Bug 1238862 – Heat cfn api not working properly

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1238862 - Heat cfn api not working properly

Summary:	Heat cfn api not working properly

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	rhosp-director (Show other bugs)
Sub Component:
Version:	Director
Hardware:	Unspecified Unspecified

Priority	unspecified Severity unspecified
Target Milestone:	ga
Target Release:	Director
Assigned To:	Ben Nemec
QA Contact:	Amit Ugol
Docs Contact:

URL:
Whiteboard:
Keywords:	Triaged

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2015-07-02 16:24 EDT by Ben Nemec
Modified:	2015-08-05 09:58 EDT (History)
CC List:	7 users (show)

See Also:
Fixed In Version:	openstack-tripleo-heat-templates-0.8.6-30.el7ost
Doc Type:	Bug Fix
Doc Text:	Deployed Overclouds configured the Heat CloudFormation API to use an auth_url pointing at localhost. However, Keystone does not listen on localhost. This caused an unusable Heat CloudFormation API. This fix changes the auth_url option in /etc/heat/heat.conf to the IP address where Keystone is listening on the Internal API network. The Heat CloudFormation API now functions correctly.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2015-08-05 09:58:22 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
OpenStack gerrit	198805	None	None	None	Never
Red Hat Product Errata	RHEA-2015:1549	normal	SHIPPED_LIVE	Red Hat Enterprise Linux OpenStack Platform director Release	2015-08-05 13:49:10 EDT

Groups: None (edit)

Description Ben Nemec 2015-07-02 16:24:22 EDT

Description of problem: The Heat cfn api is configured to use an auth_url pointing at localhost, which does not work because Keystone does not listen on localhost.


Version-Release number of selected component (if applicable): 


How reproducible: Probably always


Steps to Reproduce:
1. Deploy using OSP director
2. Create Heat stack that boots an instance which needs os-collect-config to retrieve metadata from the CFN api.
3.

Actual results: 500 internal server error from CFN api.


Expected results: Metadata successfully retrieved.


Additional info: Value from heat.conf:

[ec2authtoken]
auth_uri = http://127.0.0.1:5000/v2.0/ec2tokens


Snippet from the Heat CFN API log:
2015-07-02 16:21:06.076 2191 DEBUG heat.api.middleware.version_negotiation [-] Processing request: GET /v1/ Accept: */* process_request /usr/lib/python2.7/site-packages/heat/api/middleware/version_negotiation.py:50
2015-07-02 16:21:06.076 2191 DEBUG heat.api.middleware.version_negotiation [-] Matched versioned URI. Version: 1.0 process_request /usr/lib/python2.7/site-packages/heat/api/middleware/version_negotiation.py:65
2015-07-02 16:21:06.077 2191 INFO heat.api.aws.ec2token [-] Checking AWS credentials..
2015-07-02 16:21:06.077 2191 INFO heat.api.aws.ec2token [-] AWS credentials found, checking against keystone.
2015-07-02 16:21:06.078 2191 INFO heat.api.aws.ec2token [-] Authenticating with http://127.0.0.1:5000/v2.0/ec2tokens
2015-07-02 16:21:06.080 2191 INFO eventlet.wsgi.server [-] Traceback (most recent call last):
  [snipped traceback]
ConnectionError: ('Connection aborted.', error(111, 'ECONNREFUSED'))
2015-07-02 16:21:06.081 2191 INFO eventlet.wsgi.server [-] 9.1.1.21 - - [02/Jul/2015 16:21:06] "GET /v1/?SignatureVersion=2&AWSAccessKeyId=9ae68f89f7fa46ba91469f92dc02a07a&StackName=baremetal-openstack_bmc_servers-hm6cljyxiyt2-0-npcvubg54y5i&SignatureMethod=HmacSHA256&Signature=pBEc%2BDmPdp%2B7zG1c0%2B%2F4sRQyHdAWu8i5dT3usV77CG0%3D&Action=DescribeStackResource&LogicalResourceId=OpenStackBMCServer HTTP/1.1" 500 2897 0.004833

Note the "Authenticating with http://127.0.0.1:5000/v2.0/ec2tokens"

Can be worked around by manually changing the address in heat.conf and restarting openstack-heat-api-cfn.

Comment 4 Amit Ugol 2015-08-02 13:02:55 EDT

parameter is set correctly now. tested on openstack-tripleo-heat-templates-0.8.6-45

Comment 6 errata-xmlrpc 2015-08-05 09:58:22 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2015:1549

Note You need to log in before you can comment on or make changes to this bug.