1238862 – Heat cfn api not working properly

Bug 1238862 - Heat cfn api not working properly

Summary: Heat cfn api not working properly

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	rhosp-director
Sub Component:
Version:	Director
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	ga
Target Release:	Director
Assignee:	Ben Nemec
QA Contact:	Amit Ugol
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-07-02 20:24 UTC by Ben Nemec
Modified:	2023-02-22 23:02 UTC (History)
CC List:	6 users (show)
Fixed In Version:	openstack-tripleo-heat-templates-0.8.6-30.el7ost
Doc Type:	Bug Fix
Doc Text:	Deployed Overclouds configured the Heat CloudFormation API to use an auth_url pointing at localhost. However, Keystone does not listen on localhost. This caused an unusable Heat CloudFormation API. This fix changes the auth_url option in /etc/heat/heat.conf to the IP address where Keystone is listening on the Internal API network. The Heat CloudFormation API now functions correctly.
Clone Of:
Environment:
Last Closed:	2015-08-05 13:58:22 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
OpenStack gerrit	198805	0	None	MERGED	Configure Heat's ec2 auth uri correctly	2020-03-17 12:21:30 UTC
Red Hat Product Errata	RHEA-2015:1549	0	normal	SHIPPED_LIVE	Red Hat Enterprise Linux OpenStack Platform director Release	2015-08-05 17:49:10 UTC

Description Ben Nemec 2015-07-02 20:24:22 UTC

Description of problem: The Heat cfn api is configured to use an auth_url pointing at localhost, which does not work because Keystone does not listen on localhost.


Version-Release number of selected component (if applicable): 


How reproducible: Probably always


Steps to Reproduce:
1. Deploy using OSP director
2. Create Heat stack that boots an instance which needs os-collect-config to retrieve metadata from the CFN api.
3.

Actual results: 500 internal server error from CFN api.


Expected results: Metadata successfully retrieved.


Additional info: Value from heat.conf:

[ec2authtoken]
auth_uri = http://127.0.0.1:5000/v2.0/ec2tokens


Snippet from the Heat CFN API log:
2015-07-02 16:21:06.076 2191 DEBUG heat.api.middleware.version_negotiation [-] Processing request: GET /v1/ Accept: */* process_request /usr/lib/python2.7/site-packages/heat/api/middleware/version_negotiation.py:50
2015-07-02 16:21:06.076 2191 DEBUG heat.api.middleware.version_negotiation [-] Matched versioned URI. Version: 1.0 process_request /usr/lib/python2.7/site-packages/heat/api/middleware/version_negotiation.py:65
2015-07-02 16:21:06.077 2191 INFO heat.api.aws.ec2token [-] Checking AWS credentials..
2015-07-02 16:21:06.077 2191 INFO heat.api.aws.ec2token [-] AWS credentials found, checking against keystone.
2015-07-02 16:21:06.078 2191 INFO heat.api.aws.ec2token [-] Authenticating with http://127.0.0.1:5000/v2.0/ec2tokens
2015-07-02 16:21:06.080 2191 INFO eventlet.wsgi.server [-] Traceback (most recent call last):
  [snipped traceback]
ConnectionError: ('Connection aborted.', error(111, 'ECONNREFUSED'))
2015-07-02 16:21:06.081 2191 INFO eventlet.wsgi.server [-] 9.1.1.21 - - [02/Jul/2015 16:21:06] "GET /v1/?SignatureVersion=2&AWSAccessKeyId=9ae68f89f7fa46ba91469f92dc02a07a&StackName=baremetal-openstack_bmc_servers-hm6cljyxiyt2-0-npcvubg54y5i&SignatureMethod=HmacSHA256&Signature=pBEc%2BDmPdp%2B7zG1c0%2B%2F4sRQyHdAWu8i5dT3usV77CG0%3D&Action=DescribeStackResource&LogicalResourceId=OpenStackBMCServer HTTP/1.1" 500 2897 0.004833

Note the "Authenticating with http://127.0.0.1:5000/v2.0/ec2tokens"

Can be worked around by manually changing the address in heat.conf and restarting openstack-heat-api-cfn.

Comment 4 Amit Ugol 2015-08-02 17:02:55 UTC

parameter is set correctly now. tested on openstack-tripleo-heat-templates-0.8.6-45

Comment 6 errata-xmlrpc 2015-08-05 13:58:22 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2015:1549

Note You need to log in before you can comment on or make changes to this bug.