Mistral

Wrong keystone_authtoken middleware configuration for devstack

Bug #1697662 reported by Mike Fedosin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mistral
Fix Released
High
Mike Fedosin
Mistral pike-3 "p3"

Bug Description

Devstack recommends to use special function "configure_auth_token_middleware" to specify the middleware parameters https://github.com/openstack-dev/devstack/blob/1ca22d50b0847f9af0c569ed32f358711952b17a/lib/keystone#L424-L448

Mistral doesn't use it and it causes a misconfiguration of the middleware:
[keystone_authtoken]
identity_uri = http://104.130.222.62/identity
auth_uri = http://104.130.222.62/identity/v3
admin_password = secretservice
admin_user = mistral
admin_tenant_name = service
auth_protocol = http
auth_port = 35357
auth_host = 104.130.222.62

For instance, a configuration of a glance server:
[keystone_authtoken]
memcached_servers = 104.130.222.62:11211
signing_dir = /var/cache/glance/api
cafile = /opt/stack/data/ca-bundle.pem
project_domain_name = Default
project_name = service
user_domain_name = Default
password = secretservice
username = glance
auth_url = http://104.130.222.62/identity
auth_type = password

This leads to the fact that Mistral does not work with some keystone configurations and returns 503 errors from authtoken middleware.

Mike Fedosin (mfedosin)
Changed in mistral:
assignee: nobody → Mike Fedosin (mfedosin)
Renat Akhmerov (rakhmerov)
Changed in mistral:
milestone: none → pike-3
importance: Undecided → Medium
importance: Medium → High
Revision history for this message
Sharat Sharma (sharat-sharma) wrote :

https://review.openstack.org/#/c/473796/

Changed in mistral:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to mistral (master)

Reviewed: https://review.openstack.org/473796
Committed: https://git.openstack.org/cgit/openstack/mistral/commit/?id=fe922eacdbeb6032ab6038def56a1d02c2a64c3a
Submitter: Jenkins
Branch: master

commit fe922eacdbeb6032ab6038def56a1d02c2a64c3a
Author: Mike Fedosin <email address hidden>
Date: Tue Jun 13 14:29:51 2017 +0300

    Use recommended function to setup auth middleware in devstack

    Currently Mistral has own configuration for keystone
    auth middleware, many parameters of which are deprecated [1].
    It's not desired behavior and it is suggested to use recommended
    devstack configuration function to prevent possible errors if
    something is changed in keystone deployment in the future.

    This patch fixes this situation and implements official
    "configure_auth_token_middleware" function support.

    [1] https://github.com/openstack/keystonemiddleware/blob/712438ebf9ee30d553f6b515e38b1c91a9ae498e/keystonemiddleware/auth_token/_auth.py#L29-L35

    Change-Id: I884777826d6ed40d58f75ec5dfba93a876752dfe
    Closes-bug: #1697662

Changed in mistral:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to mistral (master)

Fix proposed to branch: master
Review: https://review.openstack.org/481947

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/mistral 5.0.0.0b3

This issue was fixed in the openstack/mistral 5.0.0.0b3 development milestone.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to mistral (master)

Reviewed: https://review.openstack.org/481947
Committed: https://git.openstack.org/cgit/openstack/mistral/commit/?id=700366e4b6096cb502a638eb3ac9e0b95fefe44f
Submitter: Jenkins
Branch: master

commit 700366e4b6096cb502a638eb3ac9e0b95fefe44f
Author: Mike Fedosin <email address hidden>
Date: Sun Jul 9 18:12:58 2017 +0300

    Use recommended function to setup auth middleware in devstack

    Currently Mistral has own configuration for keystone
    auth middleware, many parameters of which are deprecated [1].
    It's not desired behavior and it is suggested to use recommended
    devstack configuration function to prevent possible errors if
    something is changed in keystone deployment in the future.

    This patch fixes this situation and implements official
    "configure_auth_token_middleware" function support.

    [1] https://github.com/openstack/keystonemiddleware/blob/712438ebf9ee30d553f6b515e38b1c91a9ae498e/keystonemiddleware/auth_token/_auth.py#L29-L35

    Change-Id: I5f50ca6b773b61c35f93488e64a1b95d3ace9c2c
    Closes-bug: #1697662

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/mistral 5.0.0.0rc1

This issue was fixed in the openstack/mistral 5.0.0.0rc1 release candidate.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.