[openstack-dev] [api][nova] Openstack HTTP error codes
Jay Faulkner
jay at jvf.cc
Thu Jan 29 23:01:31 UTC 2015
On Jan 29, 2015, at 2:52 PM, Kevin Benton <blak111 at gmail.com<mailto:blak111 at gmail.com>> wrote:
Oh, I understood it a little differently. I took "parsing of error messages here is not the way we’d like to solve this problem" as meaning that parsing them in their current ad-hoc, project-specific format is not the way we want to solve this (e.g. the way tempest does it). But if we had a structured way like the EC2 errors, it would be a much easier problem to solve.
So either way we are still parsing the body, the only difference is that the parser no longer has to understand how to parse Neutron errors vs. Nova errors. It just needs to parse the standard "OpenStack error" format that we come up with.
This would be especially helpful for things like haproxy or other load balancers, as you could then have them put up a static, openstack-formatted JSON error page for their own errors and trust the clients could parse them properly.
-Jay
On Thu, Jan 29, 2015 at 12:04 PM, John Dickinson <me at not.mn<mailto:me at not.mn>> wrote:
I think there are two points. First, the original requirement (in the first email on this thread) is not what's wanted:
"...looking at the response body and HTTP response code an external system can’t understand what exactly went wrong. And parsing of error messages here is not the way we’d like to solve this problem."
So adding a response body to parse doesn't solve the problem. The request as I read it is to have a set of well-defined error codes to know what happens.
Second, my response is a little tongue-in-cheek, because I think the IIS response codes are a perfect example of extending a common, well-known protocol with custom extensions that breaks existing clients. I would hate to see us do that.
So if we can't subtly break http, and we can't have error response documents, then we're left with custom error codes in the particular response-code class. eg 461 SecurityGroupNotFound or 462 InvalidKeyName (from the original examples)
--John
> On Jan 29, 2015, at 11:39 AM, Brant Knudson <blk at acm.org<mailto:blk at acm.org>> wrote:
>
>
>
> On Thu, Jan 29, 2015 at 11:41 AM, Sean Dague <sean at dague.net<mailto:sean at dague.net>> wrote:
> Correct. This actually came up at the Nova mid cycle in a side
> conversation with Ironic and Neutron folks.
>
> HTTP error codes are not sufficiently granular to describe what happens
> when a REST service goes wrong, especially if it goes wrong in a way
> that would let the client do something other than blindly try the same
> request, or fail.
>
> Having a standard json error payload would be really nice.
>
> {
> fault: ComputeFeatureUnsupportedOnInstanceType,
> messsage: "This compute feature is not supported on this kind of
> instance type. If you need this feature please use a different instance
> type. See your cloud provider for options."
> }
>
> That would let us surface more specific errors.
>
> Today.... there is a giant hodgepodge - see:
>
> https://github.com/openstack/tempest-lib/blob/master/tempest_lib/common/rest_client.py#L412-L424
>
> https://github.com/openstack/tempest-lib/blob/master/tempest_lib/common/rest_client.py#L460-L492
>
> Especially blocks like this:
>
> if 'cloudServersFault' in resp_body:
> message =
> resp_body['cloudServersFault']['message']
> elif 'computeFault' in resp_body:
> message = resp_body['computeFault']['message']
> elif 'error' in resp_body:
> message = resp_body['error']['message']
> elif 'message' in resp_body:
> message = resp_body['message']
>
> Standardization here from the API WG would be really great.
>
> -Sean
>
> On 01/29/2015 09:11 AM, Roman Podoliaka wrote:
> > Hi Anne,
> >
> > I think Eugeniya refers to a problem, that we can't really distinguish
> > between two different badRequest (400) errors (e.g. wrong security
> > group name vs wrong key pair name when starting an instance), unless
> > we parse the error description, which might be error prone.
> >
> > Thanks,
> > Roman
> >
> > On Thu, Jan 29, 2015 at 6:46 PM, Anne Gentle
> > <annegentle at justwriteclick.com<mailto:annegentle at justwriteclick.com>> wrote:
> >>
> >>
> >> On Thu, Jan 29, 2015 at 10:33 AM, Eugeniya Kudryashova
> >> <ekudryashova at mirantis.com<mailto:ekudryashova at mirantis.com>> wrote:
> >>>
> >>> Hi, all
> >>>
> >>>
> >>> Openstack APIs interact with each other and external systems partially by
> >>> passing of HTTP errors. The only valuable difference between types of
> >>> exceptions is HTTP-codes, but current codes are generalized, so external
> >>> system can’t distinguish what actually happened.
