[Openstack] Heat: 2014.1.2-0 vs Keystone

Kieran Spear kispear at gmail.com
Tue Aug 26 03:42:26 UTC 2014


Hi David,

If you're using the templated catalog, by default you won't be able to
get a v3 token. You'll need to either:

1) Switch to the SQL catalog backend, or
2) Apply this fix to Keystone: https://bugs.launchpad.net/keystone/+bug/1313458

Cheers,
Kieran



On 26 August 2014 07:39, David Hill <david.hill at ubisoft.com> wrote:
> Hi guys,
>
>
>
>                 It appears that in Icehouse (well in my setup and probably
> the setup of some other guys too) the catalog won't be returned when the
> keystone v3 api is being used....
>
> What am I missing?
>
>
>
> [root at labctrl ~]# keystone catalog
>
> 'NoneType' object has no attribute 'has_service_catalog'
>
>
>
>
>
> Catalog:
>
> catalog.RegionOne.identity.publicURL = http://IP:$(public_port)s/v3
>
> catalog.RegionOne.identity.adminURL = http://IP:$(admin_port)s/v3
>
> catalog.RegionOne.identity.internalURL = http://IP:$(public_port)s/v3
>
> catalog.RegionOne.identity.name = Identity Service
>
>
>
>
>
> Keystone-paste.ini
>
> [pipeline:api_v3]
>
> pipeline = sizelimit url_normalize build_auth_context token_auth
> admin_token_auth xml_body_v3 json_body ec2_extension_v3 s3_extension
> simple_cert_extension service_v3
>
>
>
> Thanks,
>
>
>
> Dave
>
>
>
>
>
> From: David Hill
> Sent: 25-Aug-14 4:11 PM
> To: openstack
> Subject: Re: [Openstack] Heat: 2014.1.2-0 vs Keystone
>
>
>
> Hi guys,
>
>
>
> This is what heat-engine gets back :
>
> RESP BODY: {"token": {"methods": ["token"], "roles": [{"id":
> "59bd5c58fe344eeab3bc3443b82155a0", "name": "Member"}, {"id":
> "9fe2ff9ee4384b1894a90878d3e92bab", "name": "_member_"}, {"id":
> "c119300b61bb4bfeafdf9ccc8ea3efae", "name": "Admin"}, {"id":
> "e80ca12406714be799fc9066d5978dbb", "name": "Owner"}], "expires_at":
> "2014-08-26T20:07:11.000000Z", "project": {"domain": {"id": "default",
> "name": "Default"}, "id": "85bcc32e66b54c8bb52f28cb58319758", "name":
> "monitoring"}, "catalog": {}, "extras": {}, "user": {"domain": {"id":
> "default", "name": "Default"}, "id": "ccba454033204a7ba96b67ddaaacf00a",
> "name": "monitoring"}, "issued_at": "2014-08-25T20:07:12.589937Z"}}
>
> _send_request /usr/lib/python2.6/site-packages/keystoneclient/session.py:297
>
>
>
> Notice the catalog": {} ?  I'm not sure but... shouldn't contain the actual
> catalog?
>
>
>
> Dave
>
>
>
> From: David Hill
> Sent: 25-Aug-14 4:41 AM
> To: 'openstack'
> Subject: Heat: 2014.1.2-0 vs Keystone
>
>
>
> Hi guys,
>
>
>
>       I'm trying to get Heat to work ... but everytime I try to create a
> stack, the engine will fail at getting the catalog.
>
> Since everything is working fine (ceilometer,nova,cinder,glance), am I
> forgetting something?
>
>
>
> StackValidationFailed_Remote: Property error : WikiDatabase: ImageId The
> service catalog is empty.
>
>
>
>
>
> Here is the catalog:
>
> catalog.RegionOne.identity.publicURL = http://IP:$(public_port)s/v2.0
>
> catalog.RegionOne.identity.adminURL = http://IP:$(admin_port)s/v2.0
>
> catalog.RegionOne.identity.internalURL = http://IP:$(public_port)s/v2.0
>
> catalog.RegionOne.identity.name = Identity Service
>
> catalog.RegionOne.compute.publicURL = http://IP:8774/v2/$(tenant_id)s
>
> catalog.RegionOne.compute.adminURL = http://IP:8774/v2/$(tenant_id)s
>
> catalog.RegionOne.compute.internalURL = http://IP:8774/v2/$(tenant_id)s
