Bug 1420856 - If the first OSP tenant returned to cloudforms is disabled , Cloudforms will fail to authenticate against openstack
Summary: If the first OSP tenant returned to cloudforms is disabled , Cloudforms will ...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Providers
Version: 5.7.0
Hardware: All
OS: All
medium
medium
Target Milestone: GA
: cfme-future
Assignee: Marek Aufart
QA Contact: Omri Hochman
URL:
Whiteboard: openstack
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-02-09 16:08 UTC by Felix Dewaleyne
Modified: 2020-12-14 08:09 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-09-13 18:38:15 UTC
Category: ---
Cloudforms Team: Openstack
Target Upstream Version:
okolisny: needinfo+


Attachments (Terms of Use)
patch for controllers.py suggested by customer (613 bytes, text/plain)
2017-02-09 16:08 UTC, Felix Dewaleyne
no flags Details

Description Felix Dewaleyne 2017-02-09 16:08:31 UTC
Created attachment 1248858 [details]
patch for controllers.py suggested by customer

Description of problem:
If the first provider returned to cloudforms is disabled , Cloudforms will fail to authenticate against openstack

Version-Release number of selected component (if applicable):
cfme-5.7.0.17-1

How reproducible:
all the time

Steps to Reproduce:
1.disable the first tenant returned to Cloudforms by openstack
2.
3.

Actual results:
     

Click to Open Sidebar 
	Content Starts Here
Case
Case
01787535
 
Customize Page | Printable View | Help for this Page
Stop following this case to stop receiving updates in your feed.FollowingStop following this case to stop receiving updates in your feed.
Case History1+ | Negotiated Entitlement Processes0 | Bugzilla Tickets0 | Case Comments13 | Case Summary0 | Linked Resources1 | Action Plan0
Case Detail
	
Case Owner	Felix DewaleyneFelix Dewaleyne [Change]	Product	Red Hat CloudForms
Case Number	01787535 [View Hierarchy]	Version	4.2
Status	Waiting on Red Hat	Severity	3 (Normal)
Internal Status	Waiting on Owner	Priority Score	552
SBR Group	CFME	Case Origin	Web
Needs New Owner	 	Type	Other
Created By	Beal, James (2017-02-07 14:29:24Z)	Case Language	en
Last Update By	Felix Dewaleyne (2017-02-09 10:42:44Z)	Parent Case	 
Hours in current status	5.29	Push to Partner	 
Last Closed At	 	External Handling System	 
In Customer Business Hours 	Checked 	Case Automation Enabled 	Checked
Hide Section - Entitlement InformationEntitlement Information
SBT	1,432	Entitlement Name	Premium: Red Hat Satellite (Academic Edition)
TargetDate	10/02/2017 15:52	Initial Service Level	PREMIUM
 	 	SBT State	Not Breached
Hide Section - Account InformationAccount Information
Account Name	Wellcome Trust Sanger Institute	Contact Name	James Beal
Account Number	5591858	Case Group	 
Business Hours	Europe/Paris	Alternate Case Id	 
24x7	Not Checked	24x7 Handover Ready	Not Checked
24x7 Contact Info	 	 	 
Customer Engagement Scorecard	Customer Engagement Scorecard	 	 
Hide Section - Description InformationDescription Information
Problem Statement	cloudforms can no longer log in to openstack provider.
Description	

The userinterface on the provider declares that the credentials are now invalid.

I have tried to reenter them and it still continues to say this.

