Murano devstack is broken with identity-v3-only or tls-proxy enabled
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Murano |
Fix Released
|
Medium
|
zhurong |
Bug Description
In order to reproduce, deploy devstack with this local.conf:
[[local|localrc]]
enable_plugin murano git://git.
ENABLE_
The result is that other services work fine, but murano gives auth errors, both with OSC and the native client:
$ openstack environment list
The request you have made requires authentication. (HTTP 401)
$ murano package-list
The request you have made requires authentication. (HTTP 401)
In the keystone log one can see, that murano still tries to validate the token it receives via the v2.0 identity endpoint, which no longer exists:
10.42.1.102 - - [23/Jan/
10.42.1.102 - - [23/Jan/
10.42.1.102 - - [23/Jan/
This is probably related to the configuration in murano.conf using a very old way of setting up credentials, see this warning from murano-api.log:
2017-01-23 10:03:01.215 2825 WARNING keystonemiddlew
2017-01-23 10:03:01.216 2825 WARNING keystonemiddlew
A similar issue occurs if "enable_service tls_proxy" is being used in the devstack config.
description: | updated |
summary: |
- Murano devstack is broken with identity-v3-only + Murano devstack is broken with identity-v3-only or tls-proxy enabled |
Changed in murano: | |
assignee: | Dr. Jens Rosenboom (j-rosenboom-j) → nobody |
status: | In Progress → New |
Changed in murano: | |
importance: | Undecided → Medium |
Changed in murano: | |
assignee: | nobody → zhurong (zhu-rong) |
Changed in murano: | |
status: | New → In Progress |
If I update the keystone_authtoken in murano.conf to match what I find in nova.conf, the murano api starts working.
I'll try to build a devstack patch that generates that config automatically.