1123542 – file templated catalogs do not work in protocol v3

RDO tickets are now tracked in Jira https://issues.redhat.com/projects/RDO/issues/

Bug 1123542 - file templated catalogs do not work in protocol v3

Summary: file templated catalogs do not work in protocol v3

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	RDO
Classification:	Community
Component:	openstack-keystone
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Alan Pevec
QA Contact:	Mike Abrams
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-07-26 03:27 UTC by Fabrice A. Marie
Modified:	2016-04-26 20:45 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-11-25 17:54:31 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Catalog driver generates v3 catalog from v2 catalog (9.52 KB, patch) 2014-07-26 03:27 UTC, Fabrice A. Marie	no flags	Details \| Diff
View All

Description Fabrice A. Marie 2014-07-26 03:27:50 UTC

Created attachment 921121 [details]
Catalog driver generates v3 catalog from v2 catalog

Hi,

Description of problem:
When using file template backed catalog (not sql backed catalog) over keystone v3 api, the user's catalog returned during authentication is empty,
and heat-engine fails with:

2014-07-25 16:53:45.475 39121 WARNING keystoneclient.httpclient [-] Failed to retrieve management_url from token
2014-07-25 16:53:45.476 39121 ERROR heat.engine.parser [req-e4a09015-fea3-4805-a344-72198a5cfd5d None] Property error : server1: image The service catalog is empty.
2014-07-25 16:53:45.476 39121 TRACE heat.engine.parser Traceback (most recent call last):
2014-07-25 16:53:45.476 39121 TRACE heat.engine.parser   File "/usr/lib/python2.6/site-packages/heat/engine/parser.py", line 356, in validate
2014-07-25 16:53:45.476 39121 TRACE heat.engine.parser     result = res.validate()
2014-07-25 16:53:45.476 39121 TRACE heat.engine.parser   File "/usr/lib/python2.6/site-packages/heat/engine/resources/server.py", line 872, in validate
2014-07-25 16:53:45.476 39121 TRACE heat.engine.parser     super(Server, self).validate()
2014-07-25 16:53:45.476 39121 TRACE heat.engine.parser   File "/usr/lib/python2.6/site-packages/heat/engine/resource.py", line 646, in validate
2014-07-25 16:53:45.476 39121 TRACE heat.engine.parser     return self.properties.validate()
2014-07-25 16:53:45.476 39121 TRACE heat.engine.parser   File "/usr/lib/python2.6/site-packages/heat/engine/properties.py", line 313, in validate
2014-07-25 16:53:45.476 39121 TRACE heat.engine.parser     raise exception.StackValidationFailed(message=msg)
2014-07-25 16:53:45.476 39121 TRACE heat.engine.parser StackValidationFailed: Property error : server1: image The service catalog is empty.
2014-07-25 16:53:45.476 39121 TRACE heat.engine.parser 
2014-07-25 16:53:45.477 39121 DEBUG heat.openstack.common.rpc.amqp [req-e4a09015-fea3-4805-a344-72198a5cfd5d None] Expected exception during message handling (Property error : server1: image The service catalog is empty.) _process_data /usr/lib/python2.6/site-packages/heat/openstack/common/rpc/amqp.py:473

Version-Release number of selected component (if applicable):
Centos/RHEL 6.5 fully up to date
openstack-keystone-2014.1.1-1

How reproducible:
Always.

Steps to Reproduce:
1. Configure keystone to use file backed catalog driver:
grep -i catalog /etc/keystone/keystone.conf
[catalog]
template_file=/etc/keystone/catalog.templates
driver=keystone.catalog.backends.templated.Catalog

2. Updates your endpoints in /etc/keystone/catalog.templates
3. Restart keystone
4. In heat, create a stack, and it will fail with the above error message.


