puppet-keystone

Does not work if v3 API variables are set in the environment

Bug #1488018 reported by Martin Gerhard Loschwitz
26
This bug affects 5 people
Affects Status Importance Assigned to Milestone
puppet-keystone
Invalid
Undecided
Unassigned

Bug Description

Hello,

following the documentation in the modules, the following environmental variables should work for puppet-keystone to function with the v3 Keystone API:

# To be sure everything is working, run:
# $ export OS_IDENTITY_API_VERSION=3
# $ export OS_USERNAME=admin
# $ export OS_USER_DOMAIN_NAME=admin_domain
# $ export OS_PASSWORD=ChangeMe
# $ export OS_PROJECT_NAME=admin
# $ export OS_PROJECT_DOMAIN_NAME=admin_domain
# $ export OS_AUTH_URL=http://keystone.local:35357/v3

If these are set, calling keystone_endpoint will fail. The keystone_endpoint provider tries to call the "openstack" client with v2 syntax, as can be seen:

Error: Could not prefetch keystone_endpoint provider 'openstack': Execution of '/usr/bin/openstack endpoint list --quiet --format csv --long' returned 2: usage: openstack endpoint list [-h] [-f {csv,html,json,table,yaml}]
                               [-c COLUMN] [--max-width <integer>]
                               [--quote {all,minimal,none,nonnumeric}]
                               [--service <service>] [--interface <interface>]
                               [--region <region-id>]
openstack endpoint list: error: unrecognized arguments: --long

Error: /Stage[main]/Heat::Keystone::Auth/Keystone::Resource::Service_identity[heat]/Keystone_endpoint[RegionOne/heat]/ensure: change from absent to present failed: Execution of '/usr/bin/openstack endpoint create --format shell heat --region RegionOne --publicurl http://77.247.82.207:8004/v1/%(tenant_id)s --internalurl http://77.247.82.207:8004/v1/%(tenant_id)s --adminurl http://77.247.82.207:8004/v1/%(tenant_id)s' returned 2: usage: openstack endpoint create [-h] [-f {html,json,shell,table,value,yaml}]
                                 [-c COLUMN] [--max-width <integer>]
                                 [--prefix PREFIX] [--region <region-id>]
                                 [--enable | --disable]
                                 <service> <interface> <url>
openstack endpoint create: error: argument <interface>: invalid choice: 'http://77.247.82.207:8004/v1/%(tenant_id)s' (choose from 'admin', 'public', 'internal')

In fact, the "openstack" client changes its supported arguments depending on the OS_IDENTITY_API_VERSION. If it is set to 3, calling it the way the module currently does is not supported.

The catastrophy becomes complete if there is a file called /root/openrc -- obviously, openstacklib tries to load that file and takes its environment from there. As a consequence, puppet runs can not be completed with puppet-keystone as most providers in puppet-keystone now rely on the v3 API, except for the keystone_endpoint provider, that needs the v2 API.

keystone_endpoint needs to be ported to support the new way of specifying admin, internal and public URLs and should not rely on the V2 API anymore.

See original description
Martin Gerhard Loschwitz (martin-loschwitz)
description: updated
Revision history for this message
Gilles Dubreuil (gdubreui) wrote :

I believe there is a misunderstanding with the "# To be sure everything is working, run:" part.

The intend is to verify that everything is working 'after' running the installation.
The reason that fails is because it effectively forces the OS_IDENTITY_API_VERSION and OS_AUTH_URL to API v3 and that cannot effectively work with the keystone_endpoint provider which is still implemented for v2.

The reason the endpoint provider is created under v2 is because the v3 endpoint is not visible (compatible) for v2 and because currently puppet-keystone is providing support across both API versions.

To be able to bootstrap Keystone installation properly, I would not recommend to have an openrc or any openstack variables preset.

Once V2 API support would be dropped from puppet-keystone, Keystone V3 endpoint would work just fine.
That said, presetting environment variables to V2 wouldn't help either.

Revision history for this message
Gilles Dubreuil (gdubreui) wrote :

The details about the v3/v2 endpoint issue:

https://bugs.launchpad.net/keystone/+bug/1470635https://bugs.launchpad.net/keystone/+bug/1470635

Revision history for this message
Gilles Dubreuil (gdubreui) wrote :

Sorry, bad paste, I meant this link:

https://bugs.launchpad.net/keystone/+bug/1470635

Revision history for this message
Richard Megginson (rmeggins) wrote :

Gilles, do you consider this to be a bug? Or is your solution to this problem "Don't set OS_URL, OS_AUTH_URL, or OS_IDENTITY_API_VERSION before running puppet"?

Revision history for this message
Matt Fischer (mfisch) wrote :

Incomplete pending response.

Changed in puppet-keystone:
status: New → Incomplete
Revision history for this message
Matt Fischer (mfisch) wrote :

Possibly a dupe of 1522541. Closing due to no update from submitter.

Changed in puppet-keystone:
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.