StarlingX

DOCS: Need to add a common "REST API Access" Section to ALL Installation Guides

Bug #1837931 reported by Greg Waines on 2019-07-25

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Fix Released	High	Kristal Dale

Bug Description

Brief Description
-----------------
Need to add a common "REST API Access" section to ALL the Installation and Deployment Guides. I don't believe external access to REST APIs are possible with the current instructions. E.g. any remote tools or scripts based on openstack rest apis or openstack remote CLIs (which use the rest apis) would likely not work.

Need to
a) configure a unique endpoint domain for openstack
e.g. system service-parameter-modify openstack helm endpoint-domain system-1.wrs.com
b) re-apply the stx-openstack application to apply this change
e.g. system application-apply stx-openstack
c) configure the appropriate external dns servers to map *.system-1.wrs.com to the oam floating ip

... then access keystone via http://keystone.system-1.wrs.com:80 ... which will return the service catalog of all the other services' URLs (which will be based on the same FQDN).

Also access openstack horizon via http://horizon.system-1.wrs.com:80

Severity
--------
Provide the severity of the defect.
<Major: System/Feature is usable but degraded>

Steps to Reproduce
------------------
From a remote node with IP connectivity to the OAM Floating IP, try to send a curl/rest-api request to the keystone admin URL for the OpenStack Application ... as shown when you do an 'openstack endpoint list' in the openstack context
i.e. adminURL = http://keystone.openstack.svc.cluster.local:80/v3
( remember http://<oam-floating-ip>:5000/v3 is the PLATFORM's Keystone URL ... not OPENSTACK's )

All the OpenStack Service Endpoints ... i.e. returned in the keystone catalog ... will be of the above FQDN format.

curl -i \
  -H "Content-Type: application/json" \
  -d '
{ "auth": {
    "identity": {
      "methods": ["password"],
      "password": {
        "user": {
          "name": "admin",
          "domain": { "id": "default" },
          "password": "Li69nux*"
        }
      }
    },
    "scope": {
      "project": {
        "name": "admin",
        "domain": { "id": "default" }
      }
    }
  }
}' \
  "http://keystone.openstack.svc.cluster.local:80/v3/auth/tokens" ;

Expected Behavior
------------------
External access to OpenStack REST APIs should be possible

Actual Behavior
----------------
Not possible with current installation instructions

Reproducibility
---------------
100% reproducible

System Configuration
--------------------
All configs.

Branch/Pull Time/Commit
-----------------------
any

Last Pass
---------
NA

Timestamp/Logs
--------------
NA

Test Activity
-------------
Evaluation

Tags:

Ghada Khalil (gkhalil) on 2019-07-25

tags:

added: stx.docs

Revision history for this message

Ghada Khalil (gkhalil) wrote on 2019-07-26:

Marked as high priority / stx.2.0 gating based on Greg's recommendation

tags:	added: stx.2.0
Changed in starlingx:
importance:	Undecided → High
status:	New → Triaged
assignee:	nobody → Michael Tullis (mltullis)

Revision history for this message

Erich Cordoba (ericho) wrote on 2019-09-02:

I tried this command but I got the following error:

[sysadmin@controller-0 ~(keystone_admin)]$ system service-parameter-modify openstack helm endpoint-domain system-1.wrs.com
Service Parameter not found: service openstack, section helm, name system-1.wrs.com
Service Parameter not found: service openstack, section helm, name endpoint-domain

So, then I tried to get service parameter list, but I was unable to get anything from openstack:

[sysadmin@controller-0 ~(keystone_admin)]$ system service-parameter-list | awk '{print $4, $6}'

service section

horizon auth
horizon auth
radosgw config
http config
http config
radosgw config
identity config
platform maintenance
platform maintenance
platform maintenance
platform maintenance
platform maintenance
platform maintenance
platform maintenance
platform maintenance
docker proxy
docker proxy
docker proxy
| 2,192.168.204.3,10.10.10.2,10.10.10.3,192.168.
| 204.4,10.10.10.4
| |

Revision history for this message

Michael Tullis (mltullis) wrote on 2019-09-04:

This fix is now in review at https://review.opendev.org/679896.

Changed in starlingx:
status:	Triaged → Fix Committed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-10-03: Fix proposed to docs (master)

Fix proposed to branch: master
Review: https://review.opendev.org/686490

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-10-04: Change abandoned on docs (master)

Change abandoned by Kristal Dale (<email address hidden>) on branch: master
Review: https://review.opendev.org/679896
Reason: Closing this review in favor of 686490 which includes the REST API info requested in the linked bug and also includes a productized approach for the CLI info. This review will be referenced for possible inclusion in R3 content (It has already been linked in a R3 story). Thanks for the additional content Erich!

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-10-04: Fix merged to docs (master)

Reviewed: https://review.opendev.org/686490
Committed: https://git.openstack.org/cgit/starlingx/docs/commit/?id=925e748880347f86964565d8cbcc48da3a8e1376
Submitter: Zuul
Branch: master

commit 925e748880347f86964565d8cbcc48da3a8e1376
Author: Kristal Dale <email address hidden>
Date: Thu Oct 3 13:24:35 2019 -0700

Add content to Access OpenStack doc

- New content for REST APIs section
- New content for Configure helm endpoint section

Closes-Bug: #1837931

Change-Id: I2faac00db92a8353c6172986fca75d3de6da2e04
Signed-off-by: Kristal Dale <email address hidden>

Changed in starlingx:
status:	Fix Committed → Fix Released

Revision history for this message

ANIRUDH GUPTA (anyrude10) wrote on 2019-11-06:

Hi Team,

I have installed StarlingX 2.0.1 and facing issue in accessing Openstack Services Rest Based API from a remote server. In each request, I have to pass the Host of the service.

In order to get a token from a remote server, we need to add Host corresponding to each service in curl command

curl -i -H "Content-Type: application/json" -H "Host: keystone.hsc-starlingx-company.com" -d '{ "auth": {
    "identity": {
      "methods": ["password"],
      "password": {
        "user": {
          "name": "admin",
          "domain": { "id": "default" },
          "password": "Centos@123"
        }
      }
    },
    "scope": {
      "project": {
        "name": "admin",
        "domain": { "id": "default" }
      }
    }
  }
}' http://192.168.121.141:80/v3/auth/tokens

TOKEN=<Set token retrieved from above request>

curl -i http://192.168.121.141:80/v2.1/flavors -X GET -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token:${TOKEN}" -H "Host: nova.hsc-starlingx-company.com" | tail -1 | python -m json.tool

where
192.168.121.141 - OAM IP which is publicly accessible.
keystone.hsc-starlingx-company.com - Keystone endpoint
nova.hsc-starlingx-company.com - Nova Endpoint

Expected Behavior
------------------
External access to OpenStack REST APIs should be possible without passing Host for each service

Can someone please update the status

Kristal Dale (kdale) on 2019-11-06

Changed in starlingx:
assignee:	Michael Tullis (mltullis) → Kristal Dale (kdale)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.