Bug 1166295 - Permission issue refreshing OSP 5
Summary: Permission issue refreshing OSP 5
Keywords:
Status: CLOSED DUPLICATE of bug 1165305
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Appliance
Version: 5.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: GA
: 5.4.0
Assignee: Josh Carter
QA Contact: Dave Johnson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-11-20 18:15 UTC by Bill Helgeson
Modified: 2015-03-16 22:16 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-12-08 15:07:38 UTC
Category: ---
Cloudforms Team: ---
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Bill Helgeson 2014-11-20 18:15:45 UTC 
Description of problem: We have a fresh install it seems that validate workes fine as admin user however refresh is using a different tenant id than admin.

 
               I am receiving the below error when connecting cloudforms to osp. I am using the admin username and password. The credentials validate successfully using the cloudforms validate button. debug emails copied below.
 
 
This log is from a ui after the inventory was invoked.
 
[----] E, [2014-11-20T16:27:18.883089 #1935:1246804] ERROR -- : <Fog> excon.error     #<Excon::Errors::Unauthorized: Expected([200, 204]) <=> Actual(401 Unauthorized)
  response => #<Excon::Response:0x0000000ae2d8f8 @data={:body=>"{\"error\": {\"message\": \"The request you have made requires authentication.\", \"code\": 401, \"title\": \"Unauthorized\"}}", :headers=>{"Www-Authenticate"=>"Keystone uri=\"http://10.21.148.90:5000\"", "Vary"=>"X-Auth-Token", "Content-Type"=>"application/json", "Content-Length"=>"114", "Date"=>"Thu, 20 Nov 2014 16:27:15 GMT"}, :status=>401, :remote_ip=>"10.21.148.90"}, @body="{\"error\": {\"message\": \"The request you have made requires authentication.\", \"code\": 401, \"title\": \"Unauthorized\"}}", @headers={"Www-Authenticate"=>"Keystone uri=\"http://10.21.148.90:5000\"", "Vary"=>"X-Auth-Token", "Content-Type"=>"application/json", "Content-Length"=>"114", "Date"=>"Thu, 20 Nov 2014 16:27:15 GMT"}, @status=401, @remote_ip="10.21.148.90">>
 
 
This log is from a worker after the inventory was invoked.
[----] E, [2014-11-20T11:26:16.698546 #30603:b6308c] ERROR -- : <Fog> excon.error     #<Excon::Errors::Unauthorized: Expected([200, 204]) <=> Actual(401 Unauthorized)
[----] E, [2014-11-20T11:26:29.063776 #30603:b6308c] ERROR -- : <Fog> excon.error     #<Excon::Errors::Unauthorized: Expected([200, 204]) <=> Actual(401 Unauthorized)
[----] E, [2014-11-20T11:26:38.414619 #30603:b6308c] ERROR -- : MIQ(MiqQueue.deliver)    Message id: [70000000015949], Error: [undefined method `[]' for nil:NilClass]
[----] E, [2014-11-20T11:26:38.414731 #30603:b6308c] ERROR -- : [NoMethodError]: undefined method `[]' for nil:NilClass  Method:[rescue in deliver]
[----] E, [2014-11-20T11:26:38.414781 #30603:b6308c] ERROR -- : /var/www/miq/vmdb/app/models/ems_refresh/parsers/openstack.rb:426:in `block in parse_volume'
[----] E, [2014-11-20T13:26:37.740267 #3015:3a6088] ERROR -- : <Fog> excon.error     #<Excon::Errors::Unauthorized: Expected([200, 204]) <=> Actual(401 Unauthorized)
[----] E, [2014-11-20T13:26:50.040027 #3015:3a6088] ERROR -- : <Fog> excon.error     #<Excon::Errors::Unauthorized: Expected([200, 204]) <=> Actual(401 Unauthorized)
[----] E, [2014-11-20T13:26:59.484912 #3015:3a6088] ERROR -- : MIQ(MiqQueue.deliver)    Message id: [70000000018044], Error: [undefined method `[]' for nil:NilClass]
[----] E, [2014-11-20T13:26:59.485052 #3015:3a6088] ERROR -- : [NoMethodError]: undefined method `[]' for nil:NilClass  Method:[rescue in deliver]
[----] E, [2014-11-20T13:26:59.485104 #3015:3a6088] ERROR -- : /var/www/miq/vmdb/app/models/ems_refresh/parsers/openstack.rb:426:in `block in parse_volume'
[----] E, [2014-11-20T15:26:55.649482 #7898:4ef87c] ERROR -- : <Fog> excon.error     #<Excon::Errors::Unauthorized: Expected([200, 204]) <=> Actual(401 Unauthorized)
[----] E, [2014-11-20T15:27:06.946184 #7898:4ef87c] ERROR -- : <Fog> excon.error     #<Excon::Errors::Unauthorized: Expected([200, 204]) <=> Actual(401 Unauthorized)
[----] E, [2014-11-20T15:27:14.187247 #7898:4ef87c] ERROR -- : MIQ(MiqQueue.deliver)    Message id: [70000000020161], Error: [undefined method `[]' for nil:NilClass]
[----] E, [2014-11-20T15:27:14.187396 #7898:4ef87c] ERROR -- : [NoMethodError]: undefined method `[]' for nil:NilClass  Method:[rescue in deliver]
[----] E, [2014-11-20T15:27:14.187447 #7898:4ef87c] ERROR -- : /var/www/miq/vmdb/app/models/ems_refresh/parsers/openstack.rb:426:in `block in parse_volume'
[----] E, [2014-11-20T15:34:56.032232 #7898:4ef87c] ERROR -- : <Fog> excon.error     #<Excon::Errors::Unauthorized: Expected([200, 204]) <=> Actual(401 Unauthorized)
[----] E, [2014-11-20T15:34:59.209804 #7898:4ef87c] ERROR -- : MIQ(MiqQueue.deliver)    Message id: [70000000020306], Error: [undefined method `[]' for nil:NilClass]
[----] E, [2014-11-20T15:34:59.209913 #7898:4ef87c] ERROR -- : [NoMethodError]: undefined method `[]' for nil:NilClass  Method:[rescue in deliver]
[----] E, [2014-11-20T15:34:59.209961 #7898:4ef87c] ERROR -- : /var/www/miq/vmdb/app/models/ems_refresh/parsers/openstack.rb:426:in `block in parse_volume'
 