I will upload logs from the coudforms systems and the openstack contollers

Hide Section - TagsTags
 	
Negotiated Entitlement Processes
	
 
No records to display
Case History
	 	 
Date	User	Connection	Action
09/02/2017 10:42	Felix Dewaleyne	 	Changed Internal Status from Waiting on Customer to Waiting on Owner.
 	 	 	Changed Status from Waiting on Customer to Waiting on Red Hat.
09/02/2017 10:41	Felix Dewaleyne	 	Changed Internal Status from Waiting on Owner to Waiting on Customer.
 	 	 	Changed Status from Waiting on Red Hat to Waiting on Customer.
08/02/2017 13:37	Strata EAP6 2	 	Changed Internal Status from Waiting on Customer to Waiting on Owner.
Show more » | Go to list »
Actions
	 
          

Candidate for Red Hat InsightsGenerate Session KeySBT Report 

 
Customer Contacts
	
Action
	
Contact Name
Edit | Del	Jonathan Nicholson
Red Hat Associates
	
Action
	
User
	
Role
	
Office Status
Edit | Del	Saif Ali 	Contributor	
Bugzilla Tickets
	
No records to display
Linked Resources
	
Action	Resource	Type	Linked By
Unlink Edit Is Exact 	2916781 | Unable to connect Cloudforms to openstack if the first tenant of the openstack environment is disabled 	Solution	rhn-support-fdewaley
Suggested Resources
	 
Action	Resource	Category	Resource	Relevance
Link 	1257133 | How to collect logs for Red Hat CloudForms 3.1, 3.2? 	Text Analysis	Summary	
Link 	1354923 | Backup and Restore Database in CloudForms 3.x/4.x 	Text Analysis	Summary	
Link 	2018763 | How to put CloudForms in debug for Openstack issues 	Text Analysis	Summary	
Link 	1425843 | CloudForms 3.1/3.2 logs not rotating after upgrade 	Text Analysis	Summary	
Link 	650473 | How to collect logs via the command line for a Cloudforms appliance? 	Text Analysis	Summary	
FirstPrevious12NextLast
Search Resources
	 
Case Summary
	
Internal Case Notes - Use 'Action Plan' for information that is appropriate for customers.
	

No case summary to display.

Action Plan
	
Field is public - (i.e. Visible to customers)
	

No action plan to display.

Case Updates
	

#13 (Associate) Make PrivatePrivate Cannot set 'Helps Resolution' 0
Created By: Felix Dewaleyne  (09/02/2017 10:41) Last Modified By: Felix Dewaleyne  (09/02/2017 15:52)

Hi,

Sorry about the previous version of this update - I confused your case with another. This will allow me to open a bugzilla for this issue. 

Kind regards,
Félix

#12 (Customer) Make PrivatePrivate Helps Resolution? 0
Created By: James Beal  (08/02/2017 19:27)

This is a failed login ( with the top tenant disabled ).










[----] I, [2017-02-08T19:26:19.466424 #14155:1225140]  INFO -- : MIQ(MiqScheduleWorker::Runner#do_work) Number of scheduled items to be processed: 0.
[----] I, [2017-02-08T19:26:20.232944 #12608:1225140]  INFO -- : MIQ(MiqServer#populate_queue_messages) Fetched 2 miq_queue rows for queue_name=generic, wcount=6, priority=200
[----] I, [2017-02-08T19:26:24.577542 #12337:185b640]  INFO -- : MIQ(ManageIQ::Providers::Openstack::CloudManager#with_provider_connection) Connecting through ManageIQ::Providers::Openstack::CloudManager: [delta2_overcloud]
[----] E, [2017-02-08T19:26:24.769645 #12337:185b640] ERROR -- : <Fog> excon.error     #<Excon::Error::Unauthorized: Expected([200, 204]) <=> Actual(401 Unauthorized)
excon.error.response
  :body          => "{\"error\": {\"message\": \"The request you have made requires authentication.\", \"code\": 401, \"title\": \"Unauthorized\"}}"
  :cookies       => [
  ]
  :headers       => {
    "Content-Length"         => "114"
    "Content-Type"           => "application/json"
    "Date"                   => "Wed, 08 Feb 2017 19:26:25 GMT"
    "Vary"                   => "X-Auth-Token"
    "Www-Authenticate"       => "Keystone uri=\"http://172.27.66.32:5000\""
    "X-Openstack-Request-Id" => "req-f197926e-41f0-4d7b-b4f6-11e73ebaeb9d"
  }
  :host          => "delta.internal.sanger.ac.uk"
  :local_address => "192.168.255.29"
  :local_port    => 33978
  :path          => "/v2.0/tokens"
  :port          => 5001
  :reason_phrase => "Unauthorized"
  :remote_ip     => "172.27.66.32"
  :status        => 401
  :status_line   => "HTTP/1.1 401 Unauthorized\r\n"
>

