Bug #1664334 “CONF.placement.os_interface is not used in nova-st...” : Series ocata : Bugs : OpenStack Compute (nova)

Revision history for this message

Matt Riedemann (mriedem) wrote on 2017-02-13:

#1

The other issue is the choices in the config option are too restrictive. keystoneauth1 doesn't actually validate the interface values, and 'auth' is a valid value meaning, don't lookup the endpoint in the service catalog, use the configured auth_url instead.

Keystone v3 API validates the endpoint interfaces to be one of admin/public/internal:

https://github.com/openstack/keystone/commit/8ef267c3ee3f0f1e6bdb74da7ed68aeb958e5567

But keystone v2 doesn't, and the keystone v3 schema validation could theoretically change over time so we shouldn't encode that list in nova too when it's already in keystone when you create the endpoint.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-02-13: Fix proposed to nova (master)

#2

Fix proposed to branch: master
Review: https://review.openstack.org/433257

Changed in nova:
status:	Confirmed → In Progress

Matt Riedemann (mriedem) on 2017-02-14

tags:

added: ocata-rc-potential

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-02-15: Fix proposed to nova (stable/ocata)

#3

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/434316

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-02-15: Fix merged to nova (master)

#4

Reviewed: https://review.openstack.org/433257
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=2c1e1341214356808936c4a812c89d4008cdb284
Submitter: Jenkins
Branch: master

commit 2c1e1341214356808936c4a812c89d4008cdb284
Author: Matt Riedemann <email address hidden>
Date: Mon Feb 13 15:48:43 2017 -0500

Cleanup some issues with CONF.placement.os_interface

This change fixes a few things with the recently added
"os_interface" option in the [placement] config group.

    1. It adds tests for the scheduler report client that
       were missing in the original change that added the
       config option.

    2. It uses the option in the "nova-status upgrade check"
       command so it is consistent with how the scheduler
       report client uses it.

    3. It removes the restrictive choices list from the
       config option definition. keystoneauth1 allows an
       "auth" value for the endpoint interface which means
       don't use the service catalog to find the endpoint
       but instead just read it from the "auth_url" config
       option. Also, the Keystone v3 API performs strict
       validation of the endpoint interface when creating
       an endpoint record. The list of supported interfaces
       may change over time, so we shouldn't encode that
       list within Nova.

    4. As part of removing the choices, the release note
       associated with the new option is updated and changed
       from a 'feature' release note to simply 'other' since
       it's not really a feature as much as it is a bug fix.

Change-Id: Ia5af05cc4d8155349bab942280c83e7318749959
Closes-Bug: #1664334

Changed in nova:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-02-15: Fix merged to nova (stable/ocata)

#5

Reviewed: https://review.openstack.org/434316
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=a3089b41f6bfb10ce34581f72bc5fb029c836cd7
Submitter: Jenkins
Branch: stable/ocata

commit a3089b41f6bfb10ce34581f72bc5fb029c836cd7
Author: Matt Riedemann <email address hidden>
Date: Mon Feb 13 15:48:43 2017 -0500

Cleanup some issues with CONF.placement.os_interface

This change fixes a few things with the recently added
"os_interface" option in the [placement] config group.

    1. It adds tests for the scheduler report client that
       were missing in the original change that added the
       config option.

    2. It uses the option in the "nova-status upgrade check"
       command so it is consistent with how the scheduler
       report client uses it.

    3. It removes the restrictive choices list from the
       config option definition. keystoneauth1 allows an
       "auth" value for the endpoint interface which means
       don't use the service catalog to find the endpoint
       but instead just read it from the "auth_url" config
       option. Also, the Keystone v3 API performs strict
       validation of the endpoint interface when creating
       an endpoint record. The list of supported interfaces
       may change over time, so we shouldn't encode that
       list within Nova.

    4. As part of removing the choices, the release note
       associated with the new option is updated and changed
       from a 'feature' release note to simply 'other' since
       it's not really a feature as much as it is a bug fix.

    Change-Id: Ia5af05cc4d8155349bab942280c83e7318749959
    Closes-Bug: #1664334
    (cherry picked from commit 2c1e1341214356808936c4a812c89d4008cdb284)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-02-17: Fix included in openstack/nova 15.0.0.0rc2

#6

This issue was fixed in the openstack/nova 15.0.0.0rc2 release candidate.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-04-14: Fix included in openstack/nova 16.0.0.0b1

#7

This issue was fixed in the openstack/nova 16.0.0.0b1 development milestone.

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Fix Released	Medium	Matt Riedemann
	Ocata	Fix Committed	Undecided	Matt Riedemann

OpenStack Compute (nova)

CONF.placement.os_interface is not used in nova-status upgrade check

Bug Description

Other bug subscribers

Remote bug watches