"Failed to create trust" on pike
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Sahara |
Fix Released
|
Critical
|
Unassigned |
Bug Description
puppet-sahara, after Ocata, sets the "new" keystone_authtoken values (related to Keystone v3, if I understand it correctly): https:/
But the configuration used by Sahara to setup trust (need also for cluster creation) uses the old variables names (, and then cluster creation fails ("Creating cluster failed for the following reason(s): Failed to create trust")
This affects all the installer based on puppet (including Packstack and TripleO)
Trying to fix this is not trivial because the keystone_authtoken values are kind of "private":
http://
See an attempt here:
https:/
Further testing showed that:
- apparently, even when the keystone_authtoken is imported, the unit test fails because auth_type is False by default so the new values (username, project_name, etc, vs the old admin_username, admin_tenant_name, etc) are not set:
http://
Not sure where to properly change that value.
- even ignoring the unit test, apparently the key is not read also by the updated code; apparently an injection of the new parameters is needed. The problem is that it's not clear where (sahara/main.py?)
This should be fixed before Pike.
Changed in sahara: | |
status: | New → Confirmed |
Changed in sahara: | |
importance: | Undecided → Critical |
Interesting discovery that could lead to some results: when the two services (sahara-api and sahara-engine), the logs (in debug mode) shows that:
- sahara_api loads keystonemiddlew are.auth_ token, and contains the new values
INFO sahara.main [-] Sahara API started api-paste. ini load_app /usr/lib/ python2. 7/site- packages/ oslo_service/ wsgi.py: 352 are.auth_ token [-] Starting Keystone auth_token middleware
DEBUG oslo.service.wsgi [-] Loading app sahara from /etc/sahara/
INFO keystonemiddlew
- that snipped is not visible in the logs of sahara-engine, which does not load the new values.
So something is different in the loading code of the two services.