[network] neutron fail to send event to nova

Bug #1449058 reported by zhu zhu on 2015-04-27
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack + Chef
High
Wei Hu

Bug Description

Looks the commit changes deprecated some configuration under neutron.conf:

https://review.openstack.org/#/c/172810/

But in neutron code, it is still adoption as below. Instead of using [nova] section 'admin_auth_url' or 'admin_username' etc.
CONF.nova_admin_auth_url
CONF.nova_admin_username
CONF.nova_admin_password
CONF.nova_admin_tenant_id
CONF.nova_admin_tenant_name

https://github.com/openstack/neutron/blob/master/neutron/notifiers/nova.py#L85

And for /etc/neutron/neutron.conf of neutron project, also it still use nova_admin* options.

https://github.com/openstack/neutron/blob/master/etc/neutron.conf#L347

Deprecating the options for nova_admin* options by cookbook will make neutron fail to notify nova for event and could lead VM spawn failure when vif_plugging_is_fatal=true in nova.conf

zhu zhu (zhuzhubj) on 2015-04-27
description: updated
Mark Vanderwiel (vanderwl) wrote :

Shouldn't this be a bug against base neutron to stop using the deprecated Conf options?

tags: added: network
zhu zhu (zhuzhubj) wrote :

Looks neutron change come from https://review.openstack.org/#/c/142366/7/neutron/notifiers/nova.py.

With devstack installation I found under [nova] is:

[nova]
region_name = RegionOne
project_domain_id = default
project_name = service
user_domain_id = default
password = passw0rd
username = nova
auth_url = http://127.0.0.1:35357
auth_plugin = password

It looks that the new authentication can be functional but with "project_name", "username", "password", "user_domain_id", "auth_url" (Generic options from keystoneclient) instead of using attibutes like "admin_user_name", "admin_tenant_name" "admin_password" or "admin_auth_url" which current cookbook render.

Ma Wen Cheng (mars914) on 2015-04-28
Changed in openstack-chef:
assignee: nobody → Ma Wen Cheng (mars914)

Fix proposed to branch: master
Review: https://review.openstack.org/178028

Changed in openstack-chef:
status: New → In Progress
Changed in openstack-chef:
importance: Undecided → High
milestone: none → liberity-rc1
milestone: liberity-rc1 → kilo-rc1

Authenticating to nova using nova_admin_* options is deprecated.
  CONF.nova_admin_auth_ur
  CONF.nova_admin_username
  CONF.nova_admin_password
  CONF.nova_admin_tenant_id
  CONF.nova_admin_tenant_name

This should be done using an auth plugin, like password:
  [nova]
  region_name = RegionOne
  project_domain_id = default
  project_name = service
  user_domain_id = default
  password = passw0rd
  username = nova
  auth_url = http://127.0.0.1:35357
  auth_plugin = password

summary: - neutron fail to send event to nova
+ [network] neutron fail to send event to nova
Ma Wen Cheng (mars914) wrote :

$ select id, name from domain

ID NAME
---------------------------------------------------------------- ----------------------------------------------------------------
default Default
ced7cb9df05f46db90f08913faa6a5e4 heat

  2 record(s) selected.

$ select id, name, domain_id from project

ID NAME DOMAIN_ID
---------------------------------------------------------------- ---------------------------------------------------------------- ----------------------------------------------------------------
a893e0cc5195403593e801672b51c8e5 admin default
8666fd35f23f40e9888c089761473925 service default

select name, domain_id from "user"

NAME DOMAIN_ID
---------------------------------------------------------------------- ----------------------------------------------------------------
heat_stack_admin ced7cb9df05f46db90f08913faa6a5e4
admin default
ceilometer default
cinder default
glance default
heat default
ironic default
neutron default
nova default

  9 record(s) selected.

Mark Vanderwiel (vanderwl) wrote :

would like to see more code/wiki refs to where is nova auth plugin is doc'd.

Ma Wen Cheng (mars914) wrote :

If the auth plugin is "Password", a project, username and password are needed to identify the user.
An optional domain may also be included. This is the most common type and is the default any time a username is supplied.
An auth URL for the Identity service is also required.
[Required: --os-auth-url, --os-project-name, --os-username; Optional: --os-password]

for detail auth plugins , refer to https://github.com/openstack/python-openstackclient/blob/master/doc/source/authentication.rst#authentication-plugins

Changed in openstack-chef:
assignee: Ma Wen Cheng (mars914) → Wei Hu (huwei-xtu)

Reviewed: https://review.openstack.org/178028
Committed: https://git.openstack.org/cgit/stackforge/cookbook-openstack-network/commit/?id=38758fbb145751847e975873ce60c28e46bf6db0
Submitter: Jenkins
Branch: master

commit 38758fbb145751847e975873ce60c28e46bf6db0
Author: wenchma <email address hidden>
Date: Tue Apr 28 10:05:48 2015 +0800

    Refactor nova section to enable auth strategy

    Authenticating to nova using nova_admin_* options is deprecated.

      CONF.nova_admin_auth_url
      CONF.nova_admin_username
      CONF.nova_admin_password
      CONF.nova_admin_tenant_id
      CONF.nova_admin_tenant_name

    This should be done using an auth plugin, like password:

      [nova]
      region_name = RegionOne
      project_domain_id = default
      project_name = service
      user_domain_id = default
      password = passw0rd
      username = nova
      auth_url = http://127.0.0.1:35357
      auth_plugin = password

    Reference: https://github.com/openstack/neutron/blob/master/neutron/notifiers/nova.py#L85-90

    Change-Id: I8896af89f1b5fef39776a8aa1289cb9ee7645a08
    Closes-bug: #1449058

Changed in openstack-chef:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers