Bug 717646

Summary: launching instances for a provider w/ multiple provider accounts fails to launch in the correct provider account
Product: [Retired] CloudForms Cloud Engine Reporter: Shveta <ssachdev>
Component: aeolus-conductorAssignee: Ian McLeod <imcleod>
Status: CLOSED CURRENTRELEASE QA Contact: wes hayutin <whayutin>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 0.3.1CC: akarol, cpelland, dajohnso, deltacloud-maint, dgao, ssachdev, whayutin
Target Milestone: beta   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-07-05 18:57:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Shveta 2011-06-29 13:24:41 UTC 
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Add different provider account for ec2-us-west-1 (Ex: me and aziza , we both added two provider accounts for ec2-us-west-1 with our respective credentials)
2. using aeolus-image launched an instance
3. Image was launched in aziza's account or say in any one out of the two accounts for ec2-us-west-1

How will it be decided which account the image will be launched in ?

It can be checked at https://snowstorm.lab.eng.pnq.redhat.com/conductor/
  
Actual results:


Expected results:


Additional info:
=================================================================
[root@snowstorm ~]# aeolus-image build --target ec2 --template template2.tpl 

Target Image: 19917836-2869-4bee-a244-0ba70181c8ad
Image: 6846d310-2050-4d17-a75f-4542fa8f3530
Build: e99e37ab-1418-445a-8d5a-5b3fcef5611a
Status: COMPLETED
Percent Complete: 100

==========================================================================
[root@snowstorm ~]# aeolus-image push --provider ec2-us-west-1 --id 6846d310-2050-4d17-a75f-4542fa8f3530

Provider Image: 7903deb9-22c6-4ae5-a9e6-4a44e0594ce3
Image: 6846d310-2050-4d17-a75f-4542fa8f3530
Build: e99e37ab-1418-445a-8d5a-5b3fcef5611a
Status: New
Percent Complete: 0
===============================================
[root@snowstorm ~]# vi /var/www/html/deployables.xml 
<deployable name="Sample">
 <description>This is an example deployment</description>
 <assemblies>
  <assembly name="frontend1" hwp="hwp1">
   <image id="6846d310-2050-4d17-a75f-4542fa8f3530">
   </image>
  </assembly>
 </assemblies>
</deployable

=======================================================================

Instance is launched .
Comment 1 wes hayutin 2011-06-29 13:45:08 UTC 
basically the bug is that we are not supporting multiple provider accounts per region w/ the aeolus-image tool
Comment 2 wes hayutin 2011-06-29 13:56:31 UTC 
 
<weshay> jayg hey dude.. are we supporting multiple provider accounts for the same provider w/ the aeolus-image yet?
<jayg> no, factory does not support that (aeolus-image doesn't care)
<jayg> it will support it, but not yet
<jayg> what it does now, I think, is to just grab the first account for a provider that it finds
<weshay> k
<jayg> there are a number of implementation details tbd


Leaving the bug on "NEW", but removed tracker for beta
Comment 3 Shveta 2011-07-04 10:03:35 UTC 
OK so only one provider account is supported in all regions ...
which means if i add a provider account for east first i will not be able to launch images in any other region (west etc ) . Similarly if i add account for west first , i can't launch images for east .

So its not one provider account per region . Its one provider account per account ??

I have tried this if i add account for west and then east and then try to launch image for east , the credentials of first added account are used as shown in the logs below :




