Bug 1166295

Summary: Permission issue refreshing OSP 5
Product: Red Hat CloudForms Management Engine Reporter: Bill Helgeson <bhelgeso>
Component: ApplianceAssignee: Josh Carter <jocarter>
Status: CLOSED DUPLICATE QA Contact: Dave Johnson <dajohnso>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 5.3.0CC: bhelgeso, jhardy, jocarter, jrafanie, xlecauch
Target Milestone: GA   
Target Release: 5.4.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-12-08 15:07:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Bill Helgeson 2014-11-20 18:15:45 UTC 
Description of problem: We have a fresh install it seems that validate workes fine as admin user however refresh is using a different tenant id than admin.

 
               I am receiving the below error when connecting cloudforms to osp. I am using the admin username and password. The credentials validate successfully using the cloudforms validate button. debug emails copied below.
 
 
This log is from a ui after the inventory was invoked.
 
[----] E, [2014-11-20T16:27:18.883089 #1935:1246804] ERROR -- : <Fog> excon.error     #<Excon::Errors::Unauthorized: Expected([200, 204]) <=> Actual(401 Unauthorized)
  response => #<Excon::Response:0x0000000ae2d8f8 @data={:body=>"{\"error\": {\"message\": \"The request you have made requires authentication.\", \"code\": 401, \"title\": \"Unauthorized\"}}", :headers=>{"Www-Authenticate"=>"Keystone uri=\"http://10.21.148.90:5000\"", "Vary"=>"X-Auth-Token", "Content-Type"=>"application/json", "Content-Length"=>"114", "Date"=>"Thu, 20 Nov 2014 16:27:15 GMT"}, :status=>401, :remote_ip=>"10.21.148.90"}, @body="{\"error\": {\"message\": \"The request you have made requires authentication.\", \"code\": 401, \"title\": \"Unauthorized\"}}", @headers={"Www-Authenticate"=>"Keystone uri=\"http://10.21.148.90:5000\"", "Vary"=>"X-Auth-Token", "Content-Type"=>"application/json", "Content-Length"=>"114", "Date"=>"Thu, 20 Nov 2014 16:27:15 GMT"}, @status=401, @remote_ip="10.21.148.90">>
 
 
This log is from a worker after the inventory was invoked.
[----] E, [2014-11-20T11:26:16.698546 #30603:b6308c] ERROR -- : <Fog> excon.error     #<Excon::Errors::Unauthorized: Expected([200, 204]) <=> Actual(401 Unauthorized)
[----] E, [2014-11-20T11:26:29.063776 #30603:b6308c] ERROR -- : <Fog> excon.error     #<Excon::Errors::Unauthorized: Expected([200, 204]) <=> Actual(401 Unauthorized)
[----] E, [2014-11-20T11:26:38.414619 #30603:b6308c] ERROR -- : MIQ(MiqQueue.deliver)    Message id: [70000000015949], Error: [undefined method `[]' for nil:NilClass]
[----] E, [2014-11-20T11:26:38.414731 #30603:b6308c] ERROR -- : [NoMethodError]: undefined method `[]' for nil:NilClass  Method:[rescue in deliver]
[----] E, [2014-11-20T11:26:38.414781 #30603:b6308c] ERROR -- : /var/www/miq/vmdb/app/models/ems_refresh/parsers/openstack.rb:426:in `block in parse_volume'
[----] E, [2014-11-20T13:26:37.740267 #3015:3a6088] ERROR -- : <Fog> excon.error     #<Excon::Errors::Unauthorized: Expected([200, 204]) <=> Actual(401 Unauthorized)
[----] E, [2014-11-20T13:26:50.040027 #3015:3a6088] ERROR -- : <Fog> excon.error     #<Excon::Errors::Unauthorized: Expected([200, 204]) <=> Actual(401 Unauthorized)
[----] E, [2014-11-20T13:26:59.484912 #3015:3a6088] ERROR -- : MIQ(MiqQueue.deliver)    Message id: [70000000018044], Error: [undefined method `[]' for nil:NilClass]
[----] E, [2014-11-20T13:26:59.485052 #3015:3a6088] ERROR -- : [NoMethodError]: undefined method `[]' for nil:NilClass  Method:[rescue in deliver]
[----] E, [2014-11-20T13:26:59.485104 #3015:3a6088] ERROR -- : /var/www/miq/vmdb/app/models/ems_refresh/parsers/openstack.rb:426:in `block in parse_volume'
[----] E, [2014-11-20T15:26:55.649482 #7898:4ef87c] ERROR -- : <Fog> excon.error     #<Excon::Errors::Unauthorized: Expected([200, 204]) <=> Actual(401 Unauthorized)
[----] E, [2014-11-20T15:27:06.946184 #7898:4ef87c] ERROR -- : <Fog> excon.error     #<Excon::Errors::Unauthorized: Expected([200, 204]) <=> Actual(401 Unauthorized)
[----] E, [2014-11-20T15:27:14.187247 #7898:4ef87c] ERROR -- : MIQ(MiqQueue.deliver)    Message id: [70000000020161], Error: [undefined method `[]' for nil:NilClass]
[----] E, [2014-11-20T15:27:14.187396 #7898:4ef87c] ERROR -- : [NoMethodError]: undefined method `[]' for nil:NilClass  Method:[rescue in deliver]
[----] E, [2014-11-20T15:27:14.187447 #7898:4ef87c] ERROR -- : /var/www/miq/vmdb/app/models/ems_refresh/parsers/openstack.rb:426:in `block in parse_volume'
[----] E, [2014-11-20T15:34:56.032232 #7898:4ef87c] ERROR -- : <Fog> excon.error     #<Excon::Errors::Unauthorized: Expected([200, 204]) <=> Actual(401 Unauthorized)
[----] E, [2014-11-20T15:34:59.209804 #7898:4ef87c] ERROR -- : MIQ(MiqQueue.deliver)    Message id: [70000000020306], Error: [undefined method `[]' for nil:NilClass]
[----] E, [2014-11-20T15:34:59.209913 #7898:4ef87c] ERROR -- : [NoMethodError]: undefined method `[]' for nil:NilClass  Method:[rescue in deliver]
[----] E, [2014-11-20T15:34:59.209961 #7898:4ef87c] ERROR -- : /var/www/miq/vmdb/app/models/ems_refresh/parsers/openstack.rb:426:in `block in parse_volume'
 

