OpenStack-Ansible

  1. Bug #1632436
  2. Comment #8

Comment 8 for bug 1632436

Revision history for this message
Charles Farquhar (cfarquhar) wrote :

This has turned out to be a bit more complex that I originally thought.

- ironic-conductor works when configuring [keystone_authtoken] with admin_tenant_name, admin_user, and admin_password [1]. It can't auth [2] when configuring with project_name, username, and password.

- ironic-api works when configuring [keystone_authtoken] with project_name, username, and password [3]. It can't auth [4] when configuring with admin_tenant_name, admin_user, and admin_password.

Environment:
- stable/mitaka with ironic commit 5a5b3dcafa (HEAD of stable/mitaka as of Sept 29)
- ironic-api is running as a WSGI app behind apache

[1] working config for ironic-conductor (breaks ironic-api)
[keystone_authtoken]
insecure = False
auth_type = password
signing_dir = /var/lib/ironic/cache/api
auth_url = http://10.xx.xx.45:35357
auth_uri = http://10.xx.xx.45:5000
admin_tenant_name = service
admin_user = ironic
admin_password = secret

[2] ironic-conductor error when using project_name, username, and password config keys
2016-10-13 12:01:23.852 7645 ERROR ironic.conductor.manager [req-3a280936-5697-43b9-9b14-821f46ebf195 - - - - -] Error while preparing to deploy to node f4617648-48b4-452d-bad4-5b281de67137: Could not authorize in Keystone: A user and password or token is required.

[3] working config for ironic-api (breaks ironic-conductor)
[keystone_authtoken]
insecure = False
auth_type = password
signing_dir = /var/lib/ironic/cache/api
auth_url = http://10.xx.xx.45:35357
auth_uri = http://10.xx.xx.45:5000
project_name = service
username = ironic
password = secret

[4] ironic-api error when using admin_{tenant_name,user,password} config keys
[Wed Oct 12 15:14:21.442754 2016] [:error] [pid 3176:tid 140102114649856] 2016-10-12 15:14:21.442 3176 CRITICAL keystonemiddleware.auth_token [-] Unable to validate token: Failed to fetch token data from identity server
[Wed Oct 12 15:14:29.483687 2016] [:error] [pid 3176:tid 140102114649856] 2016-10-12 15:14:29.483 3176 ERROR keystonemiddleware.auth_token [-] Bad response code while validating token: 400
[Wed Oct 12 15:14:29.484064 2016] [:error] [pid 3176:tid 140102114649856] 2016-10-12 15:14:29.483 3176 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "Expecting to find username or userId in passwordCredentials - the server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.", "code": 400, "title": "Bad Request"}}