Cinder

quotas calls fail when CONF.keymgr.encryption_auth_url is not configured

Bug #1516085 reported by Michal Dulko
76
This bug affects 12 people
Affects Status Importance Assigned to Milestone
Cinder
Fix Released
Medium
Michal Dulko
Cinder mitaka-1 "m1"
Liberty
Fix Released
Undecided
Szymon Borkowski
Mitaka
Fix Released
Medium
Michal Dulko
Cinder mitaka-1 "m1"
cinder (Juju Charms Collection)
Fix Released
High
James Page
Juju Charms Collection 16.01
cinder (Ubuntu)
Fix Released
Medium
Corey Bryant
Wily
Fix Released
High
James Page
Xenial
Fix Released
Medium
Corey Bryant

Bug Description

Quotas calls fail when aforementioned option is not configured and our Keystone host is somewhere else than c-api's host. This is due to the fact that the option defaults to localhost's Keystone v3.

To fix we would need to modify:

https://github.com/openstack/cinder/blob/master/cinder/api/contrib/quotas.py#L183

We're using the config option instead of working with service catalog (available in RequestContext) to find proper Keystone endpoint.

Sean McGinnis (sean-mcginnis)
Changed in cinder:
milestone: none → mitaka-1
Revision history for this message
Tobias Urdin (tobias-urdin) wrote :

Confirmed when I upgraded from Kilo to Liberty in our staging environment.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (master)

Fix proposed to branch: master
Review: https://review.openstack.org/245572

James Page (james-page)
Changed in cinder (Juju Charms Collection):
status: New → Confirmed
importance: Undecided → High
tags: added: backport-potential openstack
James Page (james-page)
Changed in cinder (Juju Charms Collection):
status: Confirmed → Triaged
Changed in cinder (Ubuntu Wily):
status: New → Triaged
importance: Undecided → High
Changed in cinder (Ubuntu Xenial):
importance: Undecided → Medium
status: New → Triaged
Revision history for this message
Mitsuhiro Tanino (mitsuhiro-tanino) wrote :

@Michal

Seems these three bugs are same bug reports of this bug report.
Could you confirm them and mark as duplicate for them?

https://bugs.launchpad.net/cinder/+bug/1517043
https://bugs.launchpad.net/cinder/+bug/1518513
https://bugs.launchpad.net/cinder/+bug/1509308

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.openstack.org/251937

Changed in cinder:
assignee: Michal Dulko (michal-dulko-f) → Szymon Borkowski (szymon-borkowski)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on cinder (master)

Change abandoned by Michal Dulko (<email address hidden>) on branch: master
Review: https://review.openstack.org/245572
Reason: Abandoning in favor of https://review.openstack.org/#/c/251937/

OpenStack Infra (hudson-openstack)
Changed in cinder:
assignee: Szymon Borkowski (szymon-borkowski) → Michal Dulko (michal-dulko-f)
Michal Dulko (michal-dulko-f)
tags: added: liberty-backport-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (master)

Reviewed: https://review.openstack.org/251937
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=109353dedbe53201eb6999984c5658d9193115df
Submitter: Jenkins
Branch: master

commit 109353dedbe53201eb6999984c5658d9193115df
Author: Szymon Borkowski <email address hidden>
Date: Tue Dec 1 14:12:03 2015 +0100

    Use proper config option to connect to keystone

    Earlier, quotas used to authenticate to endpoint from not required
    option located in keymgr.encryption_auth_url. Now, the required
    auth_uri option from config file is used to authenticate to
    keystone.

