OpenStack Identity (keystone)

using templated catalog causes issues creating/listing new services/endpoints

Bug #1269789 reported by Darren Birkett
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Low
David Stanek
OpenStack Identity (keystone) mitaka-3 "m3"

Bug Description

This is an issue in HAVANA

We are using a templated catalog for the initial list of services and endpoints, which works fine.

Trying to add a service works, but the following behaviour is observed with various keystoneclient commands:

keystone catalog:
= only the list of services from the template is shown

keystone service-list:
= only the manually added service is shown

keystone endpoint-list:
= only the manually added endpoints (for the manually created service) are shown

keystone endpoint-get --service <my manually added service>
"publicURL endpoint for <my manually added service> not found"

keystone endpoint-get --service <a service from the templated catalog>
= publicurl is shown

Revision history for this message
ZhiQiang Fan (aji-zqfan) wrote :

IMHO, this is the expected behaviour since you're using static catalog.

Revision history for this message
Dolph Mathews (dolph) wrote :

ZhiQiang Fan: I agree with the general notion, but if you dig into the details of this behavior, it's far from expected.

At minimum, it's poor user feedback. When using the templated backend, two "catalogs" are stored in memory-- one that supports basic read/write, and one that is actually used to build the token catalog. Looking at the implementation, I think the templated catalog should be loaded into the KVS backend, and the KVS backend should be used to render the catalog.

Unfortunately, the scope of effort required to "fix" this wanders into blueprint / new features territory so I don't think it would be backportable to havana. "Fixing" this may also be dependent on https://blueprints.launchpad.net/keystone/+spec/dogpile-kvs-backends (which is re-writing the KVS driver).

Changed in keystone:
status: New → Confirmed
importance: Undecided → Medium
Revision history for this message
ZhiQiang Fan (aji-zqfan) wrote :

I agree it can be a minor new feature other than a bug fix

the static catalog is meant to have no dynamic cli management ability, if not, how could it be static

Morgan Fainberg (mdrnstm)
tags: removed: havana-backport-potential
Revision history for this message
Dolph Mathews (dolph) wrote :

ZhiQiang Fan: I disagree, in that the static bit is useful primarily for seeding keystone with data on startup. I don't see any reason to deny R/W operations at runtime (although, we currently do). +1 for it being a minor new feature, however!

Ning Sun (ning-sun)
Changed in keystone:
assignee: nobody → Ning Sun (ning-sun)
Revision history for this message
Ning Sun (ning-sun) wrote :

is this bug fixed in Kilo?

Revision history for this message
David Stanek (dstanek) wrote :

This is not fixed and I am tempted to mark it as WONTFIX. I had a patch to fix the feedback problem and actually give the user an error if they tried to do any write operation. I'll have to find that and revive it.

Is there a real usecase for this outside of development? I have two issues will adding write support. The first is that we'll either have to persist it to another file somewhere or it goes away. The second is that the written changes will only apply to the keystone instance that handled the API call. If there are multiple keystone instances in a cluster then the user would have to hit each one. It seems to me that this will likely lead to an inconsistent catalog in real deployments.

Changed in keystone:
importance: Medium → Low
Ning Sun (ning-sun)
Changed in keystone:
assignee: Ning Sun (ning-sun) → nobody
OpenStack Infra (hudson-openstack)
Changed in keystone:
assignee: nobody → David Stanek (dstanek)
status: Confirmed → In Progress
Steve Martinelli (stevemar)
Changed in keystone:
milestone: none → mitaka-2
OpenStack Infra (hudson-openstack)
Changed in keystone:
assignee: David Stanek (dstanek) → Dave Chen (wei-d-chen)
Steve Martinelli (stevemar)
Changed in keystone:
assignee: Dave Chen (wei-d-chen) → David Stanek (dstanek)
OpenStack Infra (hudson-openstack)
Changed in keystone:
assignee: David Stanek (dstanek) → Steve Martinelli (stevemar)
Steve Martinelli (stevemar)
Changed in keystone:
assignee: Steve Martinelli (stevemar) → David Stanek (dstanek)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/158442
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=b1b4350017c8e0177193b3b013c3d9c9f9b9d23a
Submitter: Jenkins
Branch: master

commit b1b4350017c8e0177193b3b013c3d9c9f9b9d23a
Author: David Stanek <email address hidden>
Date: Tue Feb 17 19:05:56 2015 +0000

    Removes KVS catalog backend

    The templated backend relied on the KVS backend to implement some
    functionality. The functionality (CRUD for endpoint, services, etc.) is
    arguably incorrect since it won't actually change the contents of the
    catalog. The read only methods have been fixed to use the templated data
    and the write methods raise NotImplemented.

    bp: removed-as-of-mitaka
    Partial-Bug: #1077282
    Closes-Bug: #1367113
    Closes-Bug: #1269789
    Change-Id: Iaa68b18f0b6d7e9f5dc0cbf7d21a3d90dcdc1ea4

Changed in keystone:
status: In Progress → Fix Released
Steve Martinelli (stevemar)
Changed in keystone:
milestone: mitaka-2 → mitaka-3
Revision history for this message
Thierry Carrez (ttx) wrote : Fix included in openstack/keystone 9.0.0.0b3

This issue was fixed in the openstack/keystone 9.0.0.0b3 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.