Rally

Cannot use non-public images even if admin

Bug #1359274 reported by Alec Hothan
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Rally
Opinion
Undecided
Unassigned

Bug Description

When using admin credentials, rally tasks cannot use non-public images.
To reproduce:
- use any benchmark task that defines a particular image name
- make sure the image is set to non-public (or change the task config to use a non public image name)
- use a deployment with admin credentials

The task will fail with an error message saying that the image is not found.

================================================================================
Task 4884c60a-22a4-4b83-b843-c931217cc6f5 is failed.
--------------------------------------------------------------------------------
<class 'rally.exceptions.InvalidBenchmarkConfig'>
Task config is invalid.
 Benchmark NovaServers.boot_and_delete_server has wrong configuration at position 0
 Reason: Image with pattern '^Ubuntu Server 14.04$' not found
 Benchmark configuration: {'runner': {'type': 'constant', 'concurrency': 1, 'times': 5}, 'args': {'flavor': {'name': 'm1.small'}, 'image': {'name': 'Ubuntu Server 14.04'}}, 'context': {'users': {'users_per_tenant': 2, 'tenants': 3}}}

One would expect the user name credentials would be used to access the image.

The problem happens because a different end point is being used to list the images through glance:
{'username': u'ctx_rally_52035b9a7de24a6286043b628cb23e87_user_0', 'use_public_urls': False, 'auth_url': u'http://172.29.87.40:5000/v2.0', 'region_name': None, 'admin_port': 35357, 'tenant_name': u'ctx_rally_96c504f6-a534-44b3-8926-f37863f31422_tenant_0', 'user_domain_name': 'default', 'password': 'password', 'domain_name': None, 'project_domain_name': 'default'}

While a "rally show images" would use the proper end point:
{'username': u'admin', 'use_public_urls': False, 'region_name': None, 'permission': 'admin', 'tenant_name': u'admin', 'user_domain_name': 'Default', 'admin_port': 35357, 'domain_name': None, 'auth_url': u'http://172.29.87.40:5000/v2.0', 'password': u'admin', 'project_domain_name': 'Default'}

Revision history for this message
Sergey Skripnick (eyerediskin) wrote :

Rally never uses admin credentials for benchmarks directly, it creates users and tenants, and run tasks with this newly created credentials.

Not sure if we should make ability to use admin endpoint directly in benchmark

Changed in rally:
status: New → Opinion
Revision history for this message
Sergey Skripnick (eyerediskin) wrote :

Sorry, I mean benchmarks with user contexts. "user" context creates users and uses them to run your task. Maybe we can make "admin" context, or option "admin" for user context.

Revision history for this message
Alec Hothan (ahothan) wrote :

I think this (having a admin user context) may be needed.
This raises a more general question on the kind of OpenStack operations that can be tested by rally benchmarks. Clearly there are many OpenStack APIs that behave differently based on the privilege level of the "user" and it looks reasonable to be able to benchmark actions that can only be executed by admin.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.