Bug 1238862 - Heat cfn api not working properly
Summary: Heat cfn api not working properly
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: rhosp-director
Version: Director
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ga
: Director
Assignee: Ben Nemec
QA Contact: Amit Ugol
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-07-02 20:24 UTC by Ben Nemec
Modified: 2015-08-05 13:58 UTC (History)
7 users (show)

Fixed In Version: openstack-tripleo-heat-templates-0.8.6-30.el7ost
Doc Type: Bug Fix
Doc Text:
Deployed Overclouds configured the Heat CloudFormation API to use an auth_url pointing at localhost. However, Keystone does not listen on localhost. This caused an unusable Heat CloudFormation API. This fix changes the auth_url option in /etc/heat/heat.conf to the IP address where Keystone is listening on the Internal API network. The Heat CloudFormation API now functions correctly.
Clone Of:
Environment:
Last Closed: 2015-08-05 13:58:22 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
OpenStack gerrit 198805 None None None Never
Red Hat Product Errata RHEA-2015:1549 normal SHIPPED_LIVE Red Hat Enterprise Linux OpenStack Platform director Release 2015-08-05 17:49:10 UTC

Description Ben Nemec 2015-07-02 20:24:22 UTC
Description of problem: The Heat cfn api is configured to use an auth_url pointing at localhost, which does not work because Keystone does not listen on localhost.


Version-Release number of selected component (if applicable): 


How reproducible: Probably always


Steps to Reproduce:
1. Deploy using OSP director
2. Create Heat stack that boots an instance which needs os-collect-config to retrieve metadata from the CFN api.
3.

Actual results: 500 internal server error from CFN api.


Expected results: Metadata successfully retrieved.


Additional info: Value from heat.conf:

[ec2authtoken]
auth_uri = http://127.0.0.1:5000/v2.0/ec2tokens


Snippet from the Heat CFN API log:
2015-07-02 16:21:06.076 2191 DEBUG heat.api.middleware.version_negotiation [-] Processing request: GET /v1/ Accept: */* process_request /usr/lib/python2.7/site-packages/heat/api/middleware/version_negotiation.py:50
2015-07-02 16:21:06.076 2191 DEBUG heat.api.middleware.version_negotiation [-] Matched versioned URI. Version: 1.0 process_request /usr/lib/python2.7/site-packages/heat/api/middleware/version_negotiation.py:65
2015-07-02 16:21:06.077 2191 INFO heat.api.aws.ec2token [-] Checking AWS credentials..
2015-07-02 16:21:06.077 2191 INFO heat.api.aws.ec2token [-] AWS credentials found, checking against keystone.
2015-07-02 16:21:06.078 2191 INFO heat.api.aws.ec2token [-] Authenticating with http://127.0.0.1:5000/v2.0/ec2tokens
2015-07-02 16:21:06.080 2191 INFO eventlet.wsgi.server [-] Traceback (most recent call last):
  [snipped traceback]
ConnectionError: ('Connection aborted.', error(111, 'ECONNREFUSED'))
2015-07-02 16:21:06.081 2191 INFO eventlet.wsgi.server [-] 9.1.1.21 - - [02/Jul/2015 16:21:06] "GET /v1/?SignatureVersion=2&AWSAccessKeyId=9ae68f89f7fa46ba91469f92dc02a07a&StackName=baremetal-openstack_bmc_servers-hm6cljyxiyt2-0-npcvubg54y5i&SignatureMethod=HmacSHA256&Signature=pBEc%2BDmPdp%2B7zG1c0%2B%2F4sRQyHdAWu8i5dT3usV77CG0%3D&Action=DescribeStackResource&LogicalResourceId=OpenStackBMCServer HTTP/1.1" 500 2897 0.004833

Note the "Authenticating with http://127.0.0.1:5000/v2.0/ec2tokens"

Can be worked around by manually changing the address in heat.conf and restarting openstack-heat-api-cfn.

Comment 4 Amit Ugol 2015-08-02 17:02:55 UTC
parameter is set correctly now. tested on openstack-tripleo-heat-templates-0.8.6-45

Comment 6 errata-xmlrpc 2015-08-05 13:58:22 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2015:1549


Note You need to log in before you can comment on or make changes to this bug.