Murano

murano uses hardcoded project/user domain_name 'default'

  1. Series mitaka
  2. Bug #1580611
Bug #1580611 reported by Igor Shergin
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Murano
Fix Released
High
Kirill Zaitsev
Murano newton-1 "n1"
Mitaka
Fix Committed
High
Unassigned
Murano 2.0.x "2.0.x"
Newton
Fix Released
High
Kirill Zaitsev
Murano newton-1 "n1"

Bug Description

mitaka release

murano-api and murano-engine is running, muranoclient works too (murano environment-list or environment-create is works), but after the launch environment-deploy in murano-engine fails to attempt to login to keystone: error 401 "Exception Could not find domain: default" and KeyError: 'model' in /usr/lib/python2.7/dist-packages/murano/common/server.py

Details (versions, log, tcpdump) http://paste.openstack.org/show/496729/

The problem is that from murano-engine queries come to keystone incorrect domain_name and a blank password, i.e:

{"auth": {"scope": {"project": {"domain": {"name": "default"}, "name": "admin"}}, "identity": {"password": {"user": {"password": null}}, "methods": ["password"]}}}

If you specify in murano.conf instead project_domain_id and user_domain_id:

project_domain_name = "Default"
user_domain_name = "Default"

then nothing changes and the error remains.

Igor Shergin (ishergin)
affects: murano → murano (Ubuntu)
Revision history for this message
Igor Shergin (ishergin) wrote :

in postgresql case sensitive comparison =(

To get murano-engine to pass domain_name instead of domain_id I did not succeed. devstack all in the works, as a comparison query.filter_by(name=project_name) in mysql are case insensitive

workaround:

--- /usr/lib/python2.7/dist-packages/keystone/resource/backends/sql.py.old 2016-05-17 01:46:39.653472179 +0300
+++ /usr/lib/python2.7/dist-packages/keystone/resource/backends/sql.py 2016-05-17 01:36:22.186652560 +0300
@@ -18,6 +18,7 @@
 from keystone import exception
 from keystone.i18n import _LE, _LW
 from keystone import resource as keystone_resource
+from sqlalchemy import func

 LOG = log.getLogger(__name__)

@@ -51,7 +52,7 @@
     def get_project_by_name(self, project_name, domain_id):
         with sql.session_for_read() as session:
             query = session.query(Project)
- query = query.filter_by(name=project_name)
+ query = query.filter(func.lower(Project.name)==func.lower(project_name))
             if domain_id is None:
                 query = query.filter_by(
                     domain_id=keystone_resource.NULL_DOMAIN_ID)

affects: murano (Ubuntu) → murano
affects: murano → keystone
Revision history for this message
Igor Shergin (ishergin) wrote :

adjustment: pass domain_id instead of domain_name I did not succeed

Nikolay Starodubtsev (starodubcevna)
affects: keystone → murano
Revision history for this message
Nikolay Starodubtsev (starodubcevna) wrote :

Unfortunately I can't reproduce this bug using DevStack environment.

Changed in murano:
status: New → Incomplete
Revision history for this message
György Szombathelyi (gyurco) wrote :

Seems in murano/common/auth_utils.py, the domain names are hardcoded to 'default'. I've changed it to 'Default', and started to work, but they should really come from the config file.

Nikolay Starodubtsev (starodubcevna)
Changed in murano:
status: Incomplete → Confirmed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to murano (master)

Fix proposed to branch: master
Review: https://review.openstack.org/324365

Changed in murano:
assignee: nobody → Nikolay Starodubtsev (starodubcevna)
status: Confirmed → In Progress
Revision history for this message
Kirill Zaitsev (kzaitsev) wrote : Re: murano-engine cannot authenticate to keystone

So this is only the case with postgres, right? The title of the bug is a bit misleading to my opinion

summary: - murano-engine cannot authenticate to keystone
+ [postgres] murano uses hardcoded project/user domain_name 'default'
summary: - [postgres] murano uses hardcoded project/user domain_name 'default'
+ murano uses hardcoded project/user domain_name 'default'
Nikolay Starodubtsev (starodubcevna)
tags: added: mitaka-backport-potential
Kirill Zaitsev (kzaitsev)
Changed in murano:
milestone: none → newton-1
Revision history for this message
Igor Shergin (ishergin) wrote :
Download full text (4.8 KiB)

