Bug 1123542

Summary: file templated catalogs do not work in protocol v3
Product: [Community] RDO Reporter: Fabrice A. Marie <fabrice>
Component: openstack-keystoneAssignee: Alan Pevec <apevec>
Status: CLOSED CURRENTRELEASE QA Contact: Mike Abrams <mabrams>
Severity: medium Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: apevec, ayoung, mabrams, nkinder, yeylon
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-25 17:54:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Catalog driver generates v3 catalog from v2 catalog none

Description Fabrice A. Marie 2014-07-26 03:27:50 UTC 
Created attachment 921121 [details]
Catalog driver generates v3 catalog from v2 catalog

Hi,

Description of problem:
When using file template backed catalog (not sql backed catalog) over keystone v3 api, the user's catalog returned during authentication is empty,
and heat-engine fails with:

2014-07-25 16:53:45.475 39121 WARNING keystoneclient.httpclient [-] Failed to retrieve management_url from token
2014-07-25 16:53:45.476 39121 ERROR heat.engine.parser [req-e4a09015-fea3-4805-a344-72198a5cfd5d None] Property error : server1: image The service catalog is empty.
2014-07-25 16:53:45.476 39121 TRACE heat.engine.parser Traceback (most recent call last):
2014-07-25 16:53:45.476 39121 TRACE heat.engine.parser   File "/usr/lib/python2.6/site-packages/heat/engine/parser.py", line 356, in validate
2014-07-25 16:53:45.476 39121 TRACE heat.engine.parser     result = res.validate()
2014-07-25 16:53:45.476 39121 TRACE heat.engine.parser   File "/usr/lib/python2.6/site-packages/heat/engine/resources/server.py", line 872, in validate
2014-07-25 16:53:45.476 39121 TRACE heat.engine.parser     super(Server, self).validate()
2014-07-25 16:53:45.476 39121 TRACE heat.engine.parser   File "/usr/lib/python2.6/site-packages/heat/engine/resource.py", line 646, in validate
2014-07-25 16:53:45.476 39121 TRACE heat.engine.parser     return self.properties.validate()
2014-07-25 16:53:45.476 39121 TRACE heat.engine.parser   File "/usr/lib/python2.6/site-packages/heat/engine/properties.py", line 313, in validate
2014-07-25 16:53:45.476 39121 TRACE heat.engine.parser     raise exception.StackValidationFailed(message=msg)
2014-07-25 16:53:45.476 39121 TRACE heat.engine.parser StackValidationFailed: Property error : server1: image The service catalog is empty.
2014-07-25 16:53:45.476 39121 TRACE heat.engine.parser 
2014-07-25 16:53:45.477 39121 DEBUG heat.openstack.common.rpc.amqp [req-e4a09015-fea3-4805-a344-72198a5cfd5d None] Expected exception during message handling (Property error : server1: image The service catalog is empty.) _process_data /usr/lib/python2.6/site-packages/heat/openstack/common/rpc/amqp.py:473

Version-Release number of selected component (if applicable):
Centos/RHEL 6.5 fully up to date
openstack-keystone-2014.1.1-1

How reproducible:
Always.

Steps to Reproduce:
1. Configure keystone to use file backed catalog driver:
grep -i catalog /etc/keystone/keystone.conf
[catalog]
template_file=/etc/keystone/catalog.templates
driver=keystone.catalog.backends.templated.Catalog

2. Updates your endpoints in /etc/keystone/catalog.templates
3. Restart keystone
4. In heat, create a stack, and it will fail with the above error message.