I see the following:
 
2014-11-20 16:32:48.991 30483 WARNING keystone.token.controllers [-] User b69398f579d64121b057c36764b3d315 is unauthorized for
tenant ed3e66082fcf433ba9d644dbc9f97f3e
2014-11-20 16:32:48.992 30483 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authen
tication. from 172.17.10.23
 
I will decode and get back to you.

The user you are using below is admin but the tenant you’re trying to validate against is the service tenant, you should be using the uuid for admin tenant.
 
+----------------------------------+----------+---------+
|                id                |   name   | enabled |
+----------------------------------+----------+---------+
| e07cc4ae77dc4ac48ffffbbede98dbe7 |  admin   |   True  |
| ed3e66082fcf433ba9d644dbc9f97f3e | services |   True  |
+----------------------------------+----------+---------+
 
 
2014-11-20 16:32:48.991 30483 WARNING keystone.token.controllers [-] User b69398f579d64121b057c36764b3d315 is unauthorized for
tenant ed3e66082fcf433ba9d644dbc9f97f3e
2014-11-20 16:32:48.992 30483 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authen
tication. from 172.17.10.23


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 Josh Carter 2014-11-20 21:06:34 UTC 
Hi, 

Looks like a openstack volume error. 


Replace the following section in /var/www/miq/vmdb/app/models/ems_refresh/parsers/openstack.rb

   def parse_volume(volume)
      if (attachment = volume.attachments.first)
        server_id = attachment["server_id"]
        vm = @data_index.fetch_path(:vms, server_id)
      end
      uid = volume.id
      new_result = {
        :ems_ref           => uid,
        :name              => volume.display_name,
        :status            => volume.status,
        :bootable          => volume.attributes['bootable'],
        :creation_time     => volume.created_at,
        :description       => volume.display_description,
        :volume_type       => volume.volume_type,
        :snapshot_uid      => volume.snapshot_id,
        :size              => volume.size.to_i.gigabytes,
        :tenant            => @data_index.fetch_path(:cloud_tenants, volume.attributes['os-vol-tenant-attr:tenant_id']),
        :availability_zone => @data_index.fetch_path(:availability_zones, volume.availability_zone || "null_az"),
      }

      volume.attachments.each do |a|
        dev = File.basename(a['device'])
        vm = @data_index.fetch_path(:vms, a['server_id'])
        disks = vm[:hardware][:disks]

        if (disk = disks.detect { |d| d[:location] == dev })
          disk[:size] = new_result[:size]
        else
          disk = add_instance_disk(disks, new_result[:size], dev, "OpenStack Volume")
        end

        if disk
          disk[:backing]      = new_result
          disk[:backing_type] = 'CloudVolume'
        end
      end

      return uid, new_result
    end

with https://github.com/ManageIQ/manageiq/blob/master/vmdb/app/models/ems_refresh/parsers/openstack.rb#L394-L435


Add the following line. 

https://github.com/ManageIQ/manageiq/blob/master/vmdb/app/models/ems_refresh/parsers/openstack.rb#L395


restart the evmserverd and then issue a refresh relationship and power states on the openstack env.
Comment 4 Josh Carter 2014-12-08 15:07:38 UTC 

*** This bug has been marked as a duplicate of bug 1165305 ***