Fuel for OpenStack

/etc/contrail/contrail-keystone-auth.conf file is not updated with admin credentials during provisioning

Bug #1694846 reported by Bruce Basil Mathews on 2017-05-31

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Fuel for OpenStack	Confirmed	High	Fuel Plugin Contrail	Fuel for OpenStack 9.x-updates

Bug Description

Juniper confirmed with their Engineering team that this issue (admin credentials in /etc/contrail/contrail-keystone-auth.conf file ) should be fixed by Mirantis. Its a Fuel provisioning issue. Please request their support team to raise a bug with their engineering.

MOS versions tested: MOS 8.0 -> MOS 9.2 -> Affects keystone v3 only.

OS: Ubuntu 14.04 and 16.04

Network Model: OpenContrail/Contrail

Deploy a cloud with the OpenContrail or Contrail Plugin and change the 'admin' password. The deployment will fail as the credentials in /etc/contrail/contrail-keystone-auth.conf file are not updated to reflect the change.

Workaround: Edit the /etc/contrail/contrail-keystone-auth.conf manually and change the password to reflect the new password.

The issue is only when using keystone v3, using v2 with local users works fine.

When using v3 project, user in Contrail UI with admin rights can’t create network or create router.
User can create network in horizon then edit network in contrail UI to add route-targets, policies etc
User can add router in horizon, but can’t bind interface to router (error is given that domain and project don’t exist). After viewing the Security Group for the project (only need to view it no changes need to be made), then you can bind interface to router. Everything appears to work fine after that.

The default keystone config on the contrail config node after deployment is using the services tenant and neutron user. Note this wasn’t a problem in MOS9 with Contrail 3.1, I don’t have this setup anymore to compare if the .conf file is the same or not. There seems to be some v3 domain changes from 3.1 to 3.2 and I suspect that is the difference.

# default .conf file on contrail config node

admin_tenant_name=services
admin_user=neutron
admin_password=<removed>

Changing this to the admin user/tenant and adding v3 auth url (all changes in bold) then restarting contrail fixes all the above issues.

root@contrail1:~# more /etc/contrail/contrail-keystone-auth.conf

[KEYSTONE]
auth_url=http://192.168.0.2:35357/v3
auth_host=192.168.0.2
#admin_tenant_name=services
auth_port=35357
#admin_user=neutron
auth_protocol=http
insecure=True
#admin_password=<removed>
memcache_servers=127.0.0.1:11211
admin_user=admin
admin_password=<removed>
admin_tenant_name=admin

See original description

Bruce Basil Mathews (bmathews-l) on 2017-05-31

description:

updated

Oleksiy Molchanov (omolchanov) on 2017-11-20

Changed in fuel:
milestone:	none → 9.x-updates
assignee:	nobody → Fuel Plugin Contrail (fuel-plugin-contrail)
importance:	Undecided → High
status:	New → Confirmed

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.