Bug 1470570 - Undercloud Swift cannot be reached with the generated stackrc loaded
Undercloud Swift cannot be reached with the generated stackrc loaded
Status: NEW
Product: Red Hat OpenStack
Classification: Red Hat
Component: python-swiftclient (Show other bugs)
12.0 (Pike)
Unspecified Unspecified
unspecified Severity medium
: ga
: 12.0 (Pike)
Assigned To: Pete Zaitcev
nlevinki
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-13 04:50 EDT by Marius Cornea
Modified: 2017-08-16 09:53 EDT (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Marius Cornea 2017-07-13 04:50:09 EDT
Description of problem:
Undercloud Swift cannot be reached with the generated stackrc loaded:

[stack@undercloud-0 ~]$ source stackrc 
(undercloud) [stack@undercloud-0 ~]$ swift list
/usr/lib/python2.7/site-packages/requests/packages/urllib3/connection.py:303: SubjectAltNameWarning: Certificate for 192.168.24.2 has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
  SubjectAltNameWarning
Authorization Failure. Authorization failed: (http://192.168.24.2:13000/auth/tokens): The resource could not be found. (HTTP 404)


Version-Release number of selected component (if applicable):
instack-undercloud-7.1.1-0.20170630185738.el7ost.noarch

How reproducible:
100%

Steps to Reproduce:
1. Deploy OSP12
2. source stackrc
3. swift list

Actual results:
Authorization Failure. Authorization failed: (http://192.168.24.2:13000/auth/tokens): The resource could not be found. (HTTP 404)

Expected results:
No authorization failed.

Additional info:
The OS_AUTH_URL needs /v3

(undercloud) [stack@undercloud-0 ~]$ grep OS_AUTH_URL stackrc 
OS_AUTH_URL=https://192.168.24.2:13000/
export OS_AUTH_URL

(undercloud) [stack@undercloud-0 ~]$ export OS_AUTH_URL=https://192.168.24.2:13000/v3; swift list
/usr/lib/python2.7/site-packages/requests/packages/urllib3/connection.py:303: SubjectAltNameWarning: Certificate for 192.168.24.2 has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
  SubjectAltNameWarning
/usr/lib/python2.7/site-packages/requests/packages/urllib3/connection.py:303: SubjectAltNameWarning: Certificate for 192.168.24.2 has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
  SubjectAltNameWarning
ov-kbc7lxvhwu-0-m5fs4wnjql2b-NovaCompute-oux6wrkqfbb6
ov-pwvd26zc7kj-0-jax4m6qwyes6-Controller-4gjqvjbglt3j
overcloud
overcloud-swift-rings
Comment 1 Alex Schultz 2017-07-13 12:26:05 EDT
It should be noted that swiftclient does not work with keystone v3. Use openstackclient instead.
Comment 2 Alex Schultz 2017-07-13 12:31:17 EDT
sorry when I say it doesn't work with v3, it doesn't handle the version auto discovery (hence needing /v3 on the url). We've replaced our usages with openstack client equivalent commands.
Comment 3 Marius Cornea 2017-07-13 12:33:30 EDT
I can confirm 'openstack container list' is working as expected.
Comment 4 Thiago da Silva 2017-08-16 09:53:38 EDT
The issue is that the new stackrc files does not contain the version on OS_AUTH_URL env variable and swift client does not currently support versionless auth url. Christian has a patch for this upstream: https://review.openstack.org/#/c/473740/

This will probably show up in osp13 as it didn't land in time for to make into the Pike release upstream.

Note You need to log in before you can comment on or make changes to this bug.