OpenStack Identity (keystone)

  1. Bug #1362678
  2. Comment #12

Comment 12 for bug 1362678

Revision history for this message
Marcus Klein (kleini76) wrote :

Debug output of keystone shows this:

2015-01-02 15:27:10.982 32587 INFO eventlet.wsgi.server [-] 10.20.31.200 - - [02/Jan/2015 15:27:10] "POST /v3/auth/tokens HTTP/1.1" 201 5793 0.705210
2015-01-02 15:27:11.140 32588 DEBUG oslo.db.sqlalchemy.session [-] MySQL server mode set to STRICT_TRANS_TABLES,STRICT_ALL_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DI
VISION_BY_ZERO,TRADITIONAL,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION _init_events /usr/lib/python2.7/dist-packages/oslo/db/sqlalchemy/session.py:461
2015-01-02 15:27:11.177 32588 DEBUG keystone.common.kvs.core [-] KVS lock acquired for: os-revoke-events acquire /usr/lib/python2.7/dist-packages/keystone/common/kvs/core.
py:380
2015-01-02 15:27:11.178 32588 DEBUG keystone.common.kvs.core [-] KVS lock released for: os-revoke-events release /usr/lib/python2.7/dist-packages/keystone/common/kvs/core.
py:399
2015-01-02 15:27:11.179 32588 DEBUG keystone.middleware.core [-] RBAC: auth_context: {'is_delegated_auth': False, 'access_token_id': None, 'user_id': u'marcus.klein', 'rol
es': [u'_member_', u'heat_stack_owner'], 'trustee_id': None, 'trustor_id': None, 'consumer_id': None, 'token': <KeystoneToken (audit_id=pB4hldcUTdaBZEzVz3VznQ, audit_chain
_id=pB4hldcUTdaBZEzVz3VznQ) at 0x7f19dc013990>, 'project_id': u'8d04de0a40cc4419aed0d33a8d5e8eee', 'trust_id': None} process_request /usr/lib/python2.7/dist-packages/keyst
one/middleware/core.py:280
2015-01-02 15:27:11.229 32588 DEBUG keystone.common.wsgi [-] arg_dict: {} __call__ /usr/lib/python2.7/dist-packages/keystone/common/wsgi.py:191
2015-01-02 15:27:11.230 32588 DEBUG keystone.common.controller [-] RBAC: Authorizing identity:create_trust(trust={u'impersonation': True, u'project_id': u'8d04de0a40cc4419
aed0d33a8d5e8eee', u'trustor_user_id': u'marcus.klein', u'roles': [{u'name': u'heat_stack_owner'}], u'trustee_user_id': u'heat'}) _build_policy_check_credentials /usr/lib/
python2.7/dist-packages/keystone/common/controller.py:55
2015-01-02 15:27:11.230 32588 DEBUG keystone.common.controller [-] RBAC: using auth context from the request environment _build_policy_check_credentials /usr/lib/python2.7
/dist-packages/keystone/common/controller.py:60
2015-01-02 15:27:11.232 32588 DEBUG keystone.policy.backends.rules [-] enforce identity:create_trust: {'is_delegated_auth': False, 'access_token_id': None, 'user_id': u'ma
rcus.klein', 'roles': [u'_member_', u'heat_stack_owner'], 'trustee_id': None, 'trustor_id': None, 'consumer_id': None, 'token': <KeystoneToken (audit_id=pB4hldcUTdaBZEzVz3
VznQ, audit_chain_id=pB4hldcUTdaBZEzVz3VznQ) at 0x7f19dc013990>, 'project_id': u'8d04de0a40cc4419aed0d33a8d5e8eee', 'trust_id': None} enforce /usr/lib/python2.7/dist-packa
ges/keystone/policy/backends/rules.py:100
2015-01-02 15:27:11.238 32588 DEBUG keystone.common.controller [-] RBAC: Authorization granted inner /usr/lib/python2.7/dist-packages/keystone/common/controller.py:155
2015-01-02 15:27:11.241 32588 WARNING keystone.common.wsgi [-] Invalid input for field 'trustor_user_id'. The value is 'marcus.klein'.

Do you have any hints how to solve this problem? The Heat component is now pretty useless after upgrading to Juno for us.