Problem Description
===================
The 'Projects' dropdown in our Horizon dashboard (the one on the top
left) is empty since we switched to Openstack Kilo. We investigated the
issue and found the following error message in horizon.log:
AuthorizationFailure: Authorization Failed: The resource could not be found. (HTTP 404) http://10.0.81.10:5000
[You will find a full stack trace in stacktrace.txt in the attached
tarball.]
Further investigation (see keystone.pcap in the attached tarball for a
packet trace) revealed that horizon is trying to access
http://10.0.81.10:5000/tokens (as opposed to the correct URL,
http://10.0.81.10:5000/v2.0/tokens). We found the problem could be
worked around by appending missing versioning information in backend.py
(see below), but it should be possible to fix this in a cleaner manner.
Environment
===========
We are running Openstack Kilo with the Ubuntu Cloud packages, some of
them modified locally with backported bugfixes. You will find these
packages at https://launchpad.net/~syseleven-platform/+archive/ubuntu/kilo.
In particular, we are running the following Horizon package:
https://launchpad.net/~syseleven-platform/+archive/ubuntu/kilo
Configuration
=============
You will find our full Horizon configuration in local_settings.py in the
attached tarball. Relevant points:
* OPENSTACK_KEYSTONE_URL is http://10.0.81.10:5000/v2.0
* OPENSTACK_API_VERSIONS is configured for Keystone 2.0
* The identity endpoints as reported by Keystone itself do not contain
versioning information (the way it is supposed to be as of Kilo).
Steps to reproduce
==================
* Run Horizon/Kilo (with the Ubuntu Cloud packages or our modified
packages; both should exhibit this problem)
* Configure the end points and OPENSTACK_KEYSTONE_URL as described under
"Configuration"
* Log into the web interface.
This should yield an empty Projects dropdown list and the stacktrace in
stacktrace.txt in /var/log/horizon/horizon.log).
Workaround
==========
I modified /usr/lib/python2.7/dist-packages/openstack_auth/backend.py to
append versioning information to the endpoint URL if it is missing. This
can be used to work around the problem in a pinch, but I do not consider
it a clean fix.
Files
=====
I attached a couple of files to illustrate the problem (you will find
all of these in horizon-projects-dropdown.tar):
backend.py The modified backend.py described under "Workaround"
endpoints.txt A list of identity endpoints as reported by Keystone
keystone.pcap A packet capture of Horizon's interactions with
Keystone
local_settings.py Our Horizon configuration
stacktrace.txt The stack trace that appears in
/var/log/horizon/horizon.log
We figured out that this line is the problem:
https:/
It is unchanged from Juno, which means it breaks in the versionless endpoint environment introduced with Kilo. I hacked up a slightly better fix than the workaround up there, but I'm unsure where/how to submit it for review (since it is a change to django_