[----] E, [2017-02-08T19:26:24.769890 #12337:185b640] ERROR -- : MIQ(ManageIQ::Providers::Openstack::CloudManager#verify_api_credentials) Error Class=Excon::Error::Unauthorized, Message=Expected([200, 204]) <=> Actual(401 Unauthorized)
excon.error.response
  :body          => "{\"error\": {\"message\": \"The request you have made requires authentication.\", \"code\": 401, \"title\": \"Unauthorized\"}}"
  :cookies       => [
  ]
  :headers       => {
    "Content-Length"         => "114"
    "Content-Type"           => "application/json"
    "Date"                   => "Wed, 08 Feb 2017 19:26:25 GMT"
    "Vary"                   => "X-Auth-Token"
    "Www-Authenticate"       => "Keystone uri=\"http://172.27.66.32:5000\""
    "X-Openstack-Request-Id" => "req-f197926e-41f0-4d7b-b4f6-11e73ebaeb9d"
  }
  :host          => "delta.internal.sanger.ac.uk"
  :local_address => "192.168.255.29"
  :local_port    => 33978
  :path          => "/v2.0/tokens"
  :port          => 5001
  :reason_phrase => "Unauthorized"
  :remote_ip     => "172.27.66.32"
  :status        => 401
  :status_line   => "HTTP/1.1 401 Unauthorized\r\n"

[----] W, [2017-02-08T19:26:24.769952 #12337:185b640]  WARN -- : MIQ(ManageIQ::Providers::Openstack::CloudManager#authentication_check_no_validation) type: ["default"] for [102000000000005] [delta2_overcloud] Validation failed: invalid, Login failed due to a bad username or password.
[----] E, [2017-02-08T19:26:24.770031 #12337:185b640] ERROR -- : MIQ(ems_cloud_controller-update): Credential validation was not successful: Login failed due to a bad username or password.
[----] I, [2017-02-08T19:26:25.233815 #12608:1225140]  INFO -- : MIQ(MiqServer#heartbeat) Heartbeat [2017-02-08 19:26:25 UTC]...
[----] I, [2017-02-08T19:26:25.241076 #12608:1225140]  INFO -- : MIQ(MiqServer#heartbeat) Heartbeat [2017-02-08 19:26:25 UTC]...Complete

Expected results:
authentication does not fail becaause the tenant is disabled

Additional info:
 re-enabling the openstack tenant resolves the authentication error

Comment 4 Dave Johnson 2017-07-14 03:52:02 UTC
Please assess the importance of this issue and update the priority accordingly.  Somewhere it was missed in the bug triage process.  Please refer to https://bugzilla.redhat.com/page.cgi?id=fields.html#priority for a reminder on each priority's definition.

If it's something like a tracker bug where it doesn't matter, please set it to Low/Low.

Comment 7 Oleksandr Kolisnyk 2017-08-30 16:27:24 UTC
Added 5 disabled tenants. Refresh is fast and successful.
Verified in 5.8.2.0 and RHOS 11.

Comment 8 Tzu-Mainn Chen 2017-08-30 16:31:35 UTC
Felix, it looks like this is fixed in the current release - is it okay to close this BZ?

Comment 9 Felix Dewaleyne 2017-09-13 10:18:22 UTC
(In reply to Tzu-Mainn Chen from comment #8)
> Felix, it looks like this is fixed in the current release - is it okay to
> close this BZ?

5.8.2.0 isn't out right now - this was not tested against 5.8.1.5 but 5.8.2.0.

Comment 10 Marek Aufart 2017-10-31 15:51:19 UTC
Sorry for repeating, this should have been resolved in the current release - is it okay to close this BZ? Thanks!


Note You need to log in before you can comment on or make changes to this bug.