Bug 1812045

Summary:	Openstack keystone API v3 is not supported in Openstack Image or Block Storage external provider
Product:	[oVirt] ovirt-engine	Reporter:	Petr Kubica <pkubica>
Component:	General	Assignee:	bugs <bugs>
Status:	CLOSED DUPLICATE	QA Contact:	Lukas Svaty <lsvaty>
Severity:	high	Docs Contact:
Priority:	medium
Version:	4.3.8.2	CC:	bugs, michal.skrivanek, mtessun
Target Milestone:	---	Keywords:	AutomationBlocker
Target Release:	---	Flags:	mtessun: ovirt-4.4? mtessun: planning_ack+ mtessun: devel_ack? mtessun: testing_ack?
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2020-03-11 08:20:01 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	Integration	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Petr Kubica 2020-03-10 12:34:32 UTC

Description of problem:
https://docs.openstack.org/api-ref/identity/index.html v2.0 is marked as deprecated

It is not possible to change API version when adding Openstack Image provider
(also other Openstack external providers could be affected aswell)
https://blueprints.launchpad.net/keystone/+spec/removed-as-of-queens

And the default predefined port 35357 was deprecated (more info here: https://docs.openstack.org/releasenotes/puppet-keystone/rocky.html, https://bugs.launchpad.net/charm-keystone/+bug/1747972)

I found information about supporting v3 keystone API in oVirt: https://www.ovirt.org/develop/release-management/features/network/openstack_identity_api_v3.html 
but it looks like it is only about Openstack Networking provider and not about the others.

engine.log
2020-03-10 12:42:53,736+01 INFO  [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default task-1147) [88eb4c5a-9c7e-4b10-9265-e5b78b77a82f] Running command: TestProviderConnectivityCommand internal: false. Entities affected :  ID: aaa00000-0000-0000-0000-123456789aaa Type: SystemAction group CREATE_STORAGE_POOL with role type ADMIN
2020-03-10 12:42:53,764+01 ERROR [org.ovirt.engine.core.bll.provider.storage.AbstractOpenStackStorageProviderProxy] (default task-1147) [88eb4c5a-9c7e-4b10-9265-e5b78b77a82f] Not Found (OpenStack response error code: 404)
2020-03-10 12:42:53,764+01 ERROR [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default task-1147) [88eb4c5a-9c7e-4b10-9265-e5b78b77a82f] Command 'org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand' failed: EngineException: (Failed with error PROVIDER_FAILURE and code 5050)

keystone_access.log
[10/Mar/2020:12:42:53 +0100] "POST /v2.0/tokens HTTP/1.1" 404 233 "-" "Apache-HttpClient/4.5.2.redhat-2 (Java/1.8.0_232)"

Currently it's not possible to add current Openstack Image provider into RHV.

Version-Release number of selected component (if applicable):
openstack-keystone-16.0.0-1.el7.noarch
openstack-glance-19.0.1-1.el7.noarch
ovirt-engine-4.3.8.2-0.4.el7.noarch

How reproducible:
always

Steps to Reproduce:
1. Add Openstack Image or OpenStack Block Storage
2. Try to change API version to v3 (it's not possible to do that)
3. Test connection

Comment 1 Michal Skrivanek 2020-03-10 12:50:16 UTC

duplicate of 1704349. unauth access should work

Comment 2 Sandro Bonazzola 2020-03-11 08:20:01 UTC


*** This bug has been marked as a duplicate of bug 1704349 ***