Awesome! Good to hear.
** Changed in: keystone
Status: Incomplete => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1362181
Title:
Multi-domain has problems with domain drivers
Status in OpenStack Identity (Keystone):
Invalid
Bug description:
My Environment
--------------
I've install RDO Openstack Icehouse, then I've upgrade to keystone-2014.2.b2
from launchpad tarball. I'm using SQL (not LDAP). With standard installation,
we have only 1 domain, the "default" domain. I did not configure nothing more.
What I want to achieve
----------------------
Now, I want to configure multidomain feature on Keystone Juno 2 and I'm
following the official documentation
http://docs.openstack.org/developer/keystone/configuration.html#domain-specific-drivers
The problem
------------
If I execute this command:
$ curl --insecure -H "X-Auth-Token:ADMIN"
http://localhost:5000/v3/users
Ok, no problems, Keystone returns the json user list. Now, I'll
configure multi-domain feature.
1.- Edit /etc/keystone/keystone.conf file like
- # domain_specific_drivers_enabled=False
+ domain_specific_drivers_enabled=True
- # domain_config_dir=/etc/keystone/domains
+ domain_config_dir=/etc/keystone/domains
2.- Create default domain file.
2.1 cd /etc/keystone; mkdir domains; chown keystone:keystone domains; cd
domains;
2.2 vim keystone.default.conf
[identity]
driver = keystone.identity.backends.sql.Identity
[ldap]
2.3 chown keystone:keystone keystone.default.conf
3.- service openstack-keystone restart
Now, if try the same CURL command I obtain this error:
$ curl --insecure -H "X-Auth-Token:ADMIN" http://localhost:5000/v3/users
{
"error": {
"code": 401,
"message": "The request you have made requires authentication.
(Disable debug mode to suppress these details.)",
"title": "Unauthorized"
}
}
And, in the log file, I have 3 different errors:
2014-08-27 15:25:43.669 23078 DEBUG keystone.middleware.core [-] RBAC:
auth_context: {} process_request
/usr/lib/python2.6/site-packages/keystone/middleware/core.py:286
2014-08-27 15:25:43.764 23078 DEBUG keystone.common.wsgi [-] arg_dict: {}
__call__ /usr/lib/python2.6/site-packages/keystone/common/wsgi.py:181
2014-08-27 15:25:43.765 23078 WARNING keystone.common.controller [-] RBAC:
Bypassing authorization
2014-08-27 15:25:48.051 23078 DEBUG oslo.db.sqlalchemy.session [-] MySQL
server mode set to
STRICT_TRANS_TABLES,STRICT_ALL_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,TRADITIONAL,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
_mysql_check_effective_sql_mode
/usr/lib/python2.6/site-packages/oslo/db/sqlalchemy/session.py:401
2014-08-27 15:25:48.081 23078 WARNING keystone.common.controller [-] Invalid
token found while getting domain ID for list request
2014-08-27 15:25:48.084 23078 WARNING keystone.common.wsgi [-] Authorization
failed. The request you have made requires authentication. (Disable debug mode
to suppress these details.) (Disable debug mode to suppress these details.)
from 127.0.0.1
2014-08-27 15:25:48.090 23078 INFO eventlet.wsgi.server [-] 127.0.0.1 - -
[27/Aug/2014 15:25:48] "GET /v3/users HTTP/1.1" 401 357 4.421301
And some seconds later, keystone raises this error:
2014-08-27 15:26:35.707 23078 DEBUG keystone.middleware.core [-] Auth token
not in the request header. Will not build auth context. process_request
/usr/lib/python2.6/site-packages/keystone/middleware/core.py:276
2014-08-27 15:26:35.731 23078 DEBUG keystone.common.wsgi [-] arg_dict: {}
__call__ /usr/lib/python2.6/site-packages/keystone/common/wsgi.py:181
2014-08-27 15:26:35.741 23078 ERROR keystone.common.wsgi [-]
object.__init__() takes no parameters
2014-08-27 15:26:35.741 23078 TRACE keystone.common.wsgi Traceback (most
recent call last):
2014-08-27 15:26:35.741 23078 TRACE keystone.common.wsgi File
"/usr/lib/python2.6/site-packages/keystone/common/wsgi.py", line 212, in
__call__
2014-08-27 15:26:35.741 23078 TRACE keystone.common.wsgi result =
method(context, **params)
2014-08-27 15:26:35.741 23078 TRACE keystone.common.wsgi File
"/usr/lib/python2.6/site-packages/keystone/token/controllers.py", line 99, in
authenticate
2014-08-27 15:26:35.741 23078 TRACE keystone.common.wsgi context, auth)
2014-08-27 15:26:35.741 23078 TRACE keystone.common.wsgi File
"/usr/lib/python2.6/site-packages/keystone/token/controllers.py", line 279, in
_authenticate_local
2014-08-27 15:26:35.741 23078 TRACE keystone.common.wsgi username,
CONF.identity.default_domain_id)
2014-08-27 15:26:35.741 23078 TRACE keystone.common.wsgi File
"/usr/lib/python2.6/site-packages/keystone/identity/core.py", line 181, in
wrapper
2014-08-27 15:26:35.741 23078 TRACE keystone.common.wsgi self.driver,
self.assignment_api)
2014-08-27 15:26:35.741 23078 TRACE keystone.common.wsgi File
"/usr/lib/python2.6/site-packages/keystone/identity/core.py", line 137, in
setup_domain_drivers
2014-08-27 15:26:35.741 23078 TRACE keystone.common.wsgi
-len(DOMAIN_CONF_FTAIL)])
2014-08-27 15:26:35.741 23078 TRACE keystone.common.wsgi File
"/usr/lib/python2.6/site-packages/keystone/identity/core.py", line 116, in
_load_config
2014-08-27 15:26:35.741 23078 TRACE keystone.common.wsgi
self._load_driver(assignment_api, domain)
2014-08-27 15