If we have an openstack installation with several regions and each region has its own endpoint of keystone, then an event-trigger or cron-trigger may fail with the following stack trace:
File "/opt/mistral/local/lib/python2.7/site-packages/mistral/actions/openstack/base.py", line 121, in run
method = self._get_client_method(self._get_client(context))
File "/opt/mistral/local/lib/python2.7/site-packages/mistral/actions/openstack/base.py", line 84, in _get_client
return self._create_client(context)
File "/opt/mistral/local/lib/python2.7/site-packages/mistral/actions/openstack/actions.py", line 262, in _create_client
session_and_auth = self.get_session_and_auth(context)
File "/opt/mistral/local/lib/python2.7/site-packages/mistral/actions/openstack/base.py", line 97, in get_session_and_auth
context=context)
File "/opt/mistral/local/lib/python2.7/site-packages/mistral/utils/openstack/keystone.py", line 78, in get_session_and_auth
project_endpoint = get_endpoint_for_project(**kwargs)
File "/opt/mistral/local/lib/python2.7/site-packages/mistral/utils/openstack/keystone.py", line 210, in get_endpoint_for_project
service_catalog = obtain_service_catalog(ctx)
File "/opt/mistral/local/lib/python2.7/site-packages/mistral/utils/openstack/keystone.py", line 270, in obtain_service_catalog
if ctx.is_trust_scoped and is_token_trust_scoped(token, ctx.trust_id):
File "/opt/mistral/local/lib/python2.7/site-packages/mistral/utils/openstack/keystone.py", line 321, in is_token_trust_scoped
return 'OS-TRUST:trust' in client_for_admin().tokens.validate(auth_token)
File "/opt/mistral/local/lib/python2.7/site-packages/keystoneclient/v3/tokens.py", line 105, in validate
allow_expired=allow_expired)
File "/opt/mistral/local/lib/python2.7/site-packages/keystoneclient/v3/tokens.py", line 85, in get_token_data
resp, body = self._client.get(url, headers=headers)
File "/opt/mistral/local/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 375, in get
return self.request(url, 'GET', **kwargs)
File "/opt/mistral/local/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 534, in request
resp = super(LegacyJsonAdapter, self).request(*args, **kwargs)
File "/opt/mistral/local/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 237, in request
return self.session.request(url, method, **kwargs)
File "/opt/mistral/local/lib/python2.7/site-packages/keystoneauth1/session.py", line 842, in request
resp = send(**kwargs)
File "/opt/mistral/local/lib/python2.7/site-packages/keystoneauth1/session.py", line 949, in _send_request
raise exceptions.ConnectFailure(msg)
The error occurs because the keystoneclient object is created without specifying a region and an attempt is made to query endpoint from a random region that cannot be accessed.
When creating a keystoneclient object, it is necessary to determine the region in which the trigger is executed.
Fix proposed to branch: stable/stein
Review: https:/