===== imagefactory.log-===================


011-07-04 15:19:12,276 DEBUG imagefactory.ImageWarehouse.ImageWarehouse pid(4550) Message: Setting metadata ({'latest_build': '1addbc8b-7bc0-48ba-8786-090d34df3421'}) for http://localhost:9090/images/f2c84026-ec61-4c9d-84f2-c20df0443dc3
2011-07-04 15:19:12,317 DEBUG imagefactory.ImageWarehouse.ImageWarehouse pid(4550) Message: Setting metadata ({'latest_unpushed': None}) for http://localhost:9090/images/f2c84026-ec61-4c9d-84f2-c20df0443dc3
2011-07-04 15:19:12,360 DEBUG imagefactory.BuildJob.BuildAdaptor pid(4550) Message: Raising event with agent handler (<ImageFactoryAgent(Thread-1, initial)>), changed status from PUSHING to COMPLETED
2011-07-04 15:24:04,883 DEBUG imagefactory.qmfagent.ImageFactoryAgent.ImageFactoryAgent pid(4550) Message: Method called: name = push_image 
 args = {'credentials': '<provider_accounts>\n<provider_account>\n<name>aziza_west</name>\n<provider>ec2-us-west-1</provider>\n<provider_type>ec2</provider_type>\n<provider_credentials>\n  <ec2_credentials>\n    <access_key>AKIAJRCPNVJYQBHCOBEA</access_key>\n    <account_number>9598-0080-3741</account_number>\n    <certificate>-----BEGIN CERTIFICATE-----\nMIICdzCCAeCgAwIBAgIGAMp5gVrbMA0GCSqGSIb3DQEBBQUAMFMxCzAJBgNVBAYT\nAlVTMRMwEQYDVQQKEwpBbWF6b24uY29tMQwwCgYDVQQLEwNBV1MxITAfBgNVBAMT\nGEFXUyBMaW1pdGVkLUFzc3VyYW5jZSBDQTAeFw0xMTA2MTAxMTA2NTNaFw0xMjA2\nMDkxMTA2NTNaMFIxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpBbWF6b24uY29tMRcw\nFQYDVQQLEw5BV1MtRGV2ZWxvcGVyczEVMBMGA1UEAxMMMjI1Z3IyZjdmaWQxMIGf\nMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCEp03pE8x4/5OtS+s781Kg8dcPaIdG\n2v0p0p/ThiL53+xClt+XlmvuXf+iitMg/AuixrLwWkzqwRhNsd+jkYpC9Kw+L2vM\nDB7QqlD+RnsCPD+jS9qfWxN9GbmFRBX/cRRnxMgjHGySr7EqwWhMdkG7LS5wFAgz\nHhhOC8MP/pSb+QIDAQABo1cwVTAOBgNVHQ8BAf8EBAMCBaAwFgYDVR0lAQH/BAww\nCgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUoadVSDUsc1bkQ3v5\nnQUV40arcIswDQYJKoZIhvcNAQEFBQADgYEACA7o+5lt3S8ZReIn59mln12WW135\nk9bQ1tq8JEa4G2Nd1Eo4kOGiaBudCZH4TIshioeg/0WAL69AlDeLKtOXJK7eS/Ef\nlI7LF9g7EH/SD+52XMzza3NHhRmxFggbyEdSEnRRV8nFVohL03cgXTyLo/9GIAI4\ng/uXFnLKJkY9xRs=\n-----END CERTIFICATE-----\n</certificate>\n    <key>-----BEGIN PRIVATE KEY-----&#xD;\nMIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAISnTekTzHj/k61L6zvzUqDx1w9o&#xD;\nh0ba/SnSn9OGIvnf7EKW35eWa+5d/6KK0yD8C6LGsvBaTOrBGE2x36ORikL0rD4va8wMHtCqUP5G&#xD;\newI8P6NL2p9bE30ZuYVEFf9xFGfEyCMcbJKvsSrBaEx2QbstLnAUCDMeGE4Lww/+lJv5AgMBAAEC&#xD;\ngYB+be6FnIcfM4eOfXMf2lMAbj6owtlboM/1Ened5JRlTxQgiydjlMwdjZ1dT67WGyMD6xkUlxwE&#xD;\nCjGdq1AY11fMBVy+GCsnVCG160020SnOQ8AIekG1LHLqE3XkmubSTQYUkIzki5mMWwdgcoUJiQCq&#xD;\nwD1vNqc0V6juGpzWLywOGQJBAL9WIELcOhZLVCBu5h/s2yB5oKb8HrhmCQQ2/VTR9fxPiYhHkLg1&#xD;\nlnLnPgLW8+B4MrUpfMghoIiH9K3Wc6tlg6cCQQCxfBqb1wquH3KduTL4NxY1SAFfTwylwl64nRSs&#xD;\ncCgIETds1XjB6gQL/CqO67nLAFCFTDWAz3xd6uLADgB73VdfAkA37p9jrCk21zJygLi44G52Idf6&#xD;\nuHzqfrloCAMqRm5YIZAczH7bup6OXFbeUaPdHIYGO2iEwH/DKas3HheWJQjFAkA1HMppsGSFzuth&#xD;\nv7Y9CV8f+rhOaT2DrTLjVD6Hi9iu8VgAvbExdnJXk9K4ilpDIYj3GuM39N9my4+noYkLiCVJAkAN&#xD;\nyySVMWVSKAS3OLwLUD+R47WNOQKBVJ4XIggI7e4EpilBTTy6wWIl2e5Sq45+ifZEAkzINogEIC1N&#xD;\nr6epvtYb&#xD;\n-----END PRIVATE KEY-----</key>\n    <secret_access_key>KQaCCub8PfyshHi7SvNOupRSbozSduObirlMUpvo</secret_access_key>\n  </ec2_credentials>\n</provider_credentials>\n</provider_account>\n<provider_account>\n<name>ssachdev</name>\n<provider>ec2-us-east-1</provider>\n<provider_type>ec2</provider_type>\n<provider_credentials>\n  <ec2_credentials>\n    <access_key>AKIAI2KPFDYVZKSRTJMQ</access_key>\n    <account_number>8571-4451-8821</account_number>\n    <certificate>-----BEGIN CERTIFICATE-----\nMIICdzCCAeCgAwIBAgIGAMJXMqKzMA0GCSqGSIb3DQEBBQUAMFMxCzAJBgNVBAYT\nAlVTMRMwEQYDVQQKEwpBbWF6b24uY29tMQwwCgYDVQQLEwNBV1MxITAfBgNVBAMT\nGEFXUyBMaW1pdGVkLUFzc3VyYW5jZSBDQTAeFw0xMDAzMTUwODQ4MzJaFw0xMTAz\nMTUwODQ4MzJaMFIxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpBbWF6b24uY29tMRcw\nFQYDVQQLEw5BV1MtRGV2ZWxvcGVyczEVMBMGA1UEAxMMOGdjNnE3cWxyeHdyMIGf\nMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCA+sHEOT+GdxxqRmnC2cqzBX+fbbtm\nD/wV0X8kgHhjYkPhPPTVpf1E2hOuqXjAuSSOQdSiCYtfaoIz6BwF0IKOiGqH9mXW\nbM8SZKadGY61fa0D2lqLAYfed25g28PCWqmcJlzzi8faS4Qpoli17gZtmhbATsYq\nJjY8DnP5OHzbZQIDAQABo1cwVTAOBgNVHQ8BAf8EBAMCBaAwFgYDVR0lAQH/BAww\nCgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUG80Ae0eU2DZLCkJs\nU4My6hBhkHYwDQYJKoZIhvcNAQEFBQADgYEAXHh
Comment 4 Shveta 2011-07-05 12:36:33 UTC 
*** Bug 700478 has been marked as a duplicate of this bug. ***
Comment 5 wes hayutin 2011-07-05 14:28:53 UTC 
Shveta.. us-east is a provider.. us-west is a provider .. so if you have one provider account for each.  You can launch in us-east and us-west... you should be OK

