Usage of internal URL in clouds.yaml causes a 404

Bug #1733052 reported by Tobias Brox on 2017-11-18
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
keystoneauth
High
wangxiyuan

Bug Description

auth_url was set to the internal URL (port 5000 on the controller node), this works fine on openstack version 2.3.1 and 3.8.1, but not on 3.12.0:

    # openstack --os-cloud cloud-admin project list
    +----------------------------------+-----------+
    | ID | Name |
    +----------------------------------+-----------+
    (...)
    # grep auth /etc/openstack/clouds.yaml
        auth:
          auth_url: https://ctrl-test.iaas.h.bitbit.net:5000
        auth:
          auth_url: https://ctrl-test.iaas.h.bitbit.net:5000
    # openstack --version
    openstack 3.8.1

vs

    $ openstack --version
    openstack 3.12.0

    $ grep auth_url clouds.yaml
          auth_url: https://ctrl-test.iaas.h.bitbit.net:5000

    $ openstack --os-cloud=stage-cloud-admin project list
    The resource could not be found. (HTTP 404)

Now, if I change the auth_url to https://iaas-test.redpill-linpro.com/api/identity/v3/ it works fine. One could probably argue that the bug is in my configuration and not in openstack, but still, I think we have a real bug here.

I was digging quite a bit, and found this ...

    (Pdb) bt
      /usr/bin/openstack(10)<module>()
    -> sys.exit(main())
      /usr/lib/python3.6/site-packages/openstackclient/shell.py(213)main()
    -> return OpenStackShell().run(argv)
      /usr/lib/python3.6/site-packages/osc_lib/shell.py(134)run()
    -> ret_val = super(OpenStackShell, self).run(argv)
      /usr/lib/python3.6/site-packages/cliff/app.py(279)run()
    -> result = self.run_subcommand(remainder)
      /usr/lib/python3.6/site-packages/osc_lib/shell.py(169)run_subcommand()
    -> ret_value = super(OpenStackShell, self).run_subcommand(argv)
      /usr/lib/python3.6/site-packages/cliff/app.py(393)run_subcommand()
    -> self.prepare_to_run_command(cmd)
      /usr/lib/python3.6/site-packages/openstackclient/shell.py(200)prepare_to_run_command()
    -> return super(OpenStackShell, self).prepare_to_run_command(cmd)
      /usr/lib/python3.6/site-packages/osc_lib/shell.py(437)prepare_to_run_command()
    -> self.client_manager.auth_ref
      /usr/lib/python3.6/site-packages/openstackclient/common/clientmanager.py(99)auth_ref()
    -> return super(ClientManager, self).auth_ref
      /usr/lib/python3.6/site-packages/osc_lib/clientmanager.py(239)auth_ref()
    -> self._auth_ref = self.auth.get_auth_ref(self.session)
      /usr/lib/python3.6/site-packages/keystoneauth1/identity/generic/base.py(197)get_auth_ref()
    -> self._plugin = self._do_create_plugin(session)
      /usr/lib/python3.6/site-packages/keystoneauth1/identity/generic/base.py(134)_do_create_plugin()
    -> disc = self.get_discovery(session,
    > /usr/lib/python3.6/site-packages/keystoneauth1/discover.py(515)version_data()
    -> url = _combine_relative_url(self._url, link['href'])
    (Pdb) _combine_relative_url(self._url, link['href'])
    'https://ctrl-test.iaas.h.bitbit.net:5000/api/identity/v3/'

(line numbers may be a bit off, I threw in some extra debug statements into the code)

https://ctrl-test.iaas.h.bitbit.net:5000/api/identity/v3/ is an invalid URL and returns 404.

s10 (vlad-esten) wrote :

This bug exists since keystoneauth version 3.2.0 (Queens). It was introduced in commit https://github.com/openstack/keystoneauth/commit/8b8ff830e89923ca6862362a5d16e496a0c0093c

s10 (vlad-esten) wrote :

To reproduce this bug, variable public_endpoint in keystone.conf should be set, so all links in version discovery of the internal endpoint will point to the public url href.

s10 (vlad-esten) on 2018-05-20
Changed in keystoneauth:
status: New → Confirmed
Changed in keystoneauth:
status: Confirmed → Triaged
importance: Undecided → High
wangxiyuan (wangxiyuan) on 2018-07-17
Changed in keystoneauth:
assignee: nobody → wangxiyuan (wangxiyuan)

Fix proposed to branch: master
Review: https://review.openstack.org/583215

Changed in keystoneauth:
status: Triaged → In Progress
Changed in keystoneauth:
assignee: wangxiyuan (wangxiyuan) → Adam Young (ayoung)
Changed in keystoneauth:
assignee: Adam Young (ayoung) → wangxiyuan (wangxiyuan)

Reviewed: https://review.openstack.org/583215
Committed: https://git.openstack.org/cgit/openstack/keystoneauth/commit/?id=323f4e4bc4710d42e493eb56e40ba139a84d67b3
Submitter: Zuul
Branch: master

commit 323f4e4bc4710d42e493eb56e40ba139a84d67b3
Author: wangxiyuan <email address hidden>
Date: Tue Jul 17 19:43:21 2018 +0800

    Add netloc and version check for version discovery

    If the url netloc in the catalog and service's response
    are not the same, we should choose the catalog's and
    add the version info to it if needed.

    Change-Id: If78d368bd505156a5416bb9cbfaf988204925c79
    Closes-bug: #1733052

Changed in keystoneauth:
status: In Progress → Fix Released

This issue was fixed in the openstack/keystoneauth 3.10.0 release.

Reviewed: https://review.openstack.org/584053
Committed: https://git.openstack.org/cgit/openstack/keystoneauth/commit/?id=2cc2b039b79a6c4a9550b8568a490d0673d0b545
Submitter: Zuul
Branch: stable/queens

commit 2cc2b039b79a6c4a9550b8568a490d0673d0b545
Author: Vlad Gusev <email address hidden>
Date: Thu Jul 19 21:00:08 2018 +0300

    Add netloc and version check for version discovery

    If the url netloc in the catalog and service's response
    are not the same, we should choose the catalog's and
    add the version info to it if needed.

    Conflict and change in test is caused by I93ee971125bc0c7a497e1fb839df38ebd38340e1,
    I07a602a05f896d7cc70120bd89424e3c553baf9f and Icf855d7892335b093c1083cd0106946d8911010d

    Change-Id: If78d368bd505156a5416bb9cbfaf988204925c79
    Closes-bug: #1733052
    (cherry picked from commit 323f4e4bc4710d42e493eb56e40ba139a84d67b3)

tags: added: in-stable-queens
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers