juju openstack-base bundle neutron-*-net-ksv3 sometimes chooses wrong project

Bug #1803700 reported by Ed Stewart on 2018-11-16
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Bundles
Medium
Andrew McLeod

Bug Description

After deploying the openstack-base-57 bundle, OpenStack ends up with the following domain/project structure:

$ openstack domain list
+----------------------------------+----------------+---------+-----------------+
| ID | Name | Enabled | Description |
+----------------------------------+----------------+---------+-----------------+
| 0be00c7042f04e2ebfcdcace8b2ca96b | admin_domain | True | Created by Juju |
| 1484134aca4e470ba4d9a513ec0858d3 | default | True | Created by Juju |
| a18c69b387e3473294b53617a4d48603 | service_domain | True | Created by Juju |
+----------------------------------+----------------+---------+-----------------+

$ openstack project list --long
+----------------------------------+----------+----------------------------------+-----------------+---------+
| ID | Name | Domain ID | Description | Enabled |
+----------------------------------+----------+----------------------------------+-----------------+---------+
| 05d117cf95cf449f9091ecfdcc45f36c | services | a18c69b387e3473294b53617a4d48603 | Created by Juju | True |
| 31e074b3ddae4ac2b1e820a0ba3bee6a | admin | 0be00c7042f04e2ebfcdcace8b2ca96b | Created by Juju | True |
| 4926e92ac0b645778d99a9ec00a67dae | admin | 1484134aca4e470ba4d9a513ec0858d3 | Created by Juju | True |
| 50c45455f6ba4a62ba299311be9d9aaf | services | 1484134aca4e470ba4d9a513ec0858d3 | Created by Juju | True |
+----------------------------------+----------+----------------------------------+-----------------+---------+

As a result there are two projects called 'admin'. The README for the bundle says to run the two scripts neutron-ext-net-ksv3 and neutron-tenant-net-ksv3 to create test tenant and provider networks within the admin project. However, these scripts do not work well if there are two admin projects which is the case after the bundle deploys (one each in two domains) - they loop through all the projects looking for the first with the name passed in.

Suggest the following fix to identify the correct project_id by matching on project_Id and domain_id within both these scripts:

    # Resolve domain id
    domain_id = None
    for dom in [t._info for t in keystone.domains.list()]:
        if (dom['name'] == (os.environ['OS_PROJECT_DOMAIN_NAME'])):
            domain_id = dom['id']
            break # Domain ID found - stop looking
    if not domain_id:
        logging.error("Unable to locate domain for %s.", os.environ['OS_PROJECT_DOMAIN_NAME']);

    # Resolve tenant id
    project_id = None
    for proj in [t._info for t in keystone.projects.list()]:
        if (proj['domain_id'] == domain_id and proj['name'] == (opts.project or os.environ['OS_PROJECT_NAME'])):
            project_id = proj['id']
            break # Tenant ID found - stop looking
    if not project_id:
        logging.error("Unable to locate project id for %s.", opts.tenant)
        sys.exit(1)

James Page (james-page) wrote :

The duplication is an interesting nuance of having to support older clouds which are v2 based, and their upgrade to keystone v3.

Suggested changes to improve scoping of the calls look sensible.

Changed in openstack-bundles:
status: New → Triaged
importance: Undecided → Medium
James Page (james-page) on 2018-11-26
Changed in openstack-bundles:
assignee: nobody → Andrew McLeod (admcleod)
Andrew McLeod (admcleod) wrote :

I've added the suggested code to both scripts and commited to https://github.com/openstack-charmers/openstack-bundles/tree/fix-1803700 branch

I will attempt to test this soon, but if someone else can test that would enable a quicker merge.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers