[Openstack] [openstack] [Murano] [Heat] token authorization issue

Joel Cooklin joel.cooklin at gmail.com
Fri Dec 6 21:47:54 UTC 2013


Hi Folks,



I am working on getting Murano .3 deployed in our Grizzly based
environment (Heat 2013.1.4) and ran into an authorization issue
between murano and heat.  When the heat-engine processes the message
to create the stack it ignores the token and chokes on the
username/password/tenant combination.    I found this bug reported by
the heat guys that seemed related so I tried changing
‘muranoconductor/commands/cloud_formation.py’ to use the heat
username/password rather than badusername/badpassword (line ~61) and
after adding the service user to my tenant it seems like I’m past this
issue however I’d be interested on feedback on a better (longer term)
way to address or workaround this issue.



Thanks,

Joel


/var/log/heat/engine.log:
211 2013-12-05 08:04:30.778 23905 INFO heat.engine.resource [-]
creating SecurityGroup "MuranoDefaultSecurityGroup"
212 2013-12-05 08:04:30.889 23905 DEBUG heat.openstack.common.rpc.amqp
[-] UNIQUE_ID is 95a6dfecee3f43ea87a7da7fac30804e. _add_unique_id
/usr/lib/python2.7/dist-packages/heat/openstack/common/rpc/amqp.py:337
213 2013-12-05 08:04:30.949 23905 DEBUG heat.openstack.common.rpc.amqp
[-] received {u'_context_roles': [u'_member_', u'Member'], u'_msg_id':
u'fbcab7f1290c4e2280830afb51867ac4', u'args': {u'stack_name':
u'eeff8c463e4d04ec393308de711fc5a73'}, u'_con    text_password': None,
u'_context_auth_url': u'https://XXXX.com:5000/v2.0',
u'_context_aws_auth_uri': None, u'_context_service_tenant':
u'services', u'_context_service_password': u'heat_pass',
u'_context_aws_creds': None, u'_cont    ext_service_user': u'heat',
u'_context_tenant': u'jc_proj1', u'_context_auth_token':
'<SANITIZED>', u'_context_is_admin': True, u'version': u'1.0',
u'_context_tenant_id': u'c6bfa9cc92cd40ff88a2fa2fe2228c7b',
u'_unique_id': u'b0e159a24bc0490cb188    a887fd1f2f40', u'method':
u'identify_stack', u'_context_username': None} _safe_log
/usr/lib/python2.7/dist-packages/heat/openstack/common/rpc/common.py:276
214 2013-12-05 08:04:30.950 23905 DEBUG heat.openstack.common.rpc.amqp
[-] unpacked context: {'username': None, 'service_user': u'heat',
'service_tenant': u'services', 'roles': [u'_member_', u'Member'],
'aws_auth_uri': None, 'tenant_id': u'c6bfa9cc9
2cd40ff88a2fa2fe2228c7b', 'auth_token': '<SANITIZED>',
'service_password': u'heat_pass', 'auth_url':
u'https:/XXXX:5000/v2.0', 'is_admin': True, 'password': None,
'aws_creds': None, 'tenant': u'jc_proj1'} _safe_log /usr/lib
/python2.7/dist-packages/heat/openstack/common/rpc/common.py:276
215 2013-12-05 08:04:30.973 23905 DEBUG heat.openstack.common.rpc.amqp
[-] UNIQUE_ID is cf98a56147ea4d308731424555ca2bc1. _add_unique_id
/usr/lib/python2.7/dist-packages/heat/openstack/common/rpc/amqp.py:337
216 2013-12-05 08:04:30.977 23905 DEBUG heat.openstack.common.rpc.amqp
[-] UNIQUE_ID is 883220cabacc4d66bcc1c3ad2dde4b4e. _add_unique_id
/usr/lib/python2.7/dist-packages/heat/openstack/common/rpc/amqp.py:337
217 2013-12-05 08:04:30.981 23905 ERROR heat.engine.resource [-]
create SecurityGroup "MuranoDefaultSecurityGroup"
218 2013-12-05 08:04:30.981 23905 TRACE heat.engine.resource Traceback
(most recent call last):
219 2013-12-05 08:04:30.981 23905 TRACE heat.engine.resource   File
"/usr/lib/python2.7/dist-packages/heat/engine/resource.py", line 320,
in create
220 2013-12-05 08:04:30.981 23905 TRACE heat.engine.resource
self.handle_create()
221 2013-12-05 08:04:30.981 23905 TRACE heat.engine.resource   File
"/usr/lib/python2.7/dist-packages/heat/engine/resources/security_group.py",
line 39, in handle_create
222 2013-12-05 08:04:30.981 23905 TRACE heat.engine.resource
groups = self.nova().security_groups.list()
223 2013-12-05 08:04:30.981 23905 TRACE heat.engine.resource   File
"/usr/lib/python2.7/dist-packages/heat/engine/resource.py", line 286,
in nova
224 2013-12-05 08:04:30.981 23905 TRACE heat.engine.resource
return self.stack.clients.nova(service_type)
225 2013-12-05 08:04:30.981 23905 TRACE heat.engine.resource   File
"/usr/lib/python2.7/dist-packages/heat/engine/clients.py", line 110,
in nova
226 2013-12-05 08:04:30.981 23905 TRACE heat.engine.resource
client.authenticate()
227 2013-12-05 08:04:30.981 23905 TRACE heat.engine.resource   File
"/usr/lib/python2.7/dist-packages/novaclient/v1_1/client.py", line
169, in authenticate
228 2013-12-05 08:04:30.981 23905 TRACE heat.engine.resource
self.client.authenticate()
229 2013-12-05 08:04:30.981 23905 TRACE heat.engine.resource   File
"/usr/lib/python2.7/dist-packages/novaclient/client.py", line 330, in
authenticate
230 2013-12-05 08:04:30.981 23905 TRACE heat.engine.resource
auth_url = self._v2_auth(auth_url)
231 2013-12-05 08:04:30.981 23905 TRACE heat.engine.resource   File
"/usr/lib/python2.7/dist-packages/novaclient/client.py", line 407, in
_v2_auth
232 2013-12-05 08:04:30.981 23905 TRACE heat.engine.resource
self._authenticate(url, body)
233 2013-12-05 08:04:30.981 23905 TRACE heat.engine.resource   File
"/usr/lib/python2.7/dist-packages/novaclient/client.py", line 419, in
_authenticate
234 2013-12-05 08:04:30.981 23905 TRACE heat.engine.resource     **kwargs)
235 2013-12-05 08:04:30.981 23905 TRACE heat.engine.resource   File
"/usr/lib/python2.7/dist-packages/novaclient/client.py", line 199, in
_time_request
236 2013-12-05 08:04:30.981 23905 TRACE heat.engine.resource     resp,
body = self.request(url, method, **kwargs)
237 2013-12-05 08:04:30.981 23905 TRACE heat.engine.resource   File
"/usr/lib/python2.7/dist-packages/novaclient/client.py", line 193, in
request
238 2013-12-05 08:04:30.981 23905 TRACE heat.engine.resource     raise
exceptions.from_response(resp, body, url, method)
239 2013-12-05 08:04:30.981 23905 TRACE heat.engine.resource
Unauthorized: Could not find user: badusername (HTTP 401)
240 2013-12-05 08:04:30.981 23905 TRACE heat.engine.resource
241 2013-12-05 08:04:31.352 23905 WARNING heat.engine.service [-]
Stack create failed, state ROLLBACK_COMPLETE




More information about the Openstack mailing list