Created attachment 1248858 [details] patch for controllers.py suggested by customer Description of problem: If the first provider returned to cloudforms is disabled , Cloudforms will fail to authenticate against openstack Version-Release number of selected component (if applicable): cfme-5.7.0.17-1 How reproducible: all the time Steps to Reproduce: 1.disable the first tenant returned to Cloudforms by openstack 2. 3. Actual results: Click to Open Sidebar Content Starts Here Case Case 01787535 Customize Page | Printable View | Help for this Page Stop following this case to stop receiving updates in your feed.FollowingStop following this case to stop receiving updates in your feed. Case History1+ | Negotiated Entitlement Processes0 | Bugzilla Tickets0 | Case Comments13 | Case Summary0 | Linked Resources1 | Action Plan0 Case Detail Case Owner Felix DewaleyneFelix Dewaleyne [Change] Product Red Hat CloudForms Case Number 01787535 [View Hierarchy] Version 4.2 Status Waiting on Red Hat Severity 3 (Normal) Internal Status Waiting on Owner Priority Score 552 SBR Group CFME Case Origin Web Needs New Owner Type Other Created By Beal, James (2017-02-07 14:29:24Z) Case Language en Last Update By Felix Dewaleyne (2017-02-09 10:42:44Z) Parent Case Hours in current status 5.29 Push to Partner Last Closed At External Handling System In Customer Business Hours Checked Case Automation Enabled Checked Hide Section - Entitlement InformationEntitlement Information SBT 1,432 Entitlement Name Premium: Red Hat Satellite (Academic Edition) TargetDate 10/02/2017 15:52 Initial Service Level PREMIUM SBT State Not Breached Hide Section - Account InformationAccount Information Account Name Wellcome Trust Sanger Institute Contact Name James Beal Account Number 5591858 Case Group Business Hours Europe/Paris Alternate Case Id 24x7 Not Checked 24x7 Handover Ready Not Checked 24x7 Contact Info Customer Engagement Scorecard Customer Engagement Scorecard Hide Section - Description InformationDescription Information Problem Statement cloudforms can no longer log in to openstack provider. Description The userinterface on the provider declares that the credentials are now invalid. I have tried to reenter them and it still continues to say this. I will upload logs from the coudforms systems and the openstack contollers Hide Section - TagsTags Negotiated Entitlement Processes No records to display Case History Date User Connection Action 09/02/2017 10:42 Felix Dewaleyne Changed Internal Status from Waiting on Customer to Waiting on Owner. Changed Status from Waiting on Customer to Waiting on Red Hat. 09/02/2017 10:41 Felix Dewaleyne Changed Internal Status from Waiting on Owner to Waiting on Customer. Changed Status from Waiting on Red Hat to Waiting on Customer. 08/02/2017 13:37 Strata EAP6 2 Changed Internal Status from Waiting on Customer to Waiting on Owner. Show more » | Go to list » Actions Candidate for Red Hat InsightsGenerate Session KeySBT Report Customer Contacts Action Contact Name Edit | Del Jonathan Nicholson Red Hat Associates Action User Role Office Status Edit | Del Saif Ali Contributor Bugzilla Tickets No records to display Linked Resources Action Resource Type Linked By Unlink Edit Is Exact 2916781 | Unable to connect Cloudforms to openstack if the first tenant of the openstack environment is disabled Solution rhn-support-fdewaley Suggested Resources Action Resource Category Resource Relevance Link 1257133 | How to collect logs for Red Hat CloudForms 3.1, 3.2? Text Analysis Summary Link 1354923 | Backup and Restore Database in CloudForms 3.x/4.x Text Analysis Summary Link 2018763 | How to put CloudForms in debug for Openstack issues Text Analysis Summary Link 1425843 | CloudForms 3.1/3.2 logs not rotating after upgrade Text Analysis Summary Link 650473 | How to collect logs via the command line for a Cloudforms appliance? Text Analysis Summary FirstPrevious12NextLast Search Resources Case Summary Internal Case Notes - Use 'Action Plan' for information that is appropriate for customers. No case summary to display. Action Plan Field is public - (i.e. Visible to customers) No action plan to display. Case Updates #13 (Associate) Make PrivatePrivate Cannot set 'Helps Resolution' 0 Created By: Felix Dewaleyne (09/02/2017 10:41) Last Modified By: Felix Dewaleyne (09/02/2017 15:52) Hi, Sorry about the previous version of this update - I confused your case with another. This will allow me to open a bugzilla for this issue. Kind regards, Félix #12 (Customer) Make PrivatePrivate Helps Resolution? 