{"explanation": "The server has either erred or is incapable of performing the requested operation.", "code": 500, "error": {"message": "no such option in group keystone_authtoken: user_domain_name", "traceback": "Traceback (most recent call last):
  File \"/usr/lib/python2.7/dist-packages/murano/api/middleware/fault.py\", line 128, in process_request
    return req.get_response(self.application)
  File \"/usr/lib/python2.7/dist-packages/webob/request.py\", line 1317, in send
    application, catch_exc_info=False)
  File \"/usr/lib/python2.7/dist-packages/webob/request.py\", line 1281, in call_application
    app_iter = application(self.environ, start_response)
  File \"/usr/lib/python2.7/dist-packages/webob/dec.py\", line 130, in __call__
    resp = self.call_func(req, *args, **self.kwargs)
  File \"/usr/lib/python2.7/dist-packages/webob/dec.py\", line 195, in call_func
    return self.func(req, *args, **kwargs)
  File \"/usr/lib/python2.7/dist-packages/keystonemiddleware/auth_token/__init__.py\", line 467, in __call__
    response = req.get_response(self._app)
  File \"/usr/lib/python2.7/dist-packages/webob/request.py\", line 1317, in send
    application, catch_exc_info=False)
  File \"/usr/lib/python2.7/dist-packages/webob/request.py\", line 1281, in call_application
    app_iter = application(self.environ, start_response)
  File \"/usr/lib/python2.7/dist-packages/webob/dec.py\", line 130, in __call__
    resp = self.call_func(req, *args, **self.kwargs)
  File \"/usr/lib/python2.7/dist-packages/webob/dec.py\", line 195, in call_func
    return self.func(req, *args, **kwargs)
  File \"/usr/lib/python2.7/dist-packages/murano/common/wsgi.py\", line 205, in __call__
    response = req.get_response(self.application)
  File \"/usr/lib/python2.7/dist-packages/webob/request.py\", line 1317, in send
    application, catch_exc_info=False)
  File \"/usr/lib/python2.7/dist-packages/webob/request.py\", line 1281, in call_application
    app_iter = application(self.environ, start_response)
  File \"/usr/lib/python2.7/dist-packages/paste/urlmap.py\", line 206, in __call__
    return app(environ, start_response)
  File \"/usr/lib/python2.7/dist-packages/webob/dec.py\", line 144, in __call__
    return resp(environ, start_response)
  File \"/usr/lib/python2.7/dist-packages/routes/middleware.py\", line 136, in __call__
    response = self.app(environ, start_response)
  File \"/usr/lib/python2.7/dist-packages/webob/dec.py\", line 144, in __call__
    return resp(environ, start_response)
  File \"/usr/lib/python2.7/dist-packages/webob/dec.py\", line 130, in __call__
    resp = self.call_func(req, *args, **self.kwargs)
  File \"/usr/lib/python2.7/dist-packages/webob/dec.py\", line 195, in call_func
    return self.func(req, *args, **kwargs)
  File \"/usr/lib/python2.7/dist-packages/murano/common/wsgi.py\", line 429, in __call__
    action_result = self.execute_action(action, request, **action_args)
  File \"/usr/lib/python2.7/dist-packages/murano/common/wsgi.py\", line 444, in execute_action
    return self.dispatch(self.controller, action, request, **action_args)
  File \"/usr/lib/python2.7/dist-packages/murano/common/wsgi.py\", line 453, in dispatch
    ret...

Read more...

OpenStack Infra (hudson-openstack)
Changed in murano:
assignee: Nikolay Starodubtsev (starodubcevna) → Kirill Zaitsev (kzaitsev)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to murano (master)

Reviewed: https://review.openstack.org/324365
Committed: https://git.openstack.org/cgit/openstack/murano/commit/?id=cae7e61787745b361268b7297d57e13b3a2061dc
Submitter: Jenkins
Branch: master

commit cae7e61787745b361268b7297d57e13b3a2061dc
Author: Nikolay Starodubtsev <email address hidden>
Date: Thu Jun 2 13:57:18 2016 +0300

    Updated *_domain_id to "Default"

    Previously user_domain_id and project_domain_id was hardcoded to
    "default" which causes an error in environments using PostgreSQL or
    case-sensirive MySQL as DB backend.

    Change-Id: Id8489ad712deebff2248fbf404df255f484a8071
    Closes-Bug: #1580611

Changed in murano:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to murano (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/331421

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to murano (stable/mitaka)

Reviewed: https://review.openstack.org/331421
Committed: https://git.openstack.org/cgit/openstack/murano/commit/?id=d2260fbfce344f72895e2aa165e1fba0f8ea86ba
Submitter: Jenkins
Branch: stable/mitaka

commit d2260fbfce344f72895e2aa165e1fba0f8ea86ba
Author: Nikolay Starodubtsev <email address hidden>
Date: Thu Jun 2 13:57:18 2016 +0300

    Updated *_domain_id to "Default"

    Previously user_domain_id and project_domain_id was hardcoded to
    "default" which causes an error in environments using PostgreSQL or
    case-sensirive MySQL as DB backend.

    Change-Id: Id8489ad712deebff2248fbf404df255f484a8071
    Closes-Bug: #1580611
    (cherry picked from commit cae7e61787745b361268b7297d57e13b3a2061dc)

Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/murano 2.0.1

This issue was fixed in the openstack/murano 2.0.1 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to murano (master)

Reviewed: https://review.openstack.org/331818
Committed: https://git.openstack.org/cgit/openstack/murano/commit/?id=3d20f25d3bd5e3a69244fcb5205d3d2b346d8b66
Submitter: Jenkins
Branch: master

commit 3d20f25d3bd5e3a69244fcb5205d3d2b346d8b66
Author: Gyorgy Szombathelyi <email address hidden>
Date: Mon Jun 20 21:41:04 2016 +0200

    Use keystoneauth1 lib for authentication helpers

    If auth_type is set in the keystone_authtoken section,
    then one can use the the keystoneauth1 library to load the
    authentication plugin. This makes muranoclient fully workable,
    with Keystone v3 in case domain name is not 'Default'.

    Related-Bug: 1580611

    Change-Id: I0d71032fb5296752ee25482b75993072884731e7

Revision history for this message
Davanum Srinivas (DIMS) (dims-v) wrote : Fix included in openstack/murano 3.0.0.0b2

This issue was fixed in the openstack/murano 3.0.0.0b2 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.