python-cinderclient

nova attach volume failed when using keystone v3 API token

Bug #1263876 reported by LiShaokai on 2013-12-24

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	python-cinderclient	Fix Released	Undecided	LiShaokai	python-cinderclient 1.3.1 "1.3.1"

Bug Description

reproduce:

1 . Get tokens of V3; POST http://1.2.3.4:5000/v3/auth/tokens

2. Use that token to attach a volume for a instance with the following request:
POST http://10.9.1.147:8774/v2/e7a9800dba03489ca2716ab03226a277/servers/9c1f855d-20d5-47d7-984c-01b4f84203f5/os-volume_attachments

{
  "volumeAttachment":{
        "device":null,
        "volumeId":"6ed17ada-0d94-4dc1-86c1-690035e4b874"
  }
}

An Error occurred : 500 internal ERROR.
IF we use keystone v2 token, attach volume is ok.

V3 service catalog:

[{u'endpoints': [{u'id': u'6c205a937fc94cd89ef6d25804631742',
                  u'interface': u'internal',
                  u'legacy_endpoint_id': u'52d0fe4693094e29a1f3737aa6a74024',
                  u'region': u'RegionOne',
                  u'url': u'http://10.9.1.147:8776/v1/e7a9800dba03489ca2716ab03226a277'},
                  {u'id': u'c289637b673643b69565a04ed1561a4c',
                  u'interface': u'public',
                  u'legacy_endpoint_id': u'52d0fe4693094e29a1f3737aa6a74024',
                  u'region': u'RegionOne',
                  u'url': u'http://10.9.1.147:8776/v1/e7a9800dba03489ca2716ab03226a277'},
                  {u'id': u'f23ede3238974e0685b5e478971a566d',
                   u'interface': u'admin',
                   u'legacy_endpoint_id': u'52d0fe4693094e29a1f3737aa6a74024',
                   u'region': u'RegionOne',
                  u'url': u'http://10.9.1.147:8776/v1/e7a9800dba03489ca2716ab03226a277'}],
                  u'id': u'9206e300379a448592df585587c68a40',
                  u'type': u'volume'}]

V2 service catalog:

[{u'endpoints': [{u'adminURL': u'http://10.9.1.147:8776/v1/e7a9800dba03489ca27',
               u'id': u'6c205a937fc94cd89ef6d25804631742',
               u'internalURL': u'http://10.9.1.147:8776/v1/e7a9800dba03486ab03226a277',
               u'publicURL': u'http://10.9.1.147:8776/v1/e7a9800dba03489c6ab03226a277',
               u'region': u'RegionOne'}]

So below code is the break in keystone V3: in cinderclient/service_catalog.py, function url_for

in LINE 83, the length of matching_endpoints is 3, so that An AmbiguousEndpoints Exception are thrown.
[code]

     80 if not matching_endpoints:
     81 raise cinderclient.exceptions.EndpointNotFound()
     82 elif len(matching_endpoints) > 1:
     83 raise cinderclient.exceptions.AmbiguousEndpoints(
     84 endpoints=matching_endpoints)
     85 else:
     86 return matching_endpoints[0][endpoint_type]

[/code]

See original description

Tags:

LiShaokai (lshaokai) on 2013-12-24

description:	updated
description:	updated
description:	updated
tags:	added: keystone

Revision history for this message

Brant Knudson (blk-u) wrote on 2013-12-30:

A note for whoever winds up fixing this - keystoneclient provides a keystoneclient.service_client.ServiceCatalog class[1] that provides support for both the v2 and v3 service catalogs.

It looks like cinderclient has its own version of this... maybe cinderclient should use the one from python-keystoneclient or copy keystoneclient's again.

[1] http://git.openstack.org/cgit/openstack/python-keystoneclient/tree/keystoneclient/service_catalog.py?id=ce6c54de91f7c129cea11a7648f8668b2f24bca9

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-01-03: Fix proposed to python-cinderclient (master)

Fix proposed to branch: master
Review: https://review.openstack.org/64792

Changed in python-cinderclient:
assignee:	nobody → LiShaokai (lshaokai)
status:	New → In Progress

Revision history for this message

lirenke (lvhancy) wrote on 2014-02-19:

look this:
https://bugs.launchpad.net/python-novaclient/+bug/1154809
same bug?

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-02-19:

Fix proposed to branch: master
Review: https://review.openstack.org/74598

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-02-25:

Fix proposed to branch: master
Review: https://review.openstack.org/76109

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-03-13: Fix merged to python-cinderclient (master)

Reviewed: https://review.openstack.org/76109
Committed: https://git.openstack.org/cgit/openstack/python-cinderclient/commit/?id=1b0ea8768c9e1368e978a45b1bba125cd81e9b59
Submitter: Jenkins
Branch: master

commit 1b0ea8768c9e1368e978a45b1bba125cd81e9b59
Author: Shao Kai Li <email address hidden>
Date: Wed Feb 19 00:34:30 2014 -0500

Import access module from keystoneclient to handle V3 endpoints

    * service_catalog.py will be used only by nova(cinder.py), it will be removed if nova
    uses access instead of service_catalog. Then service_catalog.py and
    test_service_catalog.py will be removed from cinderclient if necessary.

* Some unit tests are modified.

* Because of JSON format's modification, functions that process cinder
credentials and cinder endpoints are changed.

* Add dependency for keystoneclient in requirements.txt.

    Change-Id: Icf7badfdddcf5f55536d95db7242aff58aa34b6e
    Closes-Bug: #1263876
    bp: service-catalog

Changed in python-cinderclient:
status:	In Progress → Fix Committed

Revision history for this message

Andriy Yurchuk (ch00k) wrote on 2014-03-20:

Why is this only fixed in python-cinderclient? The bug states that a direct API request was sent to reproduce this.
I am having the exact same behavior - when I send an API request to attach a volume I get AmbiguousEndpoints exception. I think a fix must also be provided for the server-side code, not only client-side.

Revision history for this message

Andriy Yurchuk (ch00k) wrote on 2014-03-20:

Looks like there is already some work being done in this area: https://review.openstack.org/#/c/77524/

Revision history for this message

Mike Spreitzer (mike-spreitzer) wrote on 2014-03-20:

This reminds me of bug 1289135

Revision history for this message

Jordan Pittier (jordan-pittier) wrote on 2014-05-05:

#10

I am also hitting this.

cinder_api_insecure = True
cinder_catalog_info = volume:cinder:internalURL

New info : this works :
auth_uri = https://identity.cw-labs.net/v2.0
auth_host = identity.usr.lab0.aub.cw-labs.net
auth_port = 5000

This doesn't work (raise AmbiguousEndpoints)
auth_uri = https://identity.cw-labs.net/v2.0
auth_host = identity.usr.lab0.aub.cw-labs.net
auth_port = 35357

Doug Hellmann (doug-hellmann) on 2015-07-08

Changed in python-cinderclient:
milestone:	none → 1.3.1
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Related blueprints

Support keystone V3 API

Remote bug watches

Bug watches keep track of this bug in other bug trackers.