>
> catalog.RegionOne.compute.name = Compute Service
>
> catalog.RegionOne.volume.publicURL = http://IP:8776/v1/$(tenant_id)s
>
> catalog.RegionOne.volume.adminURL = http://IP:8776/v1/$(tenant_id)s
>
> catalog.RegionOne.volume.internalURL = http://IP:8776/v1/$(tenant_id)s
>
> catalog.RegionOne.volume.name = Volume Service
>
> catalog.RegionOne.ec2.publicURL = http://IP:8773/services/Cloud
>
> catalog.RegionOne.ec2.adminURL = http://IP:8773/services/Admin
>
> catalog.RegionOne.ec2.internalURL = http://IP:8773/services/Cloud
>
> catalog.RegionOne.ec2.name = EC2 Service
>
> catalog.RegionOne.image.publicURL = http://IP:9292/
>
> catalog.RegionOne.image.adminURL = http://IP:9292/
>
> catalog.RegionOne.image.internalURL = http://IP:9292/
>
> catalog.RegionOne.image.name = Image Service
>
> catalog.RegionOne.object_store.publicURL =
> http://IP:8080/v1/AUTH_$(tenant_id)s
>
> catalog.RegionOne.object_store.adminURL = http://IP:8080/
>
> catalog.RegionOne.object_store.internalURL =
> http://IP:8080/v1/AUTH_$(tenant_id)s
>
> catalog.RegionOne.object_store.name = Swift Service
>
> catalog.RegionOne.cloudformation.publicURL = http://IP:8000/v1
>
> catalog.RegionOne.cloudformation.adminURL = http://IP:8000/v1
>
> catalog.RegionOne.cloudformation.internalURL = http://IP:8000/v1
>
> catalog.RegionOne.cloudformation.name = Heat CloudFormation API
>
> catalog.RegionOne.heat.publicURL = http://IP:8004/v1/$(tenant_id)s
>
> catalog.RegionOne.heat.adminURL = http://IP:8004/v1/$(tenant_id)s
>
> catalog.RegionOne.heat.internalURL = http://IP:8004/v1/$(tenant_id)s
>
> catalog.RegionOne.heat.name = Heat API
>
> catalog.RegionOne.orchestration.publicURL = http://IP:8004/v1/$(tenant_id)s
>
> catalog.RegionOne.orchestration.adminURL = http://IP:8004/v1/$(tenant_id)s
>
> catalog.RegionOne.orchestration.internalURL =
> http://IP:8004/v1/$(tenant_id)s
>
> catalog.RegionOne.orchestration.name = Heat API
>
> catalog.RegionOne.ceilometer.publicURL = http://IP:8777/
>
> catalog.RegionOne.ceilometer.adminURL = http://IP:8777/
>
> catalog.RegionOne.ceilometer.internalURL = http://IP:8777/
>
> catalog.RegionOne.ceilometer.name = Ceilometer Metering
>
> catalog.RegionOne.metering.publicURL = http://IP:8777/
>
> catalog.RegionOne.metering.adminURL = http://IP:8777/
>
> catalog.RegionOne.metering.internalURL = http://IP:8777/
>
> catalog.RegionOne.metering.name = Ceilometer Metering
>
>
>
>
>
>
>
> /etc/heat/heat.conf
>
>
>
>
>
> [DEFAULT]
>
> verbose = True
>
> debug = True
>
> use_stderr = False
>
> log_file = /var/log/heat/engine.log
>
> use_syslog = False
>
> heat_stack_user_role = heat_stack_user
>
> instance_connection_is_secure = 0
>
> instance_connection_https_validate_certificates = 1
>
> bind_host = 0.0.0.0
>
> bind_port = 8001
>
> heat_metadata_server_url = http://IP:8000
>
> heat_waitcondition_server_url = http://IP:8000/v1/waitcondition
>
> heat_watch_server_url = http://IP:8003
>
> sql_connection = mysql://USER:PASSWORD@IP/heat
>
> db_backend=heat.db.sqlalchemy.api
>
> rpc_backend=heat.openstack.common.rpc.impl_kombu
>
> auth_encryption_key=AUTH_KEY
>
> rabbit_host=localhost
>
> rabbit_port=5672
>
>
>
> [keystone_authtoken]
>
> admin_tenant_name = TENANT
>
> admin_user = USER
>
> admin_password = PASSWORD
>
> auth_host = IP
>
> auth_port = 35357
>
> auth_protocol = http
>
> auth_uri = http://IP:5000/v2.0
