Description of problem: When I was verifying bug 1244331, I created a tenant with its own user and then also added the admin user, that is used to manage it from CFME, as a member. Then the inventory refresh ends with an error. When the admin is set also as admin of that tenant, the problem is gone. I believe it should either be documented that the managing user must be an admin in tenants that it is member of (I did not see that in documentation PDF of the appliance), or the CFME should know about this and write a meaningful message in the error field of provider summary. Version-Release number of selected component (if applicable): 5.4.1.0 / RHOS puddle for TripleO from last week. Also RHOS 6 GA. How reproducible: always Steps to Reproduce: 1. Besides of your original stuff in RHOS, create a tenant. 2. Assign also admin user of RHOS to the tenant as a member (that is by default when doing it via RHOS UI) 3. Try adding it in CFME and wait for inventory refresh Actual results: undefined method `directories' for nil:NilClass If you then also add admin role for the admin user for that tenant, it will start working again. Expected results: Either no error or a warning that the admin user must have an admin role in that tenant. Additional info:
Milan, can you attach the evm.log or point to the appliance where this can be reproduced? Thanks!
From long term, it should be solved by this https://github.com/ManageIQ/manageiq/pull/3278 this line https://github.com/Ladas/manageiq/blob/openstack_handle_pagination_and_multitenancy_in_a_generic_way/gems/pending/openstack/openstack_handle/handled_list.rb#L20 I might do also small backportable fix if needed
I checked it and https://github.com/ManageIQ/manageiq/pull/3278 is fixing this issue @Greg is that enough, or you want also small backportable fix?
@ladas, sorry I missed this needinfo on me. Yeah, I think we'll need a backportable fix for this. I'll look at targeting a fix for this upstream and backporting it to 5.4.z. You'll have to rebase your larger pagination fix on that.
https://github.com/ManageIQ/manageiq/pull/4088
https://github.com/ManageIQ/manageiq/pull/4088 from comment #8 happens to be the smaller, more backportable, fix. And, the one I'm targeting for 5.4.z with bug #1257734.
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/5d1e28d8937ed540d029541030fd065a0ed49a17 commit 5d1e28d8937ed540d029541030fd065a0ed49a17 Author: Greg Blomquist <gblomqui> AuthorDate: Thu Aug 27 15:55:53 2015 -0400 Commit: Greg Blomquist <gblomqui> CommitDate: Thu Aug 27 16:32:37 2015 -0400 [OpenStack] Handle missing services better Administrators can configure OpenStack tenants and users in such a way that restricts access to certain services on certain tenants. The `OpenstackHandle#detect_service` method handled this by returning `nil` when it could not connect to the appropriate service. However, several callers were not handling the `nil` response properly. Now, at least callers to `OpenstackHandle#service_for_each_accessible_tenant` will only have their block called when the requested service is actually available for the tenant. Otherwise, a warning will be logged, and that iteration of the `service_for_each_accessible_tenant` will be skipped. https://bugzilla.redhat.com/show_bug.cgi?id=1245511 gems/pending/openstack/openstack_handle/handle.rb | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-)
https://github.com/ManageIQ/manageiq/pull/4128
https://github.com/ManageIQ/manageiq/pull/3978
https://github.com/ManageIQ/manageiq/pull/4262
New commit detected on cfme/5.4.z: https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=da6ae33b472e49d006ac89d83bbb6da97b1c1a8d commit da6ae33b472e49d006ac89d83bbb6da97b1c1a8d Merge: 34e1cc4 0086b8c Author: Gregg Tanzillo <gtanzill> AuthorDate: Mon Sep 28 15:04:36 2015 -0400 Commit: Gregg Tanzillo <gtanzill> CommitDate: Mon Sep 28 15:04:36 2015 -0400 Merge branch 'bz1257734-handle-missing-services-better' into '5.4.z' Handle missing services better Administrators can configure OpenStack tenants and users in such a way that restricts access to certain services on certain tenants. The `OpenstackHandle#detect_service` method handled this by returning `nil` when it could not connect to the appropriate service. However, several callers were not handling the `nil` response properly. Now, at least callers to `OpenstackHandle#service_for_each_accessible_tenant` will only have their block called when the requested service is actually available for the tenant. Otherwise, a warning will be logged, and that iteration of the `service_for_each_accessible_tenant` will be skipped. Upstream PR: https://github.com/ManageIQ/manageiq/pull/4088 Clean merge with: git am --directory=lib -p3 0001-OpenStack-Handle-missing-services-better.patch https://bugzilla.redhat.com/show_bug.cgi?id=1245511 https://bugzilla.redhat.com/show_bug.cgi?id=1257734 See merge request !268 lib/openstack/openstack_handle/handle.rb | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-)
New commit detected on cfme/5.4.z: https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=0086b8c10c0276642adb48e596ad61452d3e764b commit 0086b8c10c0276642adb48e596ad61452d3e764b Author: Greg Blomquist <gblomqui> AuthorDate: Thu Aug 27 15:55:53 2015 -0400 Commit: Greg Blomquist <gblomqui> CommitDate: Mon Sep 28 09:56:43 2015 -0400 Handle missing services better Administrators can configure OpenStack tenants and users in such a way that restricts access to certain services on certain tenants. The `OpenstackHandle#detect_service` method handled this by returning `nil` when it could not connect to the appropriate service. However, several callers were not handling the `nil` response properly. Now, at least callers to `OpenstackHandle#service_for_each_accessible_tenant` will only have their block called when the requested service is actually available for the tenant. Otherwise, a warning will be logged, and that iteration of the `service_for_each_accessible_tenant` will be skipped. https://bugzilla.redhat.com/show_bug.cgi?id=1245511 https://bugzilla.redhat.com/show_bug.cgi?id=1257734 lib/openstack/openstack_handle/handle.rb | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-)
Verified in 5.5.0.3. When admin users is member of tenant, but just a member, the refresh works fine. Verified against 5.4.1.0/RHOS6, where that error appeared.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2015:2551