> >>>
> >>>
> >>> As an example two different failures below differs only by error message:
> >>>
> >>>
> >>> request:
> >>>
> >>> POST /v2/790f5693e97a40d38c4d5bfdc45acb09/servers HTTP/1.1
> >>>
> >>> Host: 192.168.122.195:8774<http://192.168.122.195:8774/>
> >>>
> >>> X-Auth-Project-Id: demo
> >>>
> >>> Accept-Encoding: gzip, deflate, compress
> >>>
> >>> Content-Length: 189
> >>>
> >>> Accept: application/json
> >>>
> >>> User-Agent: python-novaclient
> >>>
> >>> X-Auth-Token: 2cfeb9283d784cfba694f3122ef413bf
> >>>
> >>> Content-Type: application/json
> >>>
> >>>
> >>> {"server": {"name": "demo", "imageRef":
> >>> "171c9d7d-3912-4547-b2a5-ea157eb08622", "key_name": "test", "flavorRef":
> >>> "42", "max_count": 1, "min_count": 1, "security_groups": [{"name": "bar"}]}}
> >>>
> >>> response:
> >>>
> >>> HTTP/1.1 400 Bad Request
> >>>
> >>> Content-Length: 118
> >>>
> >>> Content-Type: application/json; charset=UTF-8
> >>>
> >>> X-Compute-Request-Id: req-a995e1fc-7ea4-4305-a7ae-c569169936c0
> >>>
> >>> Date: Fri, 23 Jan 2015 10:43:33 GMT
> >>>
> >>>
> >>> {"badRequest": {"message": "Security group bar not found for project
> >>> 790f5693e97a40d38c4d5bfdc45acb09.", "code": 400}}
> >>>
> >>>
> >>> and
> >>>
> >>>
> >>> request:
> >>>
> >>> POST /v2/790f5693e97a40d38c4d5bfdc45acb09/servers HTTP/1.1
> >>>
> >>> Host: 192.168.122.195:8774<http://192.168.122.195:8774/>
> >>>
> >>> X-Auth-Project-Id: demo
> >>>
> >>> Accept-Encoding: gzip, deflate, compress
> >>>
> >>> Content-Length: 192
> >>>
> >>> Accept: application/json
> >>>
> >>> User-Agent: python-novaclient
> >>>
> >>> X-Auth-Token: 24c0d30ff76c42e0ae160fa93db8cf71
> >>>
> >>> Content-Type: application/json
> >>>
> >>>
> >>> {"server": {"name": "demo", "imageRef":
> >>> "171c9d7d-3912-4547-b2a5-ea157eb08622", "key_name": "foo", "flavorRef":
> >>> "42", "max_count": 1, "min_count": 1, "security_groups": [{"name":
> >>> "default"}]}}
> >>>
> >>> response:
> >>>
> >>> HTTP/1.1 400 Bad Request
> >>>
> >>> Content-Length: 70
> >>>
> >>> Content-Type: application/json; charset=UTF-8
> >>>
> >>> X-Compute-Request-Id: req-87604089-7071-40a7-a34b-7bc56d0551f5
> >>>
> >>> Date: Fri, 23 Jan 2015 10:39:43 GMT
> >>>
> >>>
> >>> {"badRequest": {"message": "Invalid key_name provided.", "code": 400}}
> >>>
> >>>
> >>> The former specifies an incorrect security group name, and the latter an
> >>> incorrect keypair name. And the problem is, that just looking at the
> >>> response body and HTTP response code an external system can’t understand
> >>> what exactly went wrong. And parsing of error messages here is not the way
> >>> we’d like to solve this problem.
> >>
> >>
> >> For the Compute API v 2 we have the shortened Error Code in the
> >> documentation at
> >> http://developer.openstack.org/api-ref-compute-v2.html#compute_server-addresses
> >>
> >> such as:
> >>
> >> Error response codes
> >> computeFault (400, 500, …), serviceUnavailable (503), badRequest (400),
> >> unauthorized (401), forbidden (403), badMethod (405), overLimit (413),
> >> itemNotFound (404), buildInProgress (409)
> >>
> >> Thanks to a recent update (well, last fall) to our build tool for docs.
> >>
> >> What we don't have is a table in the docs saying "computeFault has this
> >> longer Description" -- is that what you are asking for, for all OpenStack
> >> APIs?
> >>
> >> Tell me more.
> >>
> >> Anne
> >>
> >>
> >>>
> >>>
> >>> Another example for solving this problem is AWS EC2 exception codes [1]
> >>>
> >>>
> >>> So if we have some service based on Openstack projects it would be useful
> >>> to have some concrete error codes(textual or numeric), which could allow to
> >>> define what actually goes wrong and later correctly process obtained
> >>> exception. These codes should be predefined for each exception, have
> >>> documented structure and allow to parse exception correctly in each step of
> >>> exception handling.
> >>>
> >>>
> >>> So I’d like to discuss implementing such codes and its usage in openstack
> >>> projects.
> >>>
> >>>
> >>> [1] -
> >>> http://docs.aws.amazon.com/AWSEC2/latest/APIReference/errors-overview.html
> >>>
> >>> __________________________________________________________________________
> >>> OpenStack Development Mailing List (not for usage questions)
> >>> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe<http://OpenStack-dev-request@lists.openstack.org/?subject:unsubscribe>
> >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >>>
> >>
> >>
> >>
> >> --
> >> Anne Gentle
> >> annegentle at justwriteclick.com<mailto:annegentle at justwriteclick.com>
> >>
> >> __________________________________________________________________________
> >> OpenStack Development Mailing List (not for usage questions)
> >> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe<http://OpenStack-dev-request@lists.openstack.org/?subject:unsubscribe>
> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >>
> >
> > __________________________________________________________________________
> > OpenStack Development Mailing List (not for usage questions)
> > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe<http://OpenStack-dev-request@lists.openstack.org/?subject:unsubscribe>
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
>
>
> --
> Sean Dague
> http://dague.net<http://dague.net/>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe<http://OpenStack-dev-request@lists.openstack.org/?subject:unsubscribe>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
> When I developed a REST API, I used a simple error document format:
>
> { "text" : "error text", "operation" : "operation name", "id" : "error ID", "data" : { "data ID" : "data value", ... } }
>
> which would differentiate the errors given the same HTTP response codes. The docs for each operation say what the error IDs are.
>
> This worked well for me. I'd like to see the OS APIs pick up something like this. Problem is we'd need to bump the API version.
>
> - Brant
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe<http://OpenStack-dev-request@lists.openstack.org/?subject:unsubscribe>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe<http://OpenStack-dev-request@lists.openstack.org/?subject:unsubscribe>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
--
Kevin Benton
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org<mailto:OpenStack-dev-request at lists.openstack.org>?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150129/b4c39d95/attachment.html>
More information about the OpenStack-dev
mailing list