Description of problem: ----------------------- The keystone methods to get a client with a trust is broken, and simply use service credentials while ignoring the trust. We can't load the options directly from the configuration, we need to build a auth plugin manually. Version-Release number of selected component (if applicable): ------------------------------------------------------------- openstack-aodh-evaluator-2.0.3-2.el7ost.noarch python-aodh-2.0.3-2.el7ost.noarch openstack-aodh-notifier-2.0.3-2.el7ost.noarch openstack-aodh-common-2.0.3-2.el7ost.noarch openstack-aodh-api-2.0.3-2.el7ost.noarch openstack-aodh-listener-2.0.3-2.el7ost.noarch python-aodhclient-0.5.0-1.el7ost.noarch
*** Bug 1363888 has been marked as a duplicate of this bug. ***
State of this: * We backport the workaround about keystoneauth ignoring the trust_id https://review.openstack.org/#/c/351029/ * We make this backport working when auth-type = password-aodh-legacy https://review.openstack.org/#/c/351068/ * We test it upstream in our gate integration job: https://review.openstack.org/#/c/351221/ (It works but auth-type = password) Now that still won't work with aodh configured by OSPd, so something else occurs or the fix https://review.openstack.org/#/c/351068/ don't work as expected.
If the fixes are good enough, updating the package to Aodh 2.0.4 (which has the backports Mehdi did) should be enough. The upstream release is being pushed at https://review.openstack.org/354712 Once that's done, the package can be updated.
We need to wait next 2.0.5 upstream release once https://review.openstack.org/#/c/365640/ have been merged.
*** Bug 1367138 has been marked as a duplicate of this bug. ***
2.0.5 will be released upstream soon, with the fix https://review.openstack.org/#/c/368068/
Verified with packages: ----------------------- openstack-aodh-api-2.0.5-1.el7ost.noarch openstack-aodh-evaluator-2.0.5-1.el7ost.noarch openstack-aodh-common-2.0.5-1.el7ost.noarch openstack-aodh-listener-2.0.5-1.el7ost.noarch python-aodh-2.0.5-1.el7ost.noarch openstack-aodh-notifier-2.0.5-1.el7ost.noarch Alarm actions : --------------- 'trust+http://a743e2562d8f4e9aa368b8cf1c418c01:delete@192.0.2.15:8004/v1/0848f706d3f54bd1ae6c49770be6927c/stacks/my-stack/9399c2a8-7714-4251-a5cc-79cb9872f746/resources/web_server_scaledown_policy/signal' 'trust+http://ae8e6d2e1d7b4fddb6e28aafbc6af713:delete@192.0.2.15:8004/v1/0848f706d3f54bd1ae6c49770be6927c/stacks/my-stack/9399c2a8-7714-4251-a5cc-79cb9872f746/resources/web_server_scaleup_policy/signal' Excerpt from heat-api.log: -------------------------- 2016-09-15 14:54:06.905 4658 INFO eventlet.wsgi.server [req-9db24e1a-a5da-4bec-90e2-9994b3732c3b - admin - default default] 192.0.2.19 - - [15/Sep/2016 14:54:06] "POST /v1/0848f706d3f54bd1ae6c49770be6927c/stacks/my-stack/9399c2a8-7714-4251-a5cc-79cb9872f746/resources/web_server_scaleup_policy/signal HTTP/1.1" 200 192 0.654613 ... 2016-09-15 15:22:08.930 9816 INFO eventlet.wsgi.server [req-da17452d-015d-4d0a-b63a-e765c033d8b1 - admin - default default] 192.0.2.19 - - [15/Sep/2016 15:22:08] "POST /v1/0848f706d3f54bd1ae6c49770be6927c/stacks/my-stack/9399c2a8-7714-4251-a5cc-79cb9872f746/resources/web_server_scaledown_policy/signal HTTP/1.1" 200 192 0.562805
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-1915.html