a7f1
    Closes-bug: 1402894

Changed in heat:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in heat:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in heat:
milestone: kilo-2 → 2015.1.0
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to heat (stable/juno)

Fix proposed to branch: stable/juno
Review: https://review.openstack.org/182446

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to heat (stable/juno)

Reviewed: https://review.openstack.org/182446
Committed: https://git.openstack.org/cgit/openstack/heat/commit/?id=85edaa45576e0b691e6593c3ffb01ca4a64b2641
Submitter: Jenkins
Branch: stable/juno

commit 85edaa45576e0b691e6593c3ffb01ca4a64b2641
Author: Miguel Grinberg <email address hidden>
Date: Tue Dec 16 06:45:22 2014 +0000

    Authenticate the domain user with id instead of username

    This change makes the authentication process that requests a domain user
    token provide user_id and password instead of username and password.
    Authenticating with the user_id is more reliable, as that works even when
    the username is truncated or modified in any other way before it is passed
    to Keystone.

    Conflicts:
     heat/common/heat_keystoneclient.py

    Change-Id: I7b2897c2be1e4ad7f55549449b1791991572a7f1
    Closes-bug: 1402894
    (cherry picked from commit 0ba4dacbe292a182ac4ccd69f1133aa6cdba8045)

Zane Bitter (zaneb)
tags: added: in-stable-juno
removed: juno-backport-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on heat (master)

Change abandoned by Steven Hardy (<email address hidden>) on branch: master
Review: https://review.openstack.org/146439

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.