Bug 1303723 - Service heat does not have required endpoint in service catalog for the resource type OS::Heat::StructuredDeployment
Summary: Service heat does not have required endpoint in service catalog for the resou...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-heat
Version: 8.0 (Liberty)
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ga
: 8.0 (Liberty)
Assignee: Rabi Mishra
QA Contact: Omri Hochman
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-02-01 18:34 UTC by Jiri Stransky
Modified: 2016-04-27 05:22 UTC (History)
10 users (show)

Fixed In Version: openstack-heat-5.0.1-2.el7ost
Doc Type: Bug Fix
Doc Text:
Previously, heat would leave the context roles empty when loading the stored context. When signaling heat used the stored context (trust scoped token), and if the context did not have any roles, it failed. Consequently, the process failed with the error 'trustee has no delegated roles'. This fix addresses this issue by populating roles when loading the stored context. As a result, loading the auth ref, and populating the roles from the token will confirm that any RBAC performed on the context roles will work as expected, and that the stack update succeeds.
Clone Of:
Environment:
Last Closed: 2016-04-07 21:27:18 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
os-collect-config (380.98 KB, text/x-vhdl)
2016-02-01 18:34 UTC, Jiri Stransky 		no flags Details
heat-engine log snippet (10.36 KB, text/plain)
2016-02-01 18:36 UTC, Jiri Stransky 		no flags Details
heat-api-cfn 10k lines (2.65 MB, text/plain)
2016-02-01 18:43 UTC, Jiri Stransky 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2016:0603 0 normal SHIPPED_LIVE Red Hat OpenStack Platform 8 Enhancement Advisory 2016-04-08 00:53:53 UTC

Description Jiri Stransky 2016-02-01 18:34:57 UTC 
Created attachment 1120227 [details]
os-collect-config

Description of problem:

Hit when trying to upgrade from OSP 7 to OSP 8.

Os-collect-config is trying to report back to heat using the CFN API, but gets a 500 error response:

ResourceTypeUnavailable: Service heat does not have required endpoint in service catalog for the resource type OS::Heat::StructuredDeployment

Attaching relevant logs.


Heat version used:

[stack@instack ~]$ rpm -q openstack-heat-api openstack-heat-engine openstack-heat-common
openstack-heat-api-5.0.1-1.el7ost.noarch
openstack-heat-engine-5.0.1-1.el7ost.noarch
openstack-heat-common-5.0.1-1.el7ost.noarch
Comment 2 Jiri Stransky 2016-02-01 18:36:23 UTC 
Created attachment 1120228 [details]
heat-engine log snippet
Comment 3 Jiri Stransky 2016-02-01 18:43:24 UTC 
Created attachment 1120231 [details]
heat-api-cfn 10k lines
Comment 4 Jiri Stransky 2016-02-01 18:47:41 UTC 
Interesting is the error from the attached heat-engine log snippet:

2016-02-01 10:53:24.233 11434 ERROR heat.engine.resource Forbidden: Trustee has no delegated roles. (Disable debug mode to suppress these details.) (HTTP 403) (Request-ID: req-2223404b-43da-467d-8482-b3ec73bb18f8)

Is that something that could be fixed by some additional configuration of the undercloud? If so, please try to give some hints and retarget to instack-undercloud.
Comment 9 Amit Ugol 2016-04-07 17:10:11 UTC 
Following the internal mail thread, upgrades are working better now => this is verified.
Comment 10 errata-xmlrpc 2016-04-07 21:27:18 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-0603.html
Note You need to log in before you can comment on or make changes to this bug.