Thanks François for your reply,

Have you seen the original authentication error during the running

Le jeu. 19 sept. 2019 à 15:22, Francois Scheurer <francois.scheurer@everyware.ch> a écrit :

Hello Hervé


I tried again, this time defining explictitly all parameters, including action_region and snapshot_id.

The results were same as previously: it works when executing the workflow directly but fails with a cron trigger.

Or to be more precise, the cron trigger execution "succeeds" but the resulting volume backup fails :

Thanks François for your reply,

Have you seen the original authentication error during this execution?

If not then I guess you missed some params during your first tries which introduced the authentication issue.

I guess then that the volume backup fails is another issue, not related to the first authentication issue...

(.venv) ewfsc@ewos1-kolla1-stage:~$ openstack volume backup show -f json abe96cb1-a5e1-4035-87dd-b4292101a921
{
  "status": "error",
  "object_count": 0,
  "fail_reason": "Container PUT failed: http://rgw.service.stage.i.ewcs.ch/swift/v1/AUTH_aeac4b07d8b144178c43c65f29fa9dac/volumebackups 401 Unauthorized   AccessDenied",
  "description": null,
  "name": "fsc-vol-1-img-vol-bak",
  "availability_zone": "ch-zh1-az1",
  "created_at": "2019-09-19T13:15:02.000000",
  "volume_id": "c0022411-59a4-4c7c-9474-c7ea8ccc7691",
  "updated_at": "2019-09-19T13:15:04.000000",
  "data_timestamp": "2019-09-19T12:38:02.000000",
  "has_dependent_backups": false,
  "snapshot_id": "b4b174eb-e6d2-4f66-8070-212e3e7e6114",
  "container": "volumebackups",
  "size": 1,
  "id": "abe96cb1-a5e1-4035-87dd-b4292101a921",
  "is_incremental": false
}

Best Regards

Francois


Details:

Workflow
    ---
    version: "2.0"
    create_vol_backup:
      type: direct
      input:
        - volume_id
        - container
        - name
        - incremental
        - force
        - action_region
        - snapshot_id

      tasks:
        create_vol_backup:
          action: cinder.backups_create volume_id=<% $.volume_id %> name=<% $.name %> container=<% $.container %> incremental=<% $.incremental %> force=<% $.force %> action_region=<% $.action_region%> snapshot_id=<% $.snapshot_id %>
          publish:
            backup_id: <% task(create_vol_backup).result %>
            create_state: SUCCESS
          publish-on-error:
            create_state: ERROR

Input
    {
        "volume_id": "c0022411-59a4-4c7c-9474-c7ea8ccc7691",
        "container": "volumebackups",
        "name": "fsc-vol-1-img-vol-bak",
        "incremental": "false",
        "force": "true",
        "action_region": "ch-zh1",
        "snapshot_id": "b4b174eb-e6d2-4f66-8070-212e3e7e6114"
    }

Params
    {
        "namespace": "",
        "env": {},
        "task_name": "create_vol_backup_task"
    }


On 9/19/19 2:28 PM, Francois Scheurer wrote:

Hi Herve


Thank you for your reply.

I am using the same input & params as when executing the workflow directly from horizon (successfully):

    {
        "incremental": "false",
        "force": "true",
        "name": "fsc-create-vol-backup",
        "volume_id": "c0022411-59a4-4c7c-9474-c7ea8ccc7691"
    }

    {
        "namespace": "",
        "env": {},
        "task_name": "create_vol_backup_task"
    }

Maybe I need some additional params when executing via cron?

I will try specfying the objectstore container explicitly.


Best Regards

Francois




On 9/19/19 1:18 PM, Herve Beraud wrote:
Hello François,

Given your error, are you sure your cron task load the right config with the right authorized user or something related?

Le jeu. 19 sept. 2019 à 11:51, Francois Scheurer <francois.scheurer@everyware.ch> a écrit :
Dear All


We are using Mistral with  Openstack Rocky. (with federated users)
We could then use cron triggers for instance with
nova.servers_create_image or cinder.volume_snapshots_create with success.


But we hit an issue with cinder.backups_create .

This call will stores the backup on our swift backend (ceph rgw).
The workflow works when executed directly but it fails when executed via
cron trigger:

2019-09-17 10:46:04.525 8 ERROR oslo_messaging.rpc.server
ClientException: Container PUT failed:
http://rgw.service.stage.i.ewcs.ch/swift/v1/AUTH_aeac4b07d8b144178c43c65f29fa9dac/volumebackups
401 Unauthorized   AccessDenied

See details below.





Cheers

Francois
-- 


EveryWare AG
François Scheurer
Senior Systems Engineer
Zurlindenstrasse 52a
CH-8003 Zürich

tel: +41 44 466 60 00
fax: +41 44 466 60 10
mail: francois.scheurer@everyware.ch
web: http://www.everyware.ch 


--
Hervé Beraud
Senior Software Engineer
Red Hat - Openstack Oslo
irc: hberaud
-----BEGIN PGP SIGNATURE-----

wsFcBAABCAAQBQJb4AwCCRAHwXRBNkGNegAALSkQAHrotwCiL3VMwDR0vcja10Q+
Kf31yCutl5bAlS7tOKpPQ9XN4oC0ZSThyNNFVrg8ail0SczHXsC4rOrsPblgGRN+
RQLoCm2eO1AkB0ubCYLaq0XqSaO+Uk81QxAPkyPCEGT6SRxXr2lhADK0T86kBnMP
F8RvGolu3EFjlqCVgeOZaR51PqwUlEhZXZuuNKrWZXg/oRiY4811GmnvzmUhgK5G
5+f8mUg74hfjDbR2VhjTeaLKp0PhskjOIKY3vqHXofLuaqFDD+WrAy/NgDGvN22g
glGfj472T3xyHnUzM8ILgAGSghfzZF5Skj2qEeci9cB6K3Hm3osj+PbvfsXE/7Kw
m/xtm+FjnaywZEv54uCmVIzQsRIm1qJscu20Qw6Q0UiPpDFqD7O6tWSRKdX11UTZ
hwVQTMh9AKQDBEh2W9nnFi9kzSSNu4OQ1dRMcYHWfd9BEkccezxHwUM4Xyov5Fe0
qnbfzTB1tYkjU78loMWFaLa00ftSxP/DtQ//iYVyfVNfcCwfDszXLOqlkvGmY1/Y
F1ON0ONekDZkGJsDoS6QdiUSn8RZ2mHArGEWMV00EV5DCIbCXRvywXV43ckx8Z+3
B8qUJhBqJ8RS2F+vTs3DTaXqcktgJ4UkhYC2c1gImcPRyGrK9VY0sCT+1iA+wp/O
v6rDpkeNksZ9fFSyoY2o
=ECSj
-----END PGP SIGNATURE-----