[Openstack-operators] Ocata heat AWS::CloudFormation::WaitCondition doesn't work

Sergio Traldi sergio.traldi at pd.infn.it
Tue Jul 3 10:03:19 UTC 2018


Hi,

I have a previous IaaS with Openstack Mitaka version and my heat 
template with the AWS wait conditions perfectly working. Now the same 
template launch first instance and never launch the second one.

The part of the template useful is:

-----------------------------------------

.......

  node1_server_instance:
     type: OS::Nova::Server
     properties:
       name: "node1"
       key_name: { get_param: key_name_user }
       image: { get_param: image_centos_7 }
       flavor: "m1.small"
       networks:
         - port: { get_resource: pnode1_server_port }
       user_data_format: RAW
       user_data:
         str_replace:
           template: |
            #!/bin/bash
            curl -k -X PUT -H 'Content-Type:application/json' \
                    -d '{"Status" : "SUCCESS","Reason" : "Configuration 
OK","UniqueId" : "NODE1","Data" : "Node1 started Configured."}' \
                    "$wait_handle$"
           params:
             $wait_handle$: { get_resource: node1_instance_wait_handle }

   node1_instance_wait:
     type: "AWS::CloudFormation::WaitCondition"
     depends_on: node1_server_instance
     properties:
       Handle:
         get_resource: node1_instance_wait_handle
       Timeout: 3600

   node1_instance_wait_handle:
     type: "AWS::CloudFormation::WaitConditionHandle"


    node2_server_instance:
     type: OS::Nova::Server
     depends_on: node1_instance_wait
     properties:
       name: "node2"
......

--------------------------------------------------------------------


I try to enter in node1 with ssh and I try to use the curl command with 
the $wait_handle$ variable but I obtain a "User is not authorized to 
perform action":

curl -k -X PUT -H 'Content-Type:application/json' -d '{"Status" : 
"SUCCESS","Reason" : "Configuration OK","UniqueId" : "NODO2","Data" : 
"Nodo2 started Configured."}' -i 
"https://cloud-test.pd.infn.it:8000/v1/waitcondition/arn%3Aopenstack%3Aheat%3A%3A3beba6dd3f2648378263bc04d9c205fa%3Astacks%2Fvevever%2F66030fe2-56be-4e03-ad07-ce078a5a6f02%2Fresources%2Fnodo1_instance_wait_handle?Timestamp=2018-06-22T13%3A01%3A33Z&SignatureMethod=HmacSHA256&AWSAccessKeyId=38edd7e8c98e4e36b85331d4bca5601b&SignatureVersion=2&Signature=%2BT7%2FQVsHcvEpv63qfIe6wsGgG0enH54vEb%2FoWx5odfM%3D"
HTTP/1.1 403 AccessDenied
Content-Type: application/xml; charset=UTF-8
Content-Length: 149
Date: Fri, 22 Jun 2018 13:04:26 GMT
Connection: close

<ErrorResponse><Error><Message>User is not authorized to perform 
action</Message><Code>AccessDenied</Code><Type>Sender</Type></Error></ErrorResponse>


It seems the same error described here in kilo version:

https://bugs.launchpad.net/openstack-ansible/+bug/1515485


I have this Openstack version of keystone and heat in O.S. CentOS7 :

[~]# rpm -qa | grep -e keystone -e heat | sort
openstack-heat-api-8.0.6-1.el7.noarch
openstack-heat-api-cfn-8.0.6-1.el7.noarch
openstack-heat-common-8.0.6-1.el7.noarch
openstack-heat-engine-8.0.6-1.el7.noarch
openstack-keystone-11.0.3-1.el7.noarch
python2-heatclient-1.8.2-1.el7.noarch
python2-keystoneauth1-2.18.0-1.el7.noarch
python2-keystoneclient-3.10.0-1.el7.noarch
python2-keystonemiddleware-4.14.0-1.el7.noarch
python-keystone-11.0.3-1.el7.noarch

I try to add some conf in heat clients but no good try.

Anyone can suggest me something?

Cheers

Sergio




More information about the OpenStack-operators mailing list