[Openstack] [ironic]ironic-python-agent fails to lookup node with 401 status code

Pavlo Shchelokovskyy pshchelokovskyy at mirantis.com
Thu Jan 12 07:42:05 UTC 2017 

Hi,

you shouldn't use the latest master IPA version with ironic as of Mitaka
release.
The ironic API endpoint it tries to contact (v1/lookup...) was introduced
during Newton development and thus is present in ironic API from Newton
release onwards. The fallback to the old lookup endpoint (implemented as
vendor driver passthru) was removed recently from IPA in master branch
(after Newton release). That means your IPA version tries to contact the
ironic API via endpoint that does not exist in this ironic version. Use
ramdisk with IPA built from stable/mitaka or stable/newton branches.

As for the "without any authentication" point - yes, that's the way it
currently works, all communications between IPA and ironic API are not
using Keystone tokens as we still have to figure out a reliable and secure
way to pass tokens or credentials to get them into the ramdisk.

Cheers,

Dr. Pavlo Shchelokovskyy
Senior Software Engineer
Mirantis Inc
www.mirantis.com

On Thu, Jan 12, 2017 at 5:13 AM, int32bit <krystism at gmail.com> wrote:

> Hi, All,
>
> I'm a newcomer to Openstack Ironic. Recently, I'm work on deploy ironic
> manually, and I found that the node status 100% *blocked in `callback
> wait` status* until timeout. The ironic-api  log shows that:
>
> 2017-01-12 10:21:00.626 158262 INFO keystonemiddleware.auth_token [-]
> Rejecting request
> 2017-01-12 10:21:00.627 158262 INFO ironic_api [-] 10.0.81.31 "GET
> /v1/lookup?addresses=xxx HTTP/1
>
> I guess the problem is IPA, so I dug into IPA source and traced the
> request process and  found that the IPA client request *without any
> authentication* [1].
>
> [1] https://github.com/openstack/ironic-python-agent/
> blob/master/ironic_python_agent/ironic_api_client.py#L109-L111
>
>
> My ironic version is *5.1.1-1(mitaka) *and *IPA has updated to newest
> version from master branch*.
>
> My config as follows:
>
> ```
> [keystone_authtoken]
> auth_uri=http://xxxx:5000/
> auth_version=v3.0
> identity_uri=http://xxxx:35357/
> admin_user=ironic
> admin_password=IRONIC_PASSWORD
> admin_tenant_name=service
>
> [conductor]
> api_url=http://201.0.0.120:6385 # ensure the node can access
> ```
>
> I'm really not sure if I miss something or something wrong in config.
>
> Thanks for any help!
> krystism
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/
> openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/
> openstack
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20170112/dae1a2a8/attachment.html>

More information about the Openstack mailing list