Description of problem: The Heat cfn api is configured to use an auth_url pointing at localhost, which does not work because Keystone does not listen on localhost.
Version-Release number of selected component (if applicable):
How reproducible: Probably always
Steps to Reproduce:
1. Deploy using OSP director
2. Create Heat stack that boots an instance which needs os-collect-config to retrieve metadata from the CFN api.
Actual results: 500 internal server error from CFN api.
Expected results: Metadata successfully retrieved.
Additional info: Value from heat.conf:
auth_uri = http://127.0.0.1:5000/v2.0/ec2tokens
Snippet from the Heat CFN API log:
2015-07-02 16:21:06.076 2191 DEBUG heat.api.middleware.version_negotiation [-] Processing request: GET /v1/ Accept: */* process_request /usr/lib/python2.7/site-packages/heat/api/middleware/version_negotiation.py:50
2015-07-02 16:21:06.076 2191 DEBUG heat.api.middleware.version_negotiation [-] Matched versioned URI. Version: 1.0 process_request /usr/lib/python2.7/site-packages/heat/api/middleware/version_negotiation.py:65
2015-07-02 16:21:06.077 2191 INFO heat.api.aws.ec2token [-] Checking AWS credentials..
2015-07-02 16:21:06.077 2191 INFO heat.api.aws.ec2token [-] AWS credentials found, checking against keystone.
2015-07-02 16:21:06.078 2191 INFO heat.api.aws.ec2token [-] Authenticating with http://127.0.0.1:5000/v2.0/ec2tokens
2015-07-02 16:21:06.080 2191 INFO eventlet.wsgi.server [-] Traceback (most recent call last):
ConnectionError: ('Connection aborted.', error(111, 'ECONNREFUSED'))
2015-07-02 16:21:06.081 2191 INFO eventlet.wsgi.server [-] 18.104.22.168 - - [02/Jul/2015 16:21:06] "GET /v1/?SignatureVersion=2&AWSAccessKeyId=9ae68f89f7fa46ba91469f92dc02a07a&StackName=baremetal-openstack_bmc_servers-hm6cljyxiyt2-0-npcvubg54y5i&SignatureMethod=HmacSHA256&Signature=pBEc%2BDmPdp%2B7zG1c0%2B%2F4sRQyHdAWu8i5dT3usV77CG0%3D&Action=DescribeStackResource&LogicalResourceId=OpenStackBMCServer HTTP/1.1" 500 2897 0.004833
Note the "Authenticating with http://127.0.0.1:5000/v2.0/ec2tokens"
Can be worked around by manually changing the address in heat.conf and restarting openstack-heat-api-cfn.
parameter is set correctly now. tested on openstack-tripleo-heat-templates-0.8.6-45
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.