Bug 1354053

Summary: Not able to start master because of cloud config.
Product: OpenShift Container Platform Reporter: Eric Rich <erich>
Component: NodeAssignee: Seth Jennings <sjenning>
Status: CLOSED ERRATA QA Contact: DeShuai Ma <dma>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 3.1.0CC: aos-bugs, jokerman, mmccomas, tdawson, wmeng
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: atomic-openshift-3.2.0.1-1.git.0.51d2d0c.el7 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-09-27 09:39:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Eric Rich 2016-07-08 20:53:28 UTC 
Description of problem:

Master will not start, and is reporting: 

> ERROR: could not init cloud provider "openstack": You must provide exactly one of DomainID or DomainName to authenticate by Username

Version-Release number of selected component (if applicable): 3.1
How reproducible: Unconfirmed 

Steps to Reproduce:
1. create /etc/cloud.conf with the following per the docs: https://docs.openshift.com/enterprise/3.1/install_config/configuring_openstack.html

[Global]
auth-url = https://openstack.example.com:443/v3
username = "14666788 OTC00000000001000000815"
password = "xxxxxxxx"
tenant-id = "OTC00000000001000000815"
region = "nova"
domain-name = "OTC00000000001000000815"

1.2. This also seems to fail if the domain-id is uesed, instead of the domain-name. 

domain-id = "OTC00000000001000000815"

Actual results:

> ERROR: could not init cloud provider "openstack": You must provide exactly one of DomainID or DomainName to authenticate by Username

Expected results:

Master should start, and be able to integrate and work with OpenStack. 


Additional info:

Commit: https://github.com/openshift/origin/commit/f7ec568ee8077e340765d3a7e780299028128eed that added the functionality. 

Code Walk: 

  https://github.com/openshift/origin/blob/master/pkg/cmd/server/kubernetes/master_config.go#L155-L158
   https://github.com/kubernetes/kubernetes/blob/master/pkg/cloudprovider/plugins.go#L92                           << ERROR [1]
     https://github.com/kubernetes/kubernetes/blob/master/pkg/cloudprovider/providers/openstack/openstack.go#L123
       https://github.com/kubernetes/kubernetes/blob/master/pkg/cloudprovider/providers/openstack/openstack.go#L155
         - https://github.com/go-gcfg/gcfg/blob/v1/read.go#L52-L152
       https://github.com/kubernetes/kubernetes/blob/master/pkg/cloudprovider/providers/openstack/openstack.go#L225
         https://github.com/kubernetes/kubernetes/blob/master/pkg/cloudprovider/providers/openstack/openstack.go#L131
       https://github.com/rackspace/gophercloud/blob/master/openstack/client.go#L71-L86
         https://github.com/rackspace/gophercloud/blob/master/openstack/client.go#L88-L109
         https://github.com/rackspace/gophercloud/blob/master/openstack/client.go#L182
           https://github.com/rackspace/gophercloud/blob/master/openstack/identity/v3/tokens/requests.go#L124-L127   
             https://github.com/rackspace/gophercloud/blob/master/openstack/identity/v3/tokens/errors.go#L53        << ERROR [2] 

In short no, debugging in this code (as it relates to reading or creating the config) can be enabled to help explain why the config is not being read properly, or why a user might see this error.
Comment 1 Eric Rich 2016-07-08 21:10:20 UTC 
This might be related to https://github.com/kubernetes/kubernetes/issues/25066 however its not clear because this error should be seen before authentication is done. 

> https://github.com/rackspace/gophercloud/blob/master/openstack/identity/v3/tokens/requests.go#L124-L127 

The error is thrown in creating the authentication client (in the middle of the authentication methods).
Comment 2 Seth Jennings 2016-07-11 20:52:21 UTC 
There is conflicting information here.  Bug is filed against 3.2 but c0 says 3.1.  

If this is indeed 3.1, it lacks the cloud provider code to handle v3 identity service.  In particular, the domain name and id code was added in upstream Kubernetes 1.2 (https://github.com/kubernetes/kubernetes/commit/3eae589)

I was able to reproduce on 3.1.1.6

However, it should work for OSE 3.2.
Comment 3 Seth Jennings 2016-07-12 14:11:53 UTC 
Assuming this is 3.1, in which case, this is fixed in the current release.  QE can verify.
Comment 4 Weihua Meng 2016-07-13 09:43:37 UTC 
Verified on openshift v3.3.0.4
Fixed.
If correct openstack configuration used, openshift master running.
If openstack configuration is incorrect, openshift master cannot start and reason is given. "could not init cloud provider "openstack"
no string like "domain-id" found.

NOTE: If openstack configuration is incorrect, openshift master could not start.
Comment 6 errata-xmlrpc 2016-09-27 09:39:36 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1933