    Co-Authored-By: Michal Dulko <email address hidden>
    Change-Id: I1076527704f8def2c6755c060df49232e5ebe805
    Closes-Bug: 1516085

Changed in cinder:
status: In Progress → Fix Committed
James Page (james-page)
Changed in cinder (Juju Charms Collection):
status: Triaged → Invalid
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (stable/liberty)

Fix proposed to branch: stable/liberty
Review: https://review.openstack.org/254700

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (stable/liberty)

Reviewed: https://review.openstack.org/254700
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=fa7d0916d849e9c6f93e08f8323eb2a886bcffc0
Submitter: Jenkins
Branch: stable/liberty

commit fa7d0916d849e9c6f93e08f8323eb2a886bcffc0
Author: Szymon Borkowski <email address hidden>
Date: Tue Dec 1 14:12:03 2015 +0100

    Use proper config option to connect to keystone

    Earlier, quotas used to authenticate to endpoint from not required
    option located in keymgr.encryption_auth_url. Now, the required
    auth_uri option from config file is used to authenticate to
    keystone.

    Co-Authored-By: Michal Dulko <email address hidden>
    Change-Id: I1076527704f8def2c6755c060df49232e5ebe805
    Closes-Bug: 1516085
    (cherry picked from commit 109353dedbe53201eb6999984c5658d9193115df)

James Page (james-page)
Changed in cinder (Juju Charms Collection):
status: Invalid → Triaged
James Page (james-page)
Changed in cinder (Juju Charms Collection):
status: Triaged → In Progress
assignee: nobody → James Page (james-page)
milestone: none → 16.01
Revision history for this message
James Page (james-page) wrote :

Ubuntu SRU information

[Impact]
Quota operations fail unless the auth URL for key management is set in the cinder.conf file.

[Test Case]
Deploy OpenStack Liberty
cinder quota-show <tenant-id>
ERROR: The server has either erred or is incapable of performing the requested operation. (HTTP 500) (Request-ID: req-57d9c37b-56a1-47de-beb3-4a8b3de1d7e4)

[Regression Potential]
Minimal; fix is upstream in development and stable branches

Changed in cinder (Ubuntu Wily):
assignee: nobody → James Page (james-page)
Changed in cinder (Ubuntu Xenial):
assignee: nobody → Corey Bryant (corey.bryant)
Changed in cinder (Ubuntu Wily):
status: Triaged → In Progress
Revision history for this message
James Page (james-page) wrote :

Update for wily/liberty uploaded for SRU team review.

Adam Collard (adam-collard)
tags: added: kanban-cross-team
🤖 Landscape Builder (landscape-builder)
tags: removed: kanban-cross-team
James Page (james-page)
Changed in cinder (Juju Charms Collection):
status: In Progress → Fix Committed
James Page (james-page)
Changed in cinder (Juju Charms Collection):
status: Fix Committed → Fix Released
Revision history for this message
Chris J Arges (arges) wrote : Please test proposed package

Hello Michal, or anyone else affected,

Accepted cinder into wily-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cinder/2:7.0.0-0ubuntu1.15.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in cinder (Ubuntu Wily):
status: In Progress → Fix Committed
tags: added: verification-needed
Revision history for this message
Thierry Carrez (ttx) wrote : Fix included in cinder 7.0.1

This issue was fixed in the cinder 7.0.1 release (liberty).

James Page (james-page)
tags: added: verification-done
removed: verification-needed
Changed in cinder (Ubuntu Xenial):
status: Triaged → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cinder - 2:7.0.0-0ubuntu1.15.10.1

---------------
cinder (2:7.0.0-0ubuntu1.15.10.1) wily; urgency=medium

  * Ensure configured keystone endpoints are using in the Cinder quota
    module (LP: #1516085):
    - d/p/lp1516085.patch: Cherry pick fix from stable/liberty branch in
      advance of the next point release.

 -- James Page <email address hidden> Tue, 15 Dec 2015 12:07:17 +0000

Changed in cinder (Ubuntu Wily):
status: Fix Committed → Fix Released
Revision history for this message
Chris J Arges (arges) wrote : Update Released

The verification of the Stable Release Update for cinder has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
James Page (james-page) wrote :

Promoted to liberty-updates in the UCA.

Revision history for this message
Thierry Carrez (ttx) wrote : Fix included in openstack/cinder 8.0.0.0b2

This issue was fixed in the openstack/cinder 8.0.0.0b2 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.