Juniper Openstack

Mitaka support for Contrail

Bug #1578495 reported by Jakub Pavlik on 2016-05-05

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Juniper Openstack	Status tracked in Trunk
R3.0	In Progress	Undecided	Jakub Pavlik
Trunk	Fix Committed	Undecided	Jakub Pavlik	Juniper Openstack r3.1.0.0-fcs

Bug Description

There are two parts for Mitaka support:

1) contrail-api - syncing with Keystone projects. It already support v3, but it cannot starts due following error:

Traceback (most recent call last):
  File "/usr/bin/contrail-api", line 9, in <module>
    load_entry_point('vnc-cfg-api-server==0.1dev', 'console_scripts', 'contrail-api')()
  File "/usr/lib/python2.7/dist-packages/vnc_cfg_api_server/vnc_cfg_api_server.py", line 3194, in server_main
    main()
  File "/usr/lib/python2.7/dist-packages/vnc_cfg_api_server/vnc_cfg_api_server.py", line 3153, in main
    vnc_api_server = VncApiServer(args_str)
  File "/usr/lib/python2.7/dist-packages/vnc_cfg_api_server/vnc_cfg_api_server.py", line 1397, in __init__
    self._pipe_start_app = auth_svc.get_middleware_app()
  File "/usr/lib/python2.7/dist-packages/vnc_cfg_api_server/vnc_auth_keystone.py", line 222, in get_middleware_app
    self._auth_token = auth_middleware.get_admin_token()
AttributeError: 'AuthProtocol' object has no attribute 'get_admin_token'

https://github.com/Juniper/contrail-controller/blob/master/src/config/api-server/vnc_auth_keystone.py#L194

I found that in Juno there was deprecated keystone middleware from python-keystoneclient and replaced by keystonemiddleware. In Mitaka they removed middleware by commit 646350c1d6dcd02c4dd939a220e231eedff5b055.

Keystonemiddleware is already imported, but they I found that get_admin_token auth was deprecated by this commit https://github.com/openstack/keystonemiddleware/commit/913fd8ef67a277d37154797df60e98103eb3ddd2

Therefore there must be update of this method in vnc_auth_keystone.py

2) neutron-plugin-contrail - Until mitaka you could use in neutron.conf variables like:

[keystone_authtoken]
identity_uri = http://172.16.20.254:5000
auth_host = 172.16.20.254
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = neutron
admin_password = password
auth_uri=http://172.16.20.254:5000
auth_url=http://172.16.20.254:35357
auth_region=RegionOne

but from Mitaka there must be:

[keystone_authtoken]
revocation_cache_time = 10
signing_dir=/tmp/keystone-signing-nova
auth_type = password
user_domain_id = default
project_domain_id = default
project_name = service
username = neutron
password = password
auth_uri=http://172.16.20.254:5000
auth_url=http://172.16.20.254:35357

This cannot work, because neutron contrail plugin has hardcoded v2.0 auth, so it must be modifed to v3 option.
https://github.com/Juniper/contrail-neutron-plugin/blob/master/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py#L97

Jakub Pavlik (pavlk-jakub) on 2016-05-05

information type:

Proprietary → Public

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-05-05: [Review update] master

Review in progress for https://review.opencontrail.org/19920
Submitter: Jakub Pavlik (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-05-05:

Review in progress for https://review.opencontrail.org/19941
Submitter: Jakub Pavlik (<email address hidden>)

Revision history for this message

Jakub Pavlik (pavlk-jakub) wrote on 2016-05-05:

Download full text (3.9 KiB)

Still getting this because of SSL there https://github.com/Juniper/contrail-neutron-plugin/commit/67eee86bd50f80b6d8dfca7a323f433ec3563437