I see the following:
 
2014-11-20 16:32:48.991 30483 WARNING keystone.token.controllers [-] User b69398f579d64121b057c36764b3d315 is unauthorized for
tenant ed3e66082fcf433ba9d644dbc9f97f3e
2014-11-20 16:32:48.992 30483 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authen
tication. from 172.17.10.23
 
I will decode and get back to you.

The user you are using below is admin but the tenant you’re trying to validate against is the service tenant, you should be using the uuid for admin tenant.
 
+----------------------------------+----------+---------+
|                id                |   name   | enabled |
+----------------------------------+----------+---------+
| e07cc4ae77dc4ac48ffffbbede98dbe7 |  admin   |   True  |
| ed3e66082fcf433ba9d644dbc9f97f3e | services |   True  |
+----------------------------------+----------+---------+
 
 
2014-11-20 16:32:48.991 30483 WARNING keystone.token.controllers [-] User b69398f579d64121b057c36764b3d315 is unauthorized for
tenant ed3e66082fcf433ba9d644dbc9f97f3e
2014-11-20 16:32:48.992 30483 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authen
tication. from 172.17.10.23


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 Josh Carter 2014-11-20 21:06:34 UTC 
Hi, 

Looks like a openstack volume error. 


Replace the following section in /var/www/miq/vmdb/app/models/ems_refresh/parsers/openstack.rb

   def parse_volume(volume)
      if (attachment = volume.attachments.first)
        server_id = attachment["server_id"]
        vm = @data_index.fetch_path(:vms, server_id)
      end
      uid = volume.id
      new_result = {
        :ems_ref           => uid,
        :name              => volume.display_name,
        :status            => volume.status,
        :bootable          => volume.attributes['bootable'],
        :creation_time     => volume.created_at,
        :description       => volume.display_description,
        :volume_type       => volume.volume_type,
        :snapshot_uid      => volume.snapshot_id,
        :size              => volume.size.to_i.gigabytes,
        :tenant            => @data_index.fetch_path(:cloud_tenants, volume.attributes['os-vol-tenant-attr:tenant_id']),
        :availability_zone => @data_index.fetch_path(:availability_zones, volume.availability_zone || "null_az"),
      }

      volume.attachments.each do |a|
        dev = File.basename(a['device'])
        vm = @data_index.fetch_path(:vms, a['server_id'])
        disks = vm[:hardware][:disks]

        if (disk = disks.detect { |d| d[:location] == dev })
          disk[:size] = new_result[:size]
        else
          disk = add_instance_disk(disks, new_result[:size], dev, "OpenStack Volume")
        end

        if disk
          disk[:backing]      = new_result
          disk[:backing_type] = 'CloudVolume'
        end
      end

      return uid, new_result
    end

with https://github.com/ManageIQ/manageiq/blob/master/vmdb/app/models/ems_refresh/parsers/openstack.rb#L394-L435


Add the following line. 

https://github.com/ManageIQ/manageiq/blob/master/vmdb/app/models/ems_refresh/parsers/openstack.rb#L395


restart the evmserverd and then issue a refresh relationship and power states on the openstack env.
Comment 4 Josh Carter 2014-12-08 15:07:38 UTC 

*** This bug has been marked as a duplicate of bug 1165305 ***
Note You need to log in before you can comment on or make changes to this bug.