[Openstack-operators] Ocata heat AWS::CloudFormation::WaitCondition doesn't work
Sergio Traldi
sergio.traldi at pd.infn.it
Tue Jul 3 10:03:19 UTC 2018
Hi,
I have a previous IaaS with Openstack Mitaka version and my heat
template with the AWS wait conditions perfectly working. Now the same
template launch first instance and never launch the second one.
The part of the template useful is:
-----------------------------------------
.......
node1_server_instance:
type: OS::Nova::Server
properties:
name: "node1"
key_name: { get_param: key_name_user }
image: { get_param: image_centos_7 }
flavor: "m1.small"
networks:
- port: { get_resource: pnode1_server_port }
user_data_format: RAW
user_data:
str_replace:
template: |
#!/bin/bash
curl -k -X PUT -H 'Content-Type:application/json' \
-d '{"Status" : "SUCCESS","Reason" : "Configuration
OK","UniqueId" : "NODE1","Data" : "Node1 started Configured."}' \
"$wait_handle$"
params:
$wait_handle$: { get_resource: node1_instance_wait_handle }
node1_instance_wait:
type: "AWS::CloudFormation::WaitCondition"
depends_on: node1_server_instance
properties:
Handle:
get_resource: node1_instance_wait_handle
Timeout: 3600
node1_instance_wait_handle:
type: "AWS::CloudFormation::WaitConditionHandle"
node2_server_instance:
type: OS::Nova::Server
depends_on: node1_instance_wait
properties:
name: "node2"
......
--------------------------------------------------------------------
I try to enter in node1 with ssh and I try to use the curl command with
the $wait_handle$ variable but I obtain a "User is not authorized to
perform action":
curl -k -X PUT -H 'Content-Type:application/json' -d '{"Status" :
"SUCCESS","Reason" : "Configuration OK","UniqueId" : "NODO2","Data" :
"Nodo2 started Configured."}' -i
"https://cloud-test.pd.infn.it:8000/v1/waitcondition/arn%3Aopenstack%3Aheat%3A%3A3beba6dd3f2648378263bc04d9c205fa%3Astacks%2Fvevever%2F66030fe2-56be-4e03-ad07-ce078a5a6f02%2Fresources%2Fnodo1_instance_wait_handle?Timestamp=2018-06-22T13%3A01%3A33Z&SignatureMethod=HmacSHA256&AWSAccessKeyId=38edd7e8c98e4e36b85331d4bca5601b&SignatureVersion=2&Signature=%2BT7%2FQVsHcvEpv63qfIe6wsGgG0enH54vEb%2FoWx5odfM%3D"
HTTP/1.1 403 AccessDenied
Content-Type: application/xml; charset=UTF-8
Content-Length: 149
Date: Fri, 22 Jun 2018 13:04:26 GMT
Connection: close
<ErrorResponse><Error><Message>User is not authorized to perform
action</Message><Code>AccessDenied</Code><Type>Sender</Type></Error></ErrorResponse>
It seems the same error described here in kilo version:
https://bugs.launchpad.net/openstack-ansible/+bug/1515485
I have this Openstack version of keystone and heat in O.S. CentOS7 :
[~]# rpm -qa | grep -e keystone -e heat | sort
openstack-heat-api-8.0.6-1.el7.noarch
openstack-heat-api-cfn-8.0.6-1.el7.noarch
openstack-heat-common-8.0.6-1.el7.noarch
openstack-heat-engine-8.0.6-1.el7.noarch
openstack-keystone-11.0.3-1.el7.noarch
python2-heatclient-1.8.2-1.el7.noarch
python2-keystoneauth1-2.18.0-1.el7.noarch
python2-keystoneclient-3.10.0-1.el7.noarch
python2-keystonemiddleware-4.14.0-1.el7.noarch
python-keystone-11.0.3-1.el7.noarch
I try to add some conf in heat clients but no good try.
Anyone can suggest me something?
Cheers
Sergio
More information about the OpenStack-operators
mailing list