We are running OSP12 (Pike) with domain specific configuration.
In order to validate the OS deployment we are running tempest against it with following active plugins:
+----------------+--------------------------------------------------------+
| Name | EntryPoint |
+----------------+--------------------------------------------------------+
| keystone_tests | keystone_tempest_plugin.plugin:KeystoneTempestPlugin |
| heat_tests | heat_integrationtests.plugin:HeatTempestPlugin |
| ironic_tests | ironic_tempest_plugin.plugin:IronicTempestPlugin |
| neutron_tests | neutron.tests.tempest.plugin:NeutronTempestPlugin |
| horizon | tempest_horizon.plugin:HorizonTempestPlugin |
| cinder_tests | cinder.tests.tempest.plugin:CinderTempestPlugin |
| designate | designate_tempest_plugin.plugin:DesignateTempestPlugin |
+----------------+--------------------------------------------------------+
It seems that the heatintegrationtests (HeatTempestPlugin) are nor properly cleaning up after themselves (maybe a separate bug) because after the tempest run there are around 12 projects that belong to the heat_stack domain. When we run tempest cleanup (we ran tempest cleanup --save-state before the tempest run) we get following error:
Begin cleanup
Process 11 projects
Cleaning project: 19d30893644445fc95eddf10bede6acf-a7487811-5874-4869-a5b3-91b3f08
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/tempest/cmd/cleanup.py", line 97, in take_action
self._cleanup()
File "/usr/lib/python2.7/site-packages/tempest/cmd/cleanup.py", line 152, in _cleanup
self._clean_project(project)
File "/usr/lib/python2.7/site-packages/tempest/cmd/cleanup.py", line 193, in _clean_project
**kwargs))
File "/usr/lib/python2.7/site-packages/tempest/common/credentials_factory.py", line 298, in get_credentials
**params)
File "/usr/lib/python2.7/site-packages/tempest/lib/auth.py", line 648, in get_credentials
creds = auth_provider.fill_credentials()
File "/usr/lib/python2.7/site-packages/tempest/lib/auth.py", line 124, in fill_credentials
auth_data = self.get_auth()
File "/usr/lib/python2.7/site-packages/tempest/lib/auth.py", line 150, in get_auth
self.set_auth()
File "/usr/lib/python2.7/site-packages/tempest/lib/auth.py", line 159, in set_auth
self.cache = self._get_auth()
File "/usr/lib/python2.7/site-packages/tempest/lib/auth.py", line 314, in _get_auth
token, auth_data = auth_func(**auth_params)
File "/usr/lib/python2.7/site-packages/tempest/lib/services/identity/v3/token_client.py", line 183, in get_token
body = self.auth(**kwargs)
File "/usr/lib/python2.7/site-packages/tempest/lib/services/identity/v3/token_client.py", line 132, in auth
resp, body = self.post(self.auth_url, body=body)
File "/usr/lib/python2.7/site-packages/tempest/lib/common/rest_client.py", line 279, in post
return self.request('POST', url, extra_headers, headers, body, chunked)
File "/usr/lib/python2.7/site-packages/tempest/lib/services/identity/v3/token_client.py", line 163, in request
raise exceptions.Unauthorized(resp_body['error']['message'])
Unauthorized: Unauthorized
Details: The request you have made requires authentication.
In the keystone log we get following lines:
2018-04-24 14:42:44.928 23 INFO keystone.common.wsgi [req-c6c7c1db-cce9-4e70-b3f9-eb13f32bc68f d111fd4cf634431cba4b33d8b7d293e2 9894873bc8c3452b81dd196e99064802 - default default] GET http://192.168.24.207:35357/v3/users?name=admin
2018-04-24 14:42:44.970 24 INFO keystone.common.wsgi [req-e4ca2aff-c398-4ee8-9a21-c6b3669d00bb d111fd4cf634431cba4b33d8b7d293e2 9894873bc8c3452b81dd196e99064802 - default default] GET http://192.168.24.207:35357/v3/role_assignments?scope.project.id=9894873bc8c3452b81dd196e99064802
2018-04-24 14:42:44.992 18 INFO keystone.common.wsgi [req-0963cc71-5dc6-42b9-91a6-a27ce5d2e725 d111fd4cf634431cba4b33d8b7d293e2 9894873bc8c3452b81dd196e99064802 - default default] GET http://192.168.24.207:35357/v3/roles
2018-04-24 14:42:45.013 22 INFO keystone.common.wsgi [req-81ba78ee-72fa-4042-bac2-d6f9fbbb14ea d111fd4cf634431cba4b33d8b7d293e2 9894873bc8c3452b81dd196e99064802 - default default] GET http://192.168.24.207:35357/v3/projects
2018-04-24 14:42:45.036 25 INFO keystone.common.wsgi [req-e91c9e7c-72a6-4d70-9235-d5a9cd049a19 d111fd4cf634431cba4b33d8b7d293e2 9894873bc8c3452b81dd196e99064802 - default default] GET http://192.168.24.207:35357/v3/projects/174d1e76b2bd4415aff46b300a4a8852/users/d111fd4cf634431cba4b33d8b7d293e2/roles
2018-04-24 14:42:45.061 29 INFO keystone.common.wsgi [req-931af35a-ce7c-4dfb-b2ee-6deaff3c6009 - - - - -] POST http://172.16.52.19:5000/v3/auth/tokens
2018-04-24 14:42:45.068 29 WARNING keystone.auth.core [req-931af35a-ce7c-4dfb-b2ee-6deaff3c6009 - - - - -] Could not find project: 19d30893644445fc95eddf10bede6acf-a7487811-5874-4869-a5b3-91b3f08.: ProjectNotFound: Could not find project: 19d30893644445fc95eddf10bede6acf-a7487811-5874-4869-a5b3-91b3f08.