Actual results:
 "Expected exception during message handling (Property error : server1: image The service catalog is empty.)"
The response received from keystone by heat-engine is:
 RESP: [201] {'x-subject-token': 'MIID5gYJKoZIhvcNAQcCoIID1zCCA9MCAQExCTAHBgUrDgMCGjCCAh8GCSqGSIb3DQEHAaCCAhAEggIMeyJ0b2tlbiI6IHsibWV0aG9kcyI6IFsidG9rZW4iXSwgInJvbGVzIjogW3siaWQiOiAiOWZlMmZmOWVlNDM4NGIxODk0YTkwODc4ZDNlOTJiYWIiLCAibmFtZSI6ICJfbWVtYmVyXyJ9LCB7ImlkIjogImRiYTU5OTBiOTYxYjQwYTdiNjUwOTQ2OWE4MDJjZGE1IiwgIm5hbWUiOiAiYWRtaW4ifV0sICJleHBpcmVzX2F0IjogIjIwMTQtMDctMjVUMDk6NTM6NDQuMDAwMDAwWiIsICJwcm9qZWN0IjogeyJkb21haW4iOiB7ImlkIjogImRlZmF1bHQiLCAibmFtZSI6ICJEZWZhdWx0In0sICJpZCI6ICI0NWU3NWRiMTc3ZjI0MDk0ODY1YjBhNjQwOGUyN2E0YiIsICJuYW1lIjogImFkbWluIn0sICJjYXRhbG9nIjoge30sICJleHRyYXMiOiB7fSwgInVzZXIiOiB7ImRvbWFpbiI6IHsiaWQiOiAiZGVmYXVsdCIsICJuYW1lIjogIkRlZmF1bHQifSwgImlkIjogIjliN2ViNjQ0YTYzNzQ3YTY4OGY0Y2RhMWNiOGQ0ZjZlIiwgIm5hbWUiOiAiYWRtaW4ifSwgImlzc3VlZF9hdCI6ICIyMDE0LTA3LTI1VDA4OjUzOjQ1LjM2ODM0M1oifX0xggGeMIIBmgIBATB5MHQxCzAJBgNVBAYTAlNHMRIwEAYDVQQIDAlTaW5nYXBvcmUxEjAQBgNVBAcMCVNpbmdhcG9yZTEbMBkGA1UECgwSS2liaW4gTGFicyBQdGUgTHRkMSAwHgYDVQQDDBdLZXlzdG9uZSBDQSBDZXJ0aWZpY2F0ZQIBADAHBgUrDgMCGjANBgkqhkiG9w0BAQEFAASCAQCsyjG6jVJHSXpHoYU9Zf0XiVlQHwbQmBbLI85RMWIdjxSX6Qq1pBp+UB3syGxd-J1q6J76XmCvbPSerxhar2vxtkzulljI9ltshOLGlfCaY7r8bIFOAdxD7XvQk8uL77KxfwBU8WzI9x30lsSQ7p2qJZSWyl4-F4nF3jmAaQzN6d3NWMGL8gY+Oeia048Xg+7SeuEJqvy0enGRaLjR+IBsh-SZLr1Dv9bn0hZ3S36oJ8vtf9+KRx7ogjbUULHQ1jVIL3wUuOYnYntpDHw7s650gFUqUW1YZJDeCthIkPUR6x3L5FECJvkCW9baVmicNNi4Hi8MK8PwWHXyjx1176WE', 'content-type': 'application/json', 'content-length': '524', 'vary': 'X-Auth-Token', 'date': 'Fri, 25 Jul 2014 08:53:45 GMT'}
RESP BODY: {"token": {"methods": ["token"], "roles": [{"id": "9fe2ff9ee4384b1894a90878d3e92bab", "name": "_member_"}, {"id": "dba5990b961b40a7b6509469a802cda5", "name": "admin"}], "expires_at": "2014-07-25T09:53:44.000000Z", "project": {"domain": {"id": "default", "name": "Default"}, "id": "45e75db177f24094865b0a6408e27a4b", "name": "admin"}, "catalog": {}, "extras": {}, "user": {"domain": {"id": "default", "name": "Default"}, "id": "9b7eb644a63747a688f4cda1cb8d4f6e", "name": "admin"}, "issued_at": "2014-07-25T08:53:45.368343Z"}}
 _send_request /usr/lib/python2.6/site-packages/keystoneclient/session.py:297

[You can see there's no catalog]

Expected results:
No error message.

Additional info:
A fixed has already be developed:
https://review.openstack.org/#/c/70630/
Patch was merged in master branch, but works perfectly well in icehouse branch.

Please find attached a patch to the latest openstack-keystone source rpm:
diffstat v3_catalogs.patch 
 0004-catalog-driver-generates-v3-catalog-from-v2-catalog.patch |  178 ++++++++++
 openstack-keystone.spec                                        |    8 
 2 files changed, 185 insertions(+), 1 deletion(-)

I've tested it and it fixes the issue with heat and empty catalogs.

Hope this helps.

Regards,
Fabrice.
Comment 1 Alan Pevec 2015-03-19 22:59:37 UTC 
Backported to stable/icehouse and released in 2014.1.3
Comment 2 Alan Pevec 2015-03-19 23:32:52 UTC 
Keystone 2014.1.4 update is https://review.gerrithub.io/221759
Comment 3 Mike Abrams 2015-11-17 06:05:17 UTC 
can you elaborate on:
2. Updates your endpoints in /etc/keystone/catalog.templates

...also, what heat stack create command should i use to reproduce?
Comment 4 Alan Pevec 2015-11-25 17:54:31 UTC 
RDO Icehouse is EOL but upstream fix https://review.openstack.org/#/q/I1646c7dcab90f2e0e9e370f48f7ee3643bd2fe3d,n,z has been merged and is available in the latest update.

But I'm not sure if templated catalog is recommended at all, Nathan?

Re. comment 3 - look at that file, it should be self-explaining.
Default is all localhost URLs, which need to be adjusted unless you have AIO setup.
Comment 5 Nathan Kinder 2016-01-20 01:26:18 UTC 
(In reply to Alan Pevec from comment #4)
> But I'm not sure if templated catalog is recommended at all, Nathan?

The SQL backend is preferred, as it will let you manage the catalog endpoints via the API.