>
> admin_token = TOKEN
>
>
>
> [ec2authtoken]
>
> auth_uri http://IP:5000/v2.0
>
>
>
> [paste_deploy]
>
> api_paste_config=api-paste.ini
>
> flavor = keystone
>
>
>
>
>
>
>
> api-paste.ini
>
>
>
> [pipeline:heat-api]
>
> pipeline = versionnegotiation authurl authtoken context apiv1app
>
> [pipeline:heat-api-keystone]
>
> pipeline = versionnegotiation authurl authtoken context apiv1app
>
> [pipeline:heat-api-cfn]
>
> pipeline = cfnversionnegotiation ec2authtoken authtoken context apicfnv1app
>
> [pipeline:heat-api-cfn-standalone]
>
> pipeline = cfnversionnegotiation ec2authtoken context apicfnv1app
>
> [app:apicwapp]
>
> paste.app_factory = heat.common.wsgi:app_factory
>
> heat.app_factory = heat.api.cloudwatch:API
>
> [app:apicfnv1app]
>
> paste.app_factory = heat.common.wsgi:app_factory
>
> heat.app_factory = heat.api.cfn.v1:API
>
> [filter:cfnversionnegotiation]
>
> paste.filter_factory = heat.common.wsgi:filter_factory
>
> heat.filter_factory = heat.api.cfn:version_negotiation_filter
>
> [filter:ec2authtoken]
>
> paste.filter_factory = heat.api.aws.ec2token:EC2Token_filter_factory
>
> [pipeline:heat-api-cloudwatch]
>
> pipeline = versionnegotiation ec2authtoken authtoken context apicwapp
>
> [pipeline:heat-api-cloudwatch-standalone]
>
> pipeline = versionnegotiation ec2authtoken context apicwapp
>
> [pipeline:heat-api-cfn-keystone]
>
> pipeline = versionnegotiation authurl authtoken context apiv1app
>
> [pipeline:heat-api-cloudwatch-keystone]
>
> pipeline = versionnegotiation authurl authtoken context apiv1app
>
> [pipeline:heat-api-custombackend]
>
> pipeline = versionnegotiation context custombackendauth apiv1app
>
> [pipeline:heat-api-caching]
>
> pipeline = versionnegotiation authurl authtoken context cache apiv1app
>
> [pipeline:heat-api-keystone+caching]
>
> pipeline = versionnegotiation authurl authtoken context cache apiv1app
>
> [pipeline:heat-api-cachemanagement]
>
> pipeline = versionnegotiation authurl authtoken context cache cachemanage
> apiv1app
>
> [pipeline:heat-api-keystone+cachemanagement]
>
> pipeline = versionnegotiation auth-context cache cachemanage apiv1app
>
> [app:apiv1app]
>
> paste.app_factory = heat.common.wsgi:app_factory
>
> heat.app_factory = heat.api.openstack.v1:API
>
> [filter:versionnegotiation]
>
> paste.filter_factory = heat.common.wsgi:filter_factory
>
> heat.filter_factory = heat.api.openstack:version_negotiation_filter
>
> [filter:cache]
>
> paste.filter_factory = heat.common.wsgi:filter_factory
>
> heat.filter_factory = heat.api.middleware.cache:CacheFilter
>
> [filter:cachemanage]
>
> paste.filter_factory = heat.common.wsgi:filter_factory
>
> heat.filter_factory = heat.api.middleware.cache_manage:CacheManageFilter
>
> [filter:context]
>
> paste.filter_factory = heat.common.context:ContextMiddleware_filter_factory
>
> [filter:authurl]
>
> paste.filter_factory = heat.common.auth_url:filter_factory
>
> [filter:authtoken]
>
> paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
>
> [filter:auth-context]
>
> paste.filter_factory = heat.common.wsgi:filter_factory
>
> heat.filter_factory =
> keystone.middleware.heat_auth_token:KeystoneContextMiddleware
>
> [filter:custombackendauth]
>
> paste.filter_factory = heat.common.custom_backend_auth:filter_factory
>
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>




More information about the Openstack mailing list