shadow tenant not working

This appears to be a consequence of the recent changes to nova client 7.0.0 and oslo.context which we dealt with in remote.py but not single-tenant remote.

I have also pointed 165154 to this bug; the issue is the same thing.

@Amrith, may I know the status of this bug? Has it been fixed?

what does it say in lp?

-amrith

On Jun 22, 2017 21:21, "Fei Long Wang" <email address hidden> wrote:

> @Amrith, may I know the status of this bug? Has it been fixed?
>
> --
> You received this bug notification because you are a bug assignee.
> Matching subscriptions: trove-bugs
> https://bugs.launchpad.net/bugs/1662300
>
> Title:
> shadow tenant not working
>
> Status in OpenStack DBaaS (Trove):
> Confirmed
>
> Bug description:
> I'm implementing a shadow tenant for Trove using the documentation on
> trove/common/single_tenant_remote.py.
>
> Here's the problems I found so far:
>
> * the correct import for nova is from novaclient.client import Client as
> NovaClient.
> * the correct use is:
> client = NovaClient('2',username=CONF.nova_proxy_admin_user,
> password=CONF.nova_proxy_admin_pass,
> project_id=CONF.nova_proxy_admin_tenant_name,
> * Cinder and Neutron do not support Keystone v3 so i have to force a
> v2.0 PROXY_AUTH_URL.
> * Cinder client needs to be call like this:
> * client = CinderClient.Client(username=CONF.nova_proxy_admin_user,
> api_key=CONF.nova_proxy_admin_pass,
> project_id=CONF.nova_proxy_
> admin_tenant_name,
> auth_url='https://FORCED:5000/v2.0',
> service_type=CONF.cinder_service_type,
> region_name=CONF.os_region_name)
>
>
> With all this changes I still have a problem:
> http://paste.openstack.org/show/597872/
>
> I'm using Mitaka with a stable/newton branch of Trove. On my cloud
> Trove without the remote_*_client configuration (without shadow
> tenant) works fine.
>
>
> I will really appreciate if someone check this and create the proper
> documentation.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/trove/+bug/1662300/+subscriptions
>
> Launchpad-Notification-Type: bug
> Launchpad-Bug: product=trove; milestone=ocata-3; status=Confirmed;
> importance=High; <email address hidden>;
> Launchpad-Bug-Information-Type: Public
> Launchpad-Bug-Private: no
> Launchpad-Bug-Security-Vulnerability: no
> Launchpad-Bug-Commenters: amrith flwang smorales-linets
> Launchpad-Bug-Reporter: Sergio A. Morales (smorales-linets)
> Launchpad-Bug-Modifier: Fei Long Wang (flwang)
> Launchpad-Message-Rationale: Assignee
> Launchpad-Message-For: amrith
> Launchpad-Subscription: trove-bugs
>

I can't see the status/process, given it's a Ocata-3 and now it's Pike-3, so I asked. And I asked because I'm willing to help.

the status is that it isn't fixed. if you can fix it, fix it please ... but
fair warning, if I were you, I would not make this my #1 thing to try and
fix.

I assure you that you will be unhappy when you realize what it will
involve, and you will most likely be frustrated that you will not be able
to land your change soon.

there is a lot to it but, you are most welcome to reassign the bug to
yourself and try.

-amrith

On Jun 22, 2017 10:11 PM, "Fei Long Wang" <email address hidden> wrote:

> I can't see the status/process, given it's a Ocata-3 and now it's
> Pike-3, so I asked. And I asked because I'm willing to help.
>
> --
> You received this bug notification because you are a bug assignee.
> Matching subscriptions: trove-bugs
> https://bugs.launchpad.net/bugs/1662300
>
> Title:
> shadow tenant not working
>
> Status in OpenStack DBaaS (Trove):
> Confirmed
>
> Bug description:
> I'm implementing a shadow tenant for Trove using the documentation on
> trove/common/single_tenant_remote.py.
>
> Here's the problems I found so far:
>
> * the correct import for nova is from novaclient.client import Client as
> NovaClient.
> * the correct use is:
> client = NovaClient('2',username=CONF.nova_proxy_admin_user,
> password=CONF.nova_proxy_admin_pass,
> project_id=CONF.nova_proxy_admin_tenant_name,
> * Cinder and Neutron do not support Keystone v3 so i have to force a
> v2.0 PROXY_AUTH_URL.
> * Cinder client needs to be call like this:
> * client = CinderClient.Client(username=CONF.nova_proxy_admin_user,
> api_key=CONF.nova_proxy_admin_pass,
> project_id=CONF.nova_proxy_
> admin_tenant_name,
> auth_url='https://FORCED:5000/v2.0',
> service_type=CONF.cinder_service_type,
> region_name=CONF.os_region_name)
>
>
> With all this changes I still have a problem:
> http://paste.openstack.org/show/597872/
>
> I'm using Mitaka with a stable/newton branch of Trove. On my cloud
> Trove without the remote_*_client configuration (without shadow
> tenant) works fine.
>
>
> I will really appreciate if someone check this and create the proper
> documentation.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/trove/+bug/1662300/+subscriptions
>
> Launchpad-Notification-Type: bug
> Launchpad-Bug: product=trove; milestone=ocata-3; status=Confirmed;
> importance=High; <email address hidden>;
> Launchpad-Bug-Information-Type: Public
> Launchpad-Bug-Private: no
> Launchpad-Bug-Security-Vulnerability: no
> Launchpad-Bug-Commenters: amrith flwang smorales-linets
> Launchpad-Bug-Reporter: Sergio A. Morales (smorales-linets)
> Launchpad-Bug-Modifier: Fei Long Wang (flwang)
> Launchpad-Message-Rationale: Assignee
> Launchpad-Message-For: amrith
> Launchpad-Subscription: trove-bugs
>

Yep, given it's blocked since Ocata-3, I can imagine it's a hard code. But you know, without this one, the credentials in guest agent could be leaked. And it's unacceptable for public cloud, even though there is a dedicated RabbitMQ for Trove.

So what I'm going to do is, test and debug to figure out the root cause and work with the Trove team to fix it. Again, I know it's hard when something involving Nova, Neutron, Cinder, etc. But IMHO, we shouldn't stop just because it's hard.

Fix proposed to branch: master
Review: https://review.openstack.org/525123

Change abandoned by Arata Notsu (<email address hidden>) on branch: master
Review: https://review.openstack.org/525123
Reason: I found https://review.openstack.org/#/c/523294

Reviewed: https://review.openstack.org/523294
Committed: https://git.openstack.org/cgit/openstack/trove/commit/?id=c68562bcaeb386b17fa2924dfadb3018ca6b7b30
Submitter: Zuul
Branch: master

commit c68562bcaeb386b17fa2924dfadb3018ca6b7b30
Author: Andy Botting <email address hidden>
Date: Tue Nov 28 15:32:45 2017 +1100

    Use keystone session for single tenant remote clients

    This class required refactoring to be compatible with newer client
    versions, like Nova. We now remove references to novaclient 1.1
    and reference the nova version through the existing config var.

    We now build a keystone session object which is used to create
    the remote clients, as this method is much easier and appears to
    be the recommended way.

    Closes-Bug: #1662300

    Change-Id: I1fec3b1a4c04332d6a14c89c48463ea390c61d74

This issue was fixed in the openstack/trove 9.0.0.0b3 development milestone.