Actual results:
 "Expected exception during message handling (Property error : server1: image The service catalog is empty.)"
The response received from keystone by heat-engine is:
 RESP: [201] {'x-subject-token': 'MIID5gYJKoZIhvcNAQcCoIID1zCCA9MCAQExCTAHBgUrDgMCGjCCAh8GCSqGSIb3DQEHAaCCAhAEggIMeyJ0b2tlbiI6IHsibWV0aG9kcyI6IFsidG9rZW4iXSwgInJvbGVzIjogW3siaWQiOiAiOWZlMmZmOWVlNDM4NGIxODk0YTkwODc4ZDNlOTJiYWIiLCAibmFtZSI6ICJfbWVtYmVyXyJ9LCB7ImlkIjogImRiYTU5OTBiOTYxYjQwYTdiNjUwOTQ2OWE4MDJjZGE1IiwgIm5hbWUiOiAiYWRtaW4ifV0sICJleHBpcmVzX2F0IjogIjIwMTQtMDctMjVUMDk6NTM6NDQuMDAwMDAwWiIsICJwcm9qZWN0IjogeyJkb21haW4iOiB7ImlkIjogImRlZmF1bHQiLCAibmFtZSI6ICJEZWZhdWx0In0sICJpZCI6ICI0NWU3NWRiMTc3ZjI0MDk0ODY1YjBhNjQwOGUyN2E0YiIsICJuYW1lIjogImFkbWluIn0sICJjYXRhbG9nIjoge30sICJleHRyYXMiOiB7fSwgInVzZXIiOiB7ImRvbWFpbiI6IHsiaWQiOiAiZGVmYXVsdCIsICJuYW1lIjogIkRlZmF1bHQifSwgImlkIjogIjliN2ViNjQ0YTYzNzQ3YTY4OGY0Y2RhMWNiOGQ0ZjZlIiwgIm5hbWUiOiAiYWRtaW4ifSwgImlzc3VlZF9hdCI6ICIyMDE0LTA3LTI1VDA4OjUzOjQ1LjM2ODM0M1oifX0xggGeMIIBmgIBATB5MHQxCzAJBgNVBAYTAlNHMRIwEAYDVQQIDAlTaW5nYXBvcmUxEjAQBgNVBAcMCVNpbmdhcG9yZTEbMBkGA1UECgwSS2liaW4gTGFicyBQdGUgTHRkMSAwHgYDVQQDDBdLZXlzdG9uZSBDQSBDZXJ0aWZpY2F0ZQIBADAHBgUrDgMCGjANBgkqhkiG9w0BAQEFAASCAQCsyjG6jVJHSXpHoYU9Zf0XiVlQHwbQmBbLI85RMWIdjxSX6Qq1pBp+UB3syGxd-J1q6J76XmCvbPSerxhar2vxtkzulljI9ltshOLGlfCaY7r8bIFOAdxD7XvQk8uL77KxfwBU8WzI9x30lsSQ7p2qJZSWyl4-F4nF3jmAaQzN6d3NWMGL8gY+Oeia048Xg+7SeuEJqvy0enGRaLjR+IBsh-SZLr1Dv9bn0hZ3S36oJ8vtf9+KRx7ogjbUULHQ1jVIL3wUuOYnYntpDHw7s650gFUqUW1YZJDeCthIkPUR6x3L5FECJvkCW9baVmicNNi4Hi8MK8PwWHXyjx1176WE', 'content-type': 'application/json', 'content-length': '524', 'vary': 'X-Auth-Token', 'date': 'Fri, 25 Jul 2014 08:53:45 GMT'}
RESP BODY: {"token": {"methods": ["token"], "roles": [{"id": "9fe2ff9ee4384b1894a90878d3e92bab", "name": "_member_"}, {"id": "dba5990b961b40a7b6509469a802cda5", "name": "admin"}], "expires_at": "2014-07-25T09:53:44.000000Z", "project": {"domain": {"id": "default", "name": "Default"}, "id": "45e75db177f24094865b0a6408e27a4b", "name": "admin"}, "catalog": {}, "extras": {}, "user": {"domain": {"id": "default", "name": "Default"}, "id": "9b7eb644a63747a688f4cda1cb8d4f6e", "name": "admin"}, "issued_at": "2014-07-25T08:53:45.368343Z"}}
 _send_request /usr/lib/python2.6/site-packages/keystoneclient/session.py:297

[You can see there's no catalog]

Expected results:
No error message.

Additional info:
A fixed has already be developed:
https://review.openstack.org/#/c/70630/
Patch was merged in master branch, but works perfectly well in icehouse branch.

Please find attached a patch to the latest openstack-keystone source rpm:
diffstat v3_catalogs.patch 
 0004-catalog-driver-generates-v3-catalog-from-v2-catalog.patch |  178 ++++++++++
 openstack-keystone.spec                                        |    8 
 2 files changed, 185 insertions(+), 1 deletion(-)

I've tested it and it fixes the issue with heat and empty catalogs.

Hope this helps.

Regards,
Fabrice.

Comment 1 Alan Pevec 2015-03-19 22:59:37 UTC

Backported to stable/icehouse and released in 2014.1.3

Comment 2 Alan Pevec 2015-03-19 23:32:52 UTC

Keystone 2014.1.4 update is https://review.gerrithub.io/221759

Comment 3 Mike Abrams 2015-11-17 06:05:17 UTC

can you elaborate on:
2. Updates your endpoints in /etc/keystone/catalog.templates

...also, what heat stack create command should i use to reproduce?

Comment 4 Alan Pevec 2015-11-25 17:54:31 UTC

RDO Icehouse is EOL but upstream fix https://review.openstack.org/#/q/I1646c7dcab90f2e0e9e370f48f7ee3643bd2fe3d,n,z has been merged and is available in the latest update.

But I'm not sure if templated catalog is recommended at all, Nathan?

Re. comment 3 - look at that file, it should be self-explaining.
Default is all localhost URLs, which need to be adjusted unless you have AIO setup.

Comment 5 Nathan Kinder 2016-01-20 01:26:18 UTC

(In reply to Alan Pevec from comment #4)
> But I'm not sure if templated catalog is recommended at all, Nathan?

The SQL backend is preferred, as it will let you manage the catalog endpoints via the API.

Note You need to log in before you can comment on or make changes to this bug.