OpenStack Compute (nova)

Nova and Keystone don't work in multi-zone mode

Bug #885755 reported by Jérôme Gallard
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Invalid
High
Sandy Walsh

Bug Description

OpenStack rev11312

In a multi-zone mode, when a parent zone add a new child (nova zone-add blabla) it tries to poll the child zone but never succeed.
To poll that zone it asks the keystone admin account (of the child) without precising a tenant ID.
In that case Keystone responds : No service catalog (http://paste.openstack.org/show/3058/).

The problem can be roughly fixed by changing "None" by the name of the admin tenant in nova/scheduler/zone_manager.py l102 (_call_novaclient).

See original description
Jérôme Gallard (jerome-gallard)
description: updated
description: updated
Revision history for this message
Jérôme Gallard (jerome-gallard) wrote :

I have the same issue with a "nova list" command.

In the file scheduler/api.py (l123), a tenant should be given (instead of "None").

Revision history for this message
Sandy Walsh (sandy-walsh) wrote :

Correct, I need to document this somewhere, it recently became an issue with Keystone changes.

When you register a child zone you need to do so with a user that has the KeystoneServiceAdmin role and no associated tenant. Otherwise the /token/xxxxx/endpoints call won't work.

That said, there were more keystone changes recently that even prevent this from working (no global endpoints are returned). I'm working with the Keystone team now to figure out a compromise.

Changed in nova:
assignee: nobody → Sandy Walsh (sandy-walsh)
status: New → In Progress
Thierry Carrez (ttx)
Changed in nova:
importance: Undecided → High
Revision history for this message
Mark McLoughlin (markmc) wrote :

@sandy: any update on this? Is 'In Progress' still accurate?

(Just doing some janitorial triaging)

Revision history for this message
Sandy Walsh (sandy-walsh) wrote :

We are currently working on zones rewrite which will bypass keystone completely. I'm currently working on a branch to remove all the existing zones infrastructure in preparation.

This will be a non-issue shortly.

Revision history for this message
Matt Dietz (cerberus) wrote :

This hasn't been addressed in 4 months, and the last comment from Sandy indicates it should be taken care of now. Therefore, marking invalid.

Changed in nova:
status: In Progress → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.