OpenStack Compute (nova)

EmptyCatalog not treated during cinderclient creation

Bug #1585652 reported by Rodrigo Duarte on 2016-05-25

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Opinion	Wishlist	Unassigned

Bug Description

Steps to reproduce
==================
1 - Get a keystone v3 token using the ?nocatalog param. Example:

export TOKEN=`curl -i -k -v -H "Content-type: application/json" -d '{"auth": {"identity": {"methods": ["password"], "password": {"user": {"domain": {"name": "Default"}, "name": "test", "password": "password"}}}, "scope": {"project": {"name": "test-project", "domain": {"name": "Default"}}}}}' http://localhost:5000/v3/auth/tokens?nocatalog | grep X-Subject-Token | awk '{print $2}' | sed -e 's,\r,,' `

2 - Try to create a server using a cinder volume. Example:

curl -k -v -H "X-Auth-Token:$TOKEN" -H "Content-type: application/json" -d '{"server": {"name": "test_CSDPU_1", "imageRef": "", "block_device_mapping_v2": [{"source_type": "volume", "destination_type": "volume", "boot_index": 0, "delete_on_termination": false, "uuid": "85397498-850f-406f-806a-25cf93cd94dc"}], "flavorRef": "790959df-f79b-4b87-8389-a160a3b6e606", "max_count": 1, "min_count": 1}}' http://localhost:8774/v2/07564c39740f405b92f4722090cd745b/servers

Actual result
=============

{"badRequest": {"message": "Block Device Mapping is Invalid: failed to get volume 85397498-850f-406f-806a-25cf93cd94dc.", "code": 400}}

Expected result
===============

A meaningful error message is displayed.

Details
=======

- During cinderclient creation, nova tries to get cinder's endpoint using the auth object obtained from the token without the catalog [1]. keystoneauth will raise an EmptyCatalog exception [2] that is not treated and will result in the error seen above.

[1] https://github.com/openstack/nova/blob/master/nova/volume/cinder.py#L82
[2] https://github.com/openstack/keystoneauth/blob/master/keystoneauth1/access/service_catalog.py#L190

- This issue might happen in other areas of code, is not necessarily exclusive to the cinderclient creation.

See original description

Tags:

Sarafraj Singh (sarafraj-singh) on 2016-05-25

tags:

added: cinder

Rodrigo Duarte (rodrigodsousa) on 2016-05-25

description:	updated
description:	updated

Revision history for this message

Jamie Lennox (jamielennox) wrote on 2016-05-25:

EmptyCatalog means that the session you were using tried to find the URL for the endpoint and the catalog was empty - which makes sense because you used ?nocatalog.

My question would be why ?nocatalog? If you opt out of receiving a catalog then you are going to have to specify the full URL to the endpoint in the request.

Revision history for this message

Rodrigo Duarte (rodrigodsousa) wrote on 2016-05-25:

Yeah, that's correct. The issue here is the kind of message in the output. I think that something like explaining the reason the volume wasn't get would be better instead of displaying that it is invalid.

description:

updated

Revision history for this message

Sean Dague (sdague) wrote on 2016-06-02:

It's fine if you want to submit a patch to make this better. I'm not really convinced that we should be handling the case where users create crippled tokens and then attempt to do complex operations.

Changed in nova:
status:	New → Opinion
importance:	Undecided → Wishlist

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.