Magnum failed to create trustee

Bug #1551992 reported by Serguei Bezverkhi on 2016-03-01
This bug affects 6 people
Affects Status Importance Assigned to Milestone
Martin Matyáš
Vikram Hosakote
Vikram Hosakote

Bug Description

Running magnum node-list and any other magnum commands returns

ERROR: Not Authorized

Also keystone log generates these messages:

2016-03-01 22:37:06.936 46 DEBUG keystone.middleware.auth [req-2518af5e-5e3b-4b9f-8c7e-a652951e80f8 - - - - -] There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. _build_auth_context /var/lib/kolla/venv/lib/python2.7/site-packages/keystone/middleware/
2016-03-01 22:37:06.938 46 INFO keystone.common.wsgi [req-2518af5e-5e3b-4b9f-8c7e-a652951e80f8 - - - - -] POST
2016-03-01 22:37:06.939 46 WARNING keystone.common.wsgi [req-2518af5e-5e3b-4b9f-8c7e-a652951e80f8 - - - - -] Expecting to find domain in project - the server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.

All other OpenStack services seem to be workjing fine..

Steven Dake (sdake) on 2016-03-01
summary: - After successful deployment any magnum commands return ERROR: Not
- Authorized
+ Make Magnum use Keystone v3
Changed in kolla:
status: New → Confirmed
importance: Undecided → Critical
milestone: none → mitaka-3
Steven Dake (sdake) on 2016-03-05
Changed in kolla:
milestone: mitaka-3 → mitaka-rc1
Steven Dake (sdake) on 2016-03-17
Changed in kolla:
milestone: mitaka-rc1 → mitaka-rc2
Changed in kolla:
assignee: nobody → Jeffrey Zhang (jeffrey4l)

The python-magnumclient do not support keystone v3 util 5119ee0 commit is merged[0]. But this commit is not released. I suppose the magnum team will release a new version which container this fix before the end of the Mitaka cycle.

on the other hand, Kolla can not solve such kind of issue. So I will mark this bug as invalid and waiting for the new release for python-magnumclient


Changed in kolla:
status: Confirmed → Invalid
Jeffrey Zhang (jeffrey4l) wrote :

btw, if you use the master of python-magnumclient code, this issue is not exist.

Steven Dake (sdake) wrote :

[11:43:08] <sdake> Jeffrey4l i'd like to see if you can create bays and such
[11:43:26] <Jeffrey4l> sdake, at least, when using the master code, the bug is disappeared( by using command line ).
[11:44:10] <Jeffrey4l> sdake, I am not famillar with magnum ( never use it :( ). but I will try to create some in it.
[11:49:01] jtriley (~<email address hidden>) left IRC (Ping timeout: 248 seconds)
[11:56:16] <Jeffrey4l> sdake, I can create a baymodel. But when creating bay, it raise errors "Failed to create trustee 85d1e386-51c6-4694-b702-19672fe3f129 in domain None"
[11:56:32] <Jeffrey4l> Not sure what's the root cause. Seems related to keystone v3.

Changed in kolla:
status: Invalid → Confirmed
summary: - Make Magnum use Keystone v3
+ Magnum failed to create trustee
Steven Dake (sdake) wrote :
Steven Dake (sdake) on 2016-03-22
tags: added: rc-backport-potential
Steven Dake (sdake) on 2016-03-26
Changed in kolla:
milestone: mitaka-rc2 → newton-1
tags: removed: rc-backport-potential
Siddharth Shanbhogue (sidx64) wrote :

Hey Guys,

I've got the same issue when I try to create a Mesos Bay with Magnum.

Here's my paste:

Fix proposed to branch: master

Changed in kolla:
status: Confirmed → In Progress
Steven Dake (sdake) wrote :

At this point if magnum isn't working - we may just have to ship with it broken and release note it. i can't see the fix proposed in #6 because gerrit is offline so unsure on status of this bug.

Changed in kolla:
importance: Critical → Low
Jeffrey Zhang (jeffrey4l) wrote :


the magnum should work now. In Kolla, more works is needed. But i have no
time to do this now. I have list all the TODO work in the gerrit

I will appreciate that if anyone could take over this.

Steven Dake (sdake) on 2016-04-15
Changed in kolla:
importance: Low → High
Steven Dake (sdake) on 2016-04-16
Changed in kolla:
importance: High → Critical
assignee: Jeffrey Zhang (jeffrey4l) → nobody

Related fix proposed to branch: stable/mitaka

Submitter: Jenkins
Branch: master

commit ba30579b3b3e69536f5bd59e57d39ed4b63a2dd6
Author: Daneyon Hansen <email address hidden>
Date: Tue May 10 20:26:58 2016 +0000

    Adds Neutron LBaaS Support

    Previously, kolla did not support neutron lbaas functionality.
    Only Lbaasv2 is supported in Mitaka. Additional information can
    be found here:
    Magnum uses Neutron Lbaas to provide high availability to COE API
    and Etcd endpoints within a bay. Therefore, Neutron Lbaas is required
    for Kolla to support Magnum.

    Co-Authored-By: Serguei Bezverkhi <email address hidden>
    Partial-Bug: #1551992

    Change-Id: I05360b7c447c601fcb3c2b6b2a913ef5cc0f3a1b

Changed in kolla:
assignee: nobody → Vikram Hosakote (vhosakot)
Vikram Hosakote (vhosakot) wrote :

Change abandoned by Steven Dake (<email address hidden>) on branch: master
Reason: Abaonded in favor of a full implementation here:

Changed in kolla:
milestone: newton-1 → newton-2
Changed in kolla:
milestone: newton-2 → newton-3
Changed in kolla:
milestone: newton-3 → newton-rc1

Change abandoned by Mauricio Lima (<email address hidden>) on branch: stable/mitaka
Reason: no activity in 4 months

Changed in kolla:
milestone: newton-rc1 → newton-rc2
Changed in kolla:
assignee: Vikram Hosakote (vhosakot) → zhubingbing (zhubingbing)
Changed in kolla:
assignee: zhubingbing (zhubingbing) → Martin Matyáš (martinx-maty)

Submitter: Jenkins
Branch: master

commit 3c45625197e6adfe76cbd37c68673d2aba13f141
Author: Vikram Hosakote <email address hidden>
Date: Mon Jun 6 21:24:24 2016 +0000

    Fix Magnum trustee issues

    This patch set fixes all Magnum issues in kolla master.

    The [trust] section set to magnum.conf
    using created trustee domain and user for Magnum
    in ansible/roles/magnum/tasks/register.yml using ansible
    openstack modules.

    Bump shade to 1.5.0 in kolla-toolbox because of
    os_user_role ansible module dependency.

    Certificate storage is changed from 'local' (non-production)
    to magnum's internal storage (x509keypair) or barbican.

    Co-Authored-By: Martin Matyas <email address hidden>
    Change-Id: Ifcb016c0bc4c8c3fc20e063fa05dc8838aae838c
    Closes-Bug: #1551992

Changed in kolla:
status: In Progress → Fix Released

This issue was fixed in the openstack/kolla release candidate.

Change abandoned by Dave Walker (<email address hidden>) on branch: stable/mitaka
Reason: Not touched in nearly a year, assuming this to be Abandoned. (Especially as we need it to hit Master first and then backported)

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers