keystoneauth

Usage of internal URL in clouds.yaml causes a 404

Bug #1733052 reported by Tobias Brox on 2017-11-18

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	keystoneauth	Fix Released	High	wangxiyuan

Bug Description

auth_url was set to the internal URL (port 5000 on the controller node), this works fine on openstack version 2.3.1 and 3.8.1, but not on 3.12.0:

    # openstack --os-cloud cloud-admin project list
    +----------------------------------+-----------+
    | ID | Name |
    +----------------------------------+-----------+
    (...)
    # grep auth /etc/openstack/clouds.yaml
        auth:
          auth_url: https://ctrl-test.iaas.h.bitbit.net:5000
        auth:
          auth_url: https://ctrl-test.iaas.h.bitbit.net:5000
    # openstack --version
    openstack 3.8.1

$ openstack --version
openstack 3.12.0

$ grep auth_url clouds.yaml
auth_url: https://ctrl-test.iaas.h.bitbit.net:5000

$ openstack --os-cloud=stage-cloud-admin project list
The resource could not be found. (HTTP 404)

Now, if I change the auth_url to https://iaas-test.redpill-linpro.com/api/identity/v3/ it works fine. One could probably argue that the bug is in my configuration and not in openstack, but still, I think we have a real bug here.

I was digging quite a bit, and found this ...

    (Pdb) bt
      /usr/bin/openstack(10)<module>()
    -> sys.exit(main())
      /usr/lib/python3.6/site-packages/openstackclient/shell.py(213)main()
    -> return OpenStackShell().run(argv)
      /usr/lib/python3.6/site-packages/osc_lib/shell.py(134)run()
    -> ret_val = super(OpenStackShell, self).run(argv)
      /usr/lib/python3.6/site-packages/cliff/app.py(279)run()
    -> result = self.run_subcommand(remainder)
      /usr/lib/python3.6/site-packages/osc_lib/shell.py(169)run_subcommand()
    -> ret_value = super(OpenStackShell, self).run_subcommand(argv)
      /usr/lib/python3.6/site-packages/cliff/app.py(393)run_subcommand()
    -> self.prepare_to_run_command(cmd)
      /usr/lib/python3.6/site-packages/openstackclient/shell.py(200)prepare_to_run_command()
    -> return super(OpenStackShell, self).prepare_to_run_command(cmd)
      /usr/lib/python3.6/site-packages/osc_lib/shell.py(437)prepare_to_run_command()
    -> self.client_manager.auth_ref
      /usr/lib/python3.6/site-packages/openstackclient/common/clientmanager.py(99)auth_ref()
    -> return super(ClientManager, self).auth_ref
      /usr/lib/python3.6/site-packages/osc_lib/clientmanager.py(239)auth_ref()
    -> self._auth_ref = self.auth.get_auth_ref(self.session)
      /usr/lib/python3.6/site-packages/keystoneauth1/identity/generic/base.py(197)get_auth_ref()
    -> self._plugin = self._do_create_plugin(session)
      /usr/lib/python3.6/site-packages/keystoneauth1/identity/generic/base.py(134)_do_create_plugin()
    -> disc = self.get_discovery(session,
    > /usr/lib/python3.6/site-packages/keystoneauth1/discover.py(515)version_data()
    -> url = _combine_relative_url(self._url, link['href'])
    (Pdb) _combine_relative_url(self._url, link['href'])
    'https://ctrl-test.iaas.h.bitbit.net:5000/api/identity/v3/'

(line numbers may be a bit off, I threw in some extra debug statements into the code)

https://ctrl-test.iaas.h.bitbit.net:5000/api/identity/v3/ is an invalid URL and returns 404.

Tags:

Revision history for this message

s10 (vlad-esten) wrote on 2018-05-11:

This bug exists since keystoneauth version 3.2.0 (Queens). It was introduced in commit https://github.com/openstack/keystoneauth/commit/8b8ff830e89923ca6862362a5d16e496a0c0093c

Revision history for this message

s10 (vlad-esten) wrote on 2018-05-11:

To reproduce this bug, variable public_endpoint in keystone.conf should be set, so all links in version discovery of the internal endpoint will point to the public url href.

s10 (vlad-esten) on 2018-05-20

Changed in keystoneauth:
status:	New → Confirmed

Morgan Fainberg (mdrnstm) on 2018-07-03

Changed in keystoneauth:
status:	Confirmed → Triaged
importance:	Undecided → High

Revision history for this message

s10 (vlad-esten) wrote on 2018-07-03:

http://lists.openstack.org/pipermail/openstack-dev/2018-May/130415.html

Further discussion in IRC: http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/%23openstack-keystone.2018-07-03.log.html#t2018-07-03T14:08:29

wangxiyuan (wangxiyuan) on 2018-07-17

Changed in keystoneauth:
assignee:	nobody → wangxiyuan (wangxiyuan)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-07-17: Fix proposed to keystoneauth (master)

Fix proposed to branch: master
Review: https://review.openstack.org/583215

Changed in keystoneauth:
status:	Triaged → In Progress

OpenStack Infra (hudson-openstack) on 2018-07-18

Changed in keystoneauth:
assignee:	wangxiyuan (wangxiyuan) → Adam Young (ayoung)

OpenStack Infra (hudson-openstack) on 2018-07-19

Changed in keystoneauth:
assignee:	Adam Young (ayoung) → wangxiyuan (wangxiyuan)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-07-19: Fix merged to keystoneauth (master)

Reviewed: https://review.openstack.org/583215
Committed: https://git.openstack.org/cgit/openstack/keystoneauth/commit/?id=323f4e4bc4710d42e493eb56e40ba139a84d67b3
Submitter: Zuul
Branch: master

commit 323f4e4bc4710d42e493eb56e40ba139a84d67b3
Author: wangxiyuan <email address hidden>
Date: Tue Jul 17 19:43:21 2018 +0800

Add netloc and version check for version discovery

    If the url netloc in the catalog and service's response
    are not the same, we should choose the catalog's and
    add the version info to it if needed.

Change-Id: If78d368bd505156a5416bb9cbfaf988204925c79
Closes-bug: #1733052

Changed in keystoneauth:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-07-19: Fix proposed to keystoneauth (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.openstack.org/584053

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-07-19: Fix included in openstack/keystoneauth 3.10.0

This issue was fixed in the openstack/keystoneauth 3.10.0 release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-07-25: Fix merged to keystoneauth (stable/queens)

Reviewed: https://review.openstack.org/584053
Committed: https://git.openstack.org/cgit/openstack/keystoneauth/commit/?id=2cc2b039b79a6c4a9550b8568a490d0673d0b545
Submitter: Zuul
Branch: stable/queens

commit 2cc2b039b79a6c4a9550b8568a490d0673d0b545
Author: Vlad Gusev <email address hidden>
Date: Thu Jul 19 21:00:08 2018 +0300

Add netloc and version check for version discovery

    If the url netloc in the catalog and service's response
    are not the same, we should choose the catalog's and
    add the version info to it if needed.

Conflict and change in test is caused by I93ee971125bc0c7a497e1fb839df38ebd38340e1,
I07a602a05f896d7cc70120bd89424e3c553baf9f and Icf855d7892335b093c1083cd0106946d8911010d

    Change-Id: If78d368bd505156a5416bb9cbfaf988204925c79
    Closes-bug: #1733052
    (cherry picked from commit 323f4e4bc4710d42e493eb56e40ba139a84d67b3)

tags:

added: in-stable-queens

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-10-30: Fix included in openstack/keystoneauth 3.4.1

This issue was fixed in the openstack/keystoneauth 3.4.1 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.