Support for versionless Keystone endpoints

Bug #1688320 reported by Kevin Lefevre
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack-Ansible
Fix Released
Undecided
Kevin Lefevre

Bug Description

On master branch, some horizon feature are broken and also nova quota. This is du to the fact that Keystone endpoints are set with "/v3" inside catalog.

When updating keystone to versionless endpoint. Horizon is working properly and quota are back.

Apparently this is du to nova commit : https://github.com/openstack/nova/commit/f6fbfc7ff07b790ef052a759552c69429b3d79c7

Also some other project are reporting issues :
https://bugs.launchpad.net/blazar/+bug/1681419
https://bugs.launchpad.net/kolla-ansible/+bug/1668663

But this broke some stuff with OpenStack-ansible, for the moment I cannot deploy anoything because of /etc/ansible/roles/plugins/library/keystone which try to use the endpoint whithout /v3.

```
fatal: [aio1_magnum_container-8a2e6422]: FAILED! => {
    "attempts": 5,
    "changed": false,
    "failed": true,
    "module_stderr": "/usr/local/lib/python2.7/dist-packages/keystoneauth1/adapter.py:142: UserWarning: Using keystoneclient sessions has been deprecated. Please update your softw
are to use keystoneauth1.\n warnings.warn('Using keystoneclient sessions has been deprecated. '\nTraceback (most recent call last):\n File \"/tmp/ansible_MwEWDA/ansible_module_k
eystone.py\", line 1459, in <module>\n main()\n File \"/tmp/ansible_MwEWDA/ansible_module_keystone.py\", line 1453, in main\n km.command_router()\n File \"/tmp/ansible_MwE
WDA/ansible_module_keystone.py\", line 484, in command_router\n facts = action(variables=action_command['variables'])\n File \"/tmp/ansible_MwEWDA/ansible_module_keystone.py\"
, line 1038, in ensure_service\n service = self._get_service(name=service_name, srv_type=service_type)\n File \"/tmp/ansible_MwEWDA/ansible_module_keystone.py\", line 1013, in
 _get_service\n for entry in self.keystone.services.list():\n File \"/usr/local/lib/python2.7/dist-packages/positional/__init__.py\", line 101, in inner\n return wrapped(*a
rgs, **kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/keystoneclient/v3/services.py\", line 97, in list\n **kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/k
eystoneclient/base.py\", line 75, in func\n return f(*args, **new_kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/keystoneclient/base.py\", line 390, in list\n self
.collection_key)\n File \"/usr/local/lib/python2.7/dist-packages/keystoneclient/base.py\", line 125, in _list\n resp, body = self.client.get(url, **kwargs)\n File \"/usr/loca
l/lib/python2.7/dist-packages/keystoneauth1/adapter.py\", line 223, in get\n return self.request(url, 'GET', **kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/keystone
auth1/adapter.py\", line 380, in request\n resp = super(LegacyJsonAdapter, self).request(*args, **kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/keystoneauth1/adapter
.py\", line 148, in request\n return self.session.request(url, method, **kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/positional/__init__.py\", line 101, in inner\n
    return wrapped(*args, **kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/keystoneclient/session.py\", line 445, in request\n raise exceptions.from_response(resp, me
thod, url)\nkeystoneauth1.exceptions.http.NotFound: (http://172.29.236.100:35357/services): The resource could not be found. (HTTP 404)\n",
    "module_stdout": "(u'http://172.29.236.100:35357',)\n",
    "msg": "MODULE FAILURE",
    "rc": 1
}
```

Apparently there is a way to automaticly discover the keystone version and URL from a versionless endpoint and it is supposed to be the way to go.

It's been discussed a little bit on the ML [openstack-dev] [all][tc][cinder][mistral][manila] A path forward to shiny consistent service types

Does someone know anything about that ?

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible-plugins (master)

Fix proposed to branch: master
Review: https://review.openstack.org/462879

Changed in openstack-ansible:
assignee: nobody → Kevin Lefevre (archifleks)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible-os_keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/462880

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-plugins (master)

Reviewed: https://review.openstack.org/462879
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-plugins/commit/?id=fa85b973130f3bc454c297759d0d28b1a55d7612
Submitter: Jenkins
Branch: master

commit fa85b973130f3bc454c297759d0d28b1a55d7612
Author: ArchiFleKs <email address hidden>
Date: Fri May 5 11:14:56 2017 +0200

    Support Keystone versionless endpoints

    Uses keystone.client instead of keystone.client.v3 with session and auth
    to return a keystone client with the discovered URL.

    Also sets project_domain_name and user_domain_name do "Default" as they
    are expected by Keystone.

    Change-Id: I8fce922e2907584138a132f37887f227eabe9abe
    Partial-Bug: #1688320

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-os_keystone (master)

Reviewed: https://review.openstack.org/462880
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-os_keystone/commit/?id=c0b5e8c90a159e9930651da9d217176080b5ff82
Submitter: Jenkins
Branch: master

commit c0b5e8c90a159e9930651da9d217176080b5ff82
Author: ArchiFleKs <email address hidden>
Date: Fri May 5 11:18:11 2017 +0200

    Bootstrap Keystone with versionless endpoints

    Change-Id: Id88657f2abb4bd0741751a6cf035d93ad62bc310
    Depends-On: I8fce922e2907584138a132f37887f227eabe9abe
    Partial-Bug: #1688320

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to openstack-ansible-openstack_openrc (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/485155

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to openstack-ansible-openstack_openrc (master)

Reviewed: https://review.openstack.org/485155
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-openstack_openrc/commit/?id=2d65f030663b7485640bc6a3611ce63626e9d3ee
Submitter: Jenkins
Branch: master

commit 2d65f030663b7485640bc6a3611ce63626e9d3ee
Author: Jesse Pretorius <email address hidden>
Date: Wed Jul 19 11:52:56 2017 +0100

    Make keystone v3 endpoints the default

    The logic which previously implemented a
    check for v3 in the endpoint does not work
    with versionless endpoints.

    As versionless endpoints are likely to be
    more common, and the v3 auth protocol is
    now the defult and the norm, the check is
    now done for a v2 endpoint instead.

    Related-Bug: #1688320
    Change-Id: If4818e6220aba921890e647cfb21e078bb254821

Changed in openstack-ansible:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.