If you have realms setup for each.. the correct credentials should be used for each build.. 

It sounds like that may not be the case.
Comment 6 wes hayutin 2011-07-05 14:40:57 UTC 
https://bugzilla.redhat.com/show_bug.cgi?id=714286

Shveta does this bug answer the question? ^
Comment 7 Shveta 2011-07-05 15:39:34 UTC 
*** Bug 714286 has been marked as a duplicate of this bug. ***
Comment 8 Shveta 2011-07-05 15:46:04 UTC 
This is similar as bug 714286.

The Exact scenario is :
I have two provider accounts : a) accnt_east  for ec2_us_east_1
                               b) accnt_west  for ec2_us_west_1

two realms                   : a) us-east mapped to ec2_us_east_1
                               b) us-west mapped to ec2_us_west_1

Now , if i have added accnt_east first and try to launch image for us-east
it works fine and gets launched .
Then if i try to launch image for  accnt_west (realm us-west ) it uses the credentials of accnt_east only and hance fails (as seen in the imagefactory.log) 

So , the image is tried to launch in the account which is first added (east or west )
I hope its clear now ..
Comment 9 wes hayutin 2011-07-05 18:57:20 UTC 
multiple provider accounts not supported for providers now
Comment 10 wes hayutin 2011-07-11 00:32:32 UTC 
removing from tracker
Comment 11 wes hayutin 2011-12-08 14:14:11 UTC 
perm close