0 Created By: James Beal (08/02/2017 19:27) This is a failed login ( with the top tenant disabled ). [----] I, [2017-02-08T19:26:19.466424 #14155:1225140] INFO -- : MIQ(MiqScheduleWorker::Runner#do_work) Number of scheduled items to be processed: 0. [----] I, [2017-02-08T19:26:20.232944 #12608:1225140] INFO -- : MIQ(MiqServer#populate_queue_messages) Fetched 2 miq_queue rows for queue_name=generic, wcount=6, priority=200 [----] I, [2017-02-08T19:26:24.577542 #12337:185b640] INFO -- : MIQ(ManageIQ::Providers::Openstack::CloudManager#with_provider_connection) Connecting through ManageIQ::Providers::Openstack::CloudManager: [delta2_overcloud] [----] E, [2017-02-08T19:26:24.769645 #12337:185b640] ERROR -- : <Fog> excon.error #<Excon::Error::Unauthorized: Expected([200, 204]) <=> Actual(401 Unauthorized) excon.error.response :body => "{\"error\": {\"message\": \"The request you have made requires authentication.\", \"code\": 401, \"title\": \"Unauthorized\"}}" :cookies => [ ] :headers => { "Content-Length" => "114" "Content-Type" => "application/json" "Date" => "Wed, 08 Feb 2017 19:26:25 GMT" "Vary" => "X-Auth-Token" "Www-Authenticate" => "Keystone uri=\"http://172.27.66.32:5000\"" "X-Openstack-Request-Id" => "req-f197926e-41f0-4d7b-b4f6-11e73ebaeb9d" } :host => "delta.internal.sanger.ac.uk" :local_address => "192.168.255.29" :local_port => 33978 :path => "/v2.0/tokens" :port => 5001 :reason_phrase => "Unauthorized" :remote_ip => "172.27.66.32" :status => 401 :status_line => "HTTP/1.1 401 Unauthorized\r\n" > [----] E, [2017-02-08T19:26:24.769890 #12337:185b640] ERROR -- : MIQ(ManageIQ::Providers::Openstack::CloudManager#verify_api_credentials) Error Class=Excon::Error::Unauthorized, Message=Expected([200, 204]) <=> Actual(401 Unauthorized) excon.error.response :body => "{\"error\": {\"message\": \"The request you have made requires authentication.\", \"code\": 401, \"title\": \"Unauthorized\"}}" :cookies => [ ] :headers => { "Content-Length" => "114" "Content-Type" => "application/json" "Date" => "Wed, 08 Feb 2017 19:26:25 GMT" "Vary" => "X-Auth-Token" "Www-Authenticate" => "Keystone uri=\"http://172.27.66.32:5000\"" "X-Openstack-Request-Id" => "req-f197926e-41f0-4d7b-b4f6-11e73ebaeb9d" } :host => "delta.internal.sanger.ac.uk" :local_address => "192.168.255.29" :local_port => 33978 :path => "/v2.0/tokens" :port => 5001 :reason_phrase => "Unauthorized" :remote_ip => "172.27.66.32" :status => 401 :status_line => "HTTP/1.1 401 Unauthorized\r\n" [----] W, [2017-02-08T19:26:24.769952 #12337:185b640] WARN -- : MIQ(ManageIQ::Providers::Openstack::CloudManager#authentication_check_no_validation) type: ["default"] for [102000000000005] [delta2_overcloud] Validation failed: invalid, Login failed due to a bad username or password. [----] E, [2017-02-08T19:26:24.770031 #12337:185b640] ERROR -- : MIQ(ems_cloud_controller-update): Credential validation was not successful: Login failed due to a bad username or password. [----] I, [2017-02-08T19:26:25.233815 #12608:1225140] INFO -- : MIQ(MiqServer#heartbeat) Heartbeat [2017-02-08 19:26:25 UTC]... [----] I, [2017-02-08T19:26:25.241076 #12608:1225140] INFO -- : MIQ(MiqServer#heartbeat) Heartbeat [2017-02-08 19:26:25 UTC]...Complete Expected results: authentication does not fail becaause the tenant is disabled Additional info: re-enabling the openstack tenant resolves the authentication error
Please assess the importance of this issue and update the priority accordingly. Somewhere it was missed in the bug triage process. Please refer to https://bugzilla.redhat.com/page.cgi?id=fields.html#priority for a reminder on each priority's definition. If it's something like a tracker bug where it doesn't matter, please set it to Low/Low.
Added 5 disabled tenants. Refresh is fast and successful. Verified in 5.8.2.0 and RHOS 11.
Felix, it looks like this is fixed in the current release - is it okay to close this BZ?
(In reply to Tzu-Mainn Chen from comment #8) > Felix, it looks like this is fixed in the current release - is it okay to > close this BZ? 5.8.2.0 isn't out right now - this was not tested against 5.8.1.5 but 5.8.2.0.
Sorry for repeating, this should have been resolved in the current release - is it okay to close this BZ? Thanks!