2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource File "/usr/lib/python2.7/dist-packages/neutron/api/v2/base.py", line 341, in index [8/1319]
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource return self._items(request, True, parent_id)
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource File "/usr/lib/python2.7/dist-packages/neutron/api/v2/base.py", line 267, in _items
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource obj_list = obj_getter(request.context, **kwargs)
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource File "/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py", line 394, in get_networ
ks
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource fields)
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource File "/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py", line 344, in _list_resource
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource res_type, 'READALL')
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource File "/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py", line 213, in _request_b
ackend
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource response = self._relay_request(url_path, data=data)
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource File "/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py", line 206, in _relay_req
uest
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource url, data=data, headers={'Content-type': 'application/json'})
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource File "/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py", line 195, in _request_a
pi_server_authn
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource response = self._request_api_server(url, data, headers=authn_headers)
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource File "/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py", line 172, in _request_a
pi_server
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource headers={'Content-type': 'application/json'})
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource File "/usr/lib/python2.7/dist-packages/requests/api.py", line 107, in post
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource return request('post', url, data=data, json=json, **kwargs)
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource File "/usr/lib/python2.7/dist-packages/requests/api.py", line 53, in request
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource return session.request(method=method, url=url, **kwargs)
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 468, in request
...

Still getting this because of SSL there https://github.com/Juniper/contrail-neutron-plugin/commit/67eee86bd50f80b6d8dfca7a323f433ec3563437

2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource   File "/usr/lib/python2.7/dist-packages/neutron/api/v2/base.py", line 341, in index                                      [8/1319]
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource     return self._items(request, True, parent_id)
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource   File "/usr/lib/python2.7/dist-packages/neutron/api/v2/base.py", line 267, in _items
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource     obj_list = obj_getter(request.context, **kwargs)
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource   File "/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py", line 394, in get_networ
ks
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource     fields)
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource   File "/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py", line 344, in _list_resource
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource     res_type, 'READALL')
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource   File "/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py", line 213, in _request_b
ackend
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource     response = self._relay_request(url_path, data=data)
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource   File "/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py", line 206, in _relay_req
uest
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource     url, data=data, headers={'Content-type': 'application/json'})
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource   File "/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py", line 195, in _request_a
pi_server_authn
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource     response = self._request_api_server(url, data, headers=authn_headers)
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource   File "/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/plugins/opencontrail/contrail_plugin.py", line 172, in _request_a
pi_server
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource     headers={'Content-type': 'application/json'})
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource   File "/usr/lib/python2.7/dist-packages/requests/api.py", line 107, in post
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource     return request('post', url, data=data, json=json, **kwargs)
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource   File "/usr/lib/python2.7/dist-packages/requests/api.py", line 53, in request
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource     return session.request(method=method, url=url, **kwargs)
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource   File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 468, in request
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource     resp = self.send(prep, **send_kwargs)
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource   File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 576, in send
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource     r = adapter.send(request, **kwargs)
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource   File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 447, in send
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource     raise SSLError(e, request=request)
2016-05-06 00:23:07.980 25818 ERROR neutron.api.v2.resource SSLError: [Errno 1] _ssl.c:510: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

Revision history for this message

Jakub Pavlik (pavlk-jakub) wrote on 2016-05-05:

Workaround is to set contrail-api.conf multi_tenancy=false

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-05-08: A change has been merged

Reviewed: https://review.opencontrail.org/19920
Committed: http://github.org/Juniper/contrail-controller/commit/e0c0f8b7fafb940e66f7500ae57750e9edb925af
Submitter: Zuul
Branch: master

commit e0c0f8b7fafb940e66f7500ae57750e9edb925af
Author: Jakub Pavlik <email address hidden>
Date: Wed May 4 22:40:21 2016 -0700

Mitaka support for contrail-api compatible with new keystonemiddleware

Closes-Bug: 1578495
Change-Id: I65d38e8e0e6f02b58a6504e60e4fd7be7e3c87b8

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-05-08:

Reviewed: https://review.opencontrail.org/19941
Committed: http://github.org/Juniper/contrail-neutron-plugin/commit/53a815c068b2ada2ccc96b59cebe9b55bd03db8a
Submitter: Zuul
Branch: master

commit 53a815c068b2ada2ccc96b59cebe9b55bd03db8a
Author: Jakub Pavlik <email address hidden>
Date: Thu May 5 12:56:01 2016 -0700

Support for mitaka neutron quotas

Closes-Bug: #1578495
Change-Id: Id7c5dc4d26465039ffc9cdc81df65797d613bb25

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-05-09: [Review update] R3.0

Review in progress for https://review.opencontrail.org/19992
Submitter: Jakub Pavlik (<email address hidden>)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.