2018-04-24 14:42:45.069 29 WARNING keystone.common.wsgi [req-931af35a-ce7c-4dfb-b2ee-6deaff3c6009 - - - - -] Authorization failed. The request you have made requires authentication. from 192.168.25.23: Unauthorized: The request you have made requires authentication.
Deleting the project manually by hand with openstack project delete NAME works fine with the admin user (which is also used for the tempest run)
Steps to reproduce:
(overcloud) [stack@undercloud-0 cloud]$ openstack project list ------- ------- ------- ------- +------ ----+ ------- ------- ------- ------- +------ ----+ ea1061840561162 12 | demo | bb795d61a772e47 91 | admin | e86c62b5015c37f 15 | alt_demo | 8a231fc509f299a d5 | service | ------- ------- ------- ------- +------ ----+
+------
| ID | Name |
+------
| 574113dc62b641b
| 5d733d38c049440
| b01b7d2e11914c1
| ff1110058f644c9
+------
(overcloud) [stack@undercloud-0 cloud]$ cat etc/tempest.conf | grep "auth]" -A 7 credentials = true qhZcVgtPIs bb795d61a772e47 91
[auth]
tempest_roles = admin
admin_username = admin
admin_project_name = admin
admin_domain_name = Default
use_dynamic_
admin_password = vh6FCgSmVQLevRt
admin_project_id = 5d733d38c049440
### Notice that my admin user has 'Default' as admin_domain_name.
(overcloud) [stack@undercloud-0 cloud]$ openstack domain list ------- ------- ------- ------- +------ ------+ ------- --+---- ------- ------- --+ ------- ------- ------- ------- +------ ------+ ------- --+---- ------- ------- --+ aa5b2ff0615943e ce | heat_stack | True | | ------- ------- ------- ------- +------ ------+ ------- --+---- ------- ------- --+
+------
| ID | Name | Enabled | Description |
+------
| 6461240771034ee
| default | Default | True | The default domain |
+------
### Let's create a project with a domain name assigned which is different from admin's domain
(overcloud) [stack@undercloud-0 cloud]$ openstack project create --domain heat_stack test ------- +------ ------- ------- ------- ------- + ------- +------ ------- ------- ------- ------- + aa5b2ff0615943e ce | ebe42b5ceea0db8 d5 | aa5b2ff0615943e ce | ------- +------ ------- ------- ------- ------- + ------- ------- ------- ------- +------ ----+ ------- ------- ------- ------- +------ ----+ ea1061840561162 12 | demo | bb795d61a772e47 91 | admin | e86c62b5015c37f 15 | alt_demo | ebe42b5ceea0db8 d5 | test | 8a231fc509f299a d5 | service | ------- ------- ------- ------- +------ ----+ python3. 6/site- packages/ tempest/ cmd/cleanup. py", line 102, in take_action python3. 6/site- packages/ tempest/ cmd/cleanup. py", line 159, in _cleanup _clean_ project( project) python3. 6/site- packages/ tempest/ cmd/cleanup. py", line 201, in _clean_project
+------
| Field | Value |
+------
| description | |
| domain_id | 6461240771034ee
| enabled | True |
| id | d06b100928d6468
| is_domain | False |
| name | test |
| parent_id | 6461240771034ee
| tags | [] |
+------
(overcloud) [stack@undercloud-0 cloud]$ openstack project list
+------
| ID | Name |
+------
| 574113dc62b641b
| 5d733d38c049440
| b01b7d2e11914c1
| d06b100928d6468
| ff1110058f644c9
+------
(overcloud) [stack@undercloud-0 cloud]$ tempest cleanup
Begin cleanup
Process 1 projects
Cleaning project: test
Traceback (most recent call last):
File "/usr/lib/
self._cleanup()
File "/usr/lib/
self.
File "/usr/lib/
**kwargs))
File "/usr/lib/p...