containers: contrail-api can't authenticate if keystone has only v3 protocol

Bug #1706422 reported by Andrey Pavlov
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R4.0
Fix Committed
Critical
Ignatious Johnson Christopher
Trunk
Fix Committed
Critical
Ignatious Johnson Christopher

Bug Description

from github: https://github.com/Juniper/contrail-charms/issues/1

contrail-api can't authenticate in keystone:

vnc_openstack.err

Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/vnc_openstack/__init__.py", line 724, in _resync_domains_projects_forever
    vnc_domains = self._vnc_lib.domains_list()['domains']
  File "/usr/lib/python2.7/dist-packages/vnc_api/vnc_api.py", line 41, in wrapper
    return func(self, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/vnc_api/vnc_api.py", line 626, in _objects_list
    detail=detail, count=count, filters=filters, shared=shared)
  File "/usr/lib/python2.7/dist-packages/vnc_api/vnc_api.py", line 41, in wrapper
    return func(self, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/vnc_api/vnc_api.py", line 1312, in resource_list
    rest.OP_GET, obj_class.create_uri, data=query_params)
  File "/usr/lib/python2.7/dist-packages/vnc_api/vnc_api.py", line 861, in _request_server
    retry_after_authn=retry_after_authn, retry_count=retry_count)
  File "/usr/lib/python2.7/dist-packages/vnc_api/vnc_api.py", line 931, in _request
    self._headers = self._authenticate(content, self._headers)
  File "/usr/lib/python2.7/dist-packages/vnc_api/vnc_api.py", line 725, in _authenticate
    raise RuntimeError('Authentication Failure')
RuntimeError: Authentication Failure

/etc/contrail/vnc_api_lib.ini

[global]
WEB_SERVER = 172.31.13.46
WEB_PORT = 8082

BASE_URL = /
;BASE_URL = /tenants/infra ; common-prefix for all URLs

; Authentication settings (optional)
[auth]
AUTHN_TYPE = keystone
AUTHN_PROTOCOL = http
AUTHN_SERVER = 13.58.57.227
AUTHN_PORT = 35357
AUTHN_URL = /v3/auth/tokens
;AUTHN_TOKEN_URL = http://127.0.0.1:35357/v2.0/tokens

Revision history for this message
Andrey Pavlov (apavlov-e) wrote :

contrail-keystone-auth.conf

[KEYSTONE]
auth_url=http://13.58.57.227:35357/v3
auth_host=13.58.57.227
auth_protocol=http
auth_port=35357
admin_user=admin
admin_password=password
admin_tenant_name=admin
memcache_servers=127.0.0.1:11211
;insecure=False
;certfile=/etc/contrail/ssl/certs/keystone.pem
;keyfile=/etc/contrail/ssl/certs/keystone.pem
;cafile=/etc/contrail/ssl/certs/keystone_ca.pem

Rudra Rugge (rrugge)
Changed in juniperopenstack:
assignee: nobody → Sachin Bansal (sbansal)
information type: Proprietary → Public
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/34247
Submitter: Senthilnathan Murugappan (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R4.0

Review in progress for https://review.opencontrail.org/34292
Submitter: Sachin Bansal (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/34247
Committed: http://github.com/Juniper/contrail-controller/commit/b6ff0d9b690369651b8525b77dc0960bf6b240eb
Submitter: Zuul (<email address hidden>)
Branch: master

commit b6ff0d9b690369651b8525b77dc0960bf6b240eb
Author: Senthilnathan Murugappan <email address hidden>
Date: Wed Aug 2 10:50:31 2017 -0700

Changes to support keystone service with v3 support alone

Change-Id: I6526afa69c84d44064aefad83f6ba495b7181671
Partial-Bug:#1706422

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/34292
Committed: http://github.com/Juniper/contrail-controller/commit/126eac836016f2e355e31824b997570c3071d422
Submitter: Zuul (<email address hidden>)
Branch: R4.0

commit 126eac836016f2e355e31824b997570c3071d422
Author: Senthilnathan Murugappan <email address hidden>
Date: Wed Aug 2 10:50:31 2017 -0700

Changes to support keystone service with v3 support alone

Change-Id: I6526afa69c84d44064aefad83f6ba495b7181671
Partial-Bug:#1706422

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/35075
Submitter: Ignatious Johnson Christopher (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Review in progress for https://review.opencontrail.org/35076
Submitter: Ignatious Johnson Christopher (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R4.0

Review in progress for https://review.opencontrail.org/35077
Submitter: Ignatious Johnson Christopher (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Review in progress for https://review.opencontrail.org/35078
Submitter: Ignatious Johnson Christopher (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/35076
Submitter: Ignatious Johnson Christopher (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R4.0

Review in progress for https://review.opencontrail.org/35078
Submitter: Ignatious Johnson Christopher (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/35075
Submitter: Ignatious Johnson Christopher (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R4.0

Review in progress for https://review.opencontrail.org/35077
Submitter: Ignatious Johnson Christopher (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/35078
Committed: http://github.com/Juniper/contrail-ansible-internal/commit/111a962503b6c7bf17318a4a2c72e9076db2da21
Submitter: Zuul (<email address hidden>)
Branch: R4.0

commit 111a962503b6c7bf17318a4a2c72e9076db2da21
Author: Ignatious Johnson Christopher <email address hidden>
Date: Tue Aug 29 21:28:15 2017 -0700

populating user/project domain name when using

keystone v3.

Change-Id: I61c805f3f490c748c1f1547f438a5f53447e8364
Closes-Bug: 1706422

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/35077
Committed: http://github.com/Juniper/contrail-docker/commit/478c266b17a0ceab9d6fdcc64bfc7a3e90144030
Submitter: Zuul (<email address hidden>)
Branch: R4.0

commit 478c266b17a0ceab9d6fdcc64bfc7a3e90144030
Author: Ignatious Johnson Christopher <email address hidden>
Date: Tue Aug 29 21:19:22 2017 -0700

schema chnages to consider domain related params

for using keystone v3.

Change-Id: Ifd739a18635f21ab21adb6d8ecafd175e85d4c15
closes-Bug: 1706422

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/35076
Committed: http://github.com/Juniper/contrail-ansible-internal/commit/f00b75ee72a421e1bed468399a4b983f7e788371
Submitter: Zuul (<email address hidden>)
Branch: master

commit f00b75ee72a421e1bed468399a4b983f7e788371
Author: Ignatious Johnson Christopher <email address hidden>
Date: Tue Aug 29 21:28:15 2017 -0700

populating user/project domain name when using

keystone v3.

Change-Id: I61c805f3f490c748c1f1547f438a5f53447e8364
Closes-Bug: 1706422

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/35075
Committed: http://github.com/Juniper/contrail-docker/commit/f1203039860bb7961b7f8d667d376cc3b5627304
Submitter: Zuul (<email address hidden>)
Branch: master

commit f1203039860bb7961b7f8d667d376cc3b5627304
Author: Ignatious Johnson Christopher <email address hidden>
Date: Tue Aug 29 21:19:22 2017 -0700

schema chnages to consider domain related params

for using keystone v3.

Change-Id: Ifd739a18635f21ab21adb6d8ecafd175e85d4c15
closes-Bug: 1706422

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.