[Openstack] [OpenStack][Trove]Trove taskmanager unauthorized error.
Sam Matzek
matzeksam at gmail.com
Tue Aug 1 12:21:55 UTC 2017
This is likely bug: https://bugs.launchpad.net/trove/+bug/1700586
The code fix is up for review: https://review.openstack.org/#/c/487881/
The code that is impacted by this is the NovaNotificationTransformer,
which is an optional periodic service. You can avoid the error
messages in your logs by disabling the service by not setting
'exists_notification_transformer' in your conf file.
On Tue, Aug 1, 2017 at 6:39 AM, Arvin Wang <hustxnwsg at gmail.com> wrote:
> I think the config 'nova_proxy_admin_pass ' in
> trove.taskmanager.manager.Manager#__init__ means the admin_token in
> keytone.conf for the admin user, not
> the password.
>
> On Tue, Aug 1, 2017 at 11:36 AM, Zhang Fan <zh.f at outlook.com> wrote:
>>
>> Hi guys,
>>
>> Branch is stable/ocata.
>>
>> ________________________________
>> Best wishes.
>>
>>
>> From: Zhang Fan
>> Date: 2017-08-01 10:21
>> To: openstack
>> Subject: [Openstack] [OpenStack][Trove]Trove taskmanager unauthorized
>> error.
>> Hi guys,
>>
>> I recently met an error when creating a trove instance. Here are log
>> details [1]. I checked trove-taskmanager.conf again and again to make sure
>> the trove_auth_url and many other options were currect. But this error was
>> still raised. So I went to the codes to confirm that novaclient was ok,
>> added some codes to log variables but found a strange logic--
>>
>> In function trove.common.remote.nova_client, Line 104, auth_token is
>> assigned with context.auth_token, but context.auth_token is assigned with
>> CONF.nova_proxy_admin_pass in trove.taskmanager.manager.Manager#__init__ ,
>> Line 48. And log infos [2] show that auth_token is my
>> nova_proxy_admin_pass. I go to the /novaclient/client.py , Line 136 shows
>> that if auth_token has value, then token is assigned with auth_token, but
>> auth_token is actually a admin pass.
>>
>> That's really weird.
Historically, putting the password in auth_token was allowed and code
across OpenStack would do it. The projects have moved away from
allowing that.
>>
>> After changing trove.common.remote.nova_client, Line 104, "auth_token =
>> context.auth_token" into "password = context.auth_token", it seems right
>> with auth_token "2017-07-31 18:28:25.818 5504 INFO trove.common.remote [-]
>> ZHF -
>> auth_token-->gAAAAABZfvn8K8E9q5vNkgyvByLmNwytd0MmubrGckaZk6HVnYpgzQzfg_FUjLLpDyR9MF9OPACDuQAPS9vu4VILNBZdXbz3ViTSD2DL6m_4ujWLcwMm6TlrS_1Es1jtKxp4ynuhFx9ENacobj2NdGOHVZGQvXMyXgk0LIOOdoP7vIwOyQGOm0AD3-vGfWTuODiCE6On_bMm".
>>
>> So I am wondering that would you guys please help me with the unauthorized
>> error and the nova_client weird logic? I am not sure it is an issue, but it
>> seems odd.
>>
>> Fan Zhang.
>>
>> [1]. http://paste.ubuntu.com/25210882/
>> [2]. http://paste.ubuntu.com/25211836/
>>
>> ________________________________
>> Best wishes.
>>
>>
>>
>> _______________________________________________
>> Mailing list:
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to : openstack at lists.openstack.org
>> Unsubscribe :
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>
>
>
>
> --
> Services Computing Technology and System Lab && Cluster and Grid Computing
> Lab.
> School of Computer Science and Technology,
> Huazhong University of Science and Technology,
> Wuhan,430074,China.
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
More information about the Openstack
mailing list