Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1238862

Summary: Heat cfn api not working properly
Product: Red Hat OpenStack Reporter: Ben Nemec <bnemec>
Component: rhosp-directorAssignee: Ben Nemec <bnemec>
Status: CLOSED ERRATA QA Contact: Amit Ugol <augol>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: DirectorCC: calfonso, dmacpher, jslagle, mburns, rhel-osp-director-maint, rrosa
Target Milestone: gaKeywords: Triaged
Target Release: Director   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-tripleo-heat-templates-0.8.6-30.el7ost Doc Type: Bug Fix
Doc Text:
Deployed Overclouds configured the Heat CloudFormation API to use an auth_url pointing at localhost. However, Keystone does not listen on localhost. This caused an unusable Heat CloudFormation API. This fix changes the auth_url option in /etc/heat/heat.conf to the IP address where Keystone is listening on the Internal API network. The Heat CloudFormation API now functions correctly.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-05 13:58:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ben Nemec 2015-07-02 20:24:22 UTC 
Description of problem: The Heat cfn api is configured to use an auth_url pointing at localhost, which does not work because Keystone does not listen on localhost.


Version-Release number of selected component (if applicable): 


How reproducible: Probably always


Steps to Reproduce:
1. Deploy using OSP director
2. Create Heat stack that boots an instance which needs os-collect-config to retrieve metadata from the CFN api.
3.

Actual results: 500 internal server error from CFN api.


Expected results: Metadata successfully retrieved.


Additional info: Value from heat.conf:

[ec2authtoken]
auth_uri = http://127.0.0.1:5000/v2.0/ec2tokens


Snippet from the Heat CFN API log:
2015-07-02 16:21:06.076 2191 DEBUG heat.api.middleware.version_negotiation [-] Processing request: GET /v1/ Accept: */* process_request /usr/lib/python2.7/site-packages/heat/api/middleware/version_negotiation.py:50
2015-07-02 16:21:06.076 2191 DEBUG heat.api.middleware.version_negotiation [-] Matched versioned URI. Version: 1.0 process_request /usr/lib/python2.7/site-packages/heat/api/middleware/version_negotiation.py:65
2015-07-02 16:21:06.077 2191 INFO heat.api.aws.ec2token [-] Checking AWS credentials..
2015-07-02 16:21:06.077 2191 INFO heat.api.aws.ec2token [-] AWS credentials found, checking against keystone.
2015-07-02 16:21:06.078 2191 INFO heat.api.aws.ec2token [-] Authenticating with http://127.0.0.1:5000/v2.0/ec2tokens
2015-07-02 16:21:06.080 2191 INFO eventlet.wsgi.server [-] Traceback (most recent call last):
  [snipped traceback]
ConnectionError: ('Connection aborted.', error(111, 'ECONNREFUSED'))
2015-07-02 16:21:06.081 2191 INFO eventlet.wsgi.server [-] 9.1.1.21 - - [02/Jul/2015 16:21:06] "GET /v1/?SignatureVersion=2&AWSAccessKeyId=9ae68f89f7fa46ba91469f92dc02a07a&StackName=baremetal-openstack_bmc_servers-hm6cljyxiyt2-0-npcvubg54y5i&SignatureMethod=HmacSHA256&Signature=pBEc%2BDmPdp%2B7zG1c0%2B%2F4sRQyHdAWu8i5dT3usV77CG0%3D&Action=DescribeStackResource&LogicalResourceId=OpenStackBMCServer HTTP/1.1" 500 2897 0.004833

Note the "Authenticating with http://127.0.0.1:5000/v2.0/ec2tokens"

Can be worked around by manually changing the address in heat.conf and restarting openstack-heat-api-cfn.
Comment 4 Amit Ugol 2015-08-02 17:02:55 UTC 
parameter is set correctly now. tested on openstack-tripleo-heat-templates-0.8.6-45
Comment 6 errata-xmlrpc 2015-08-05 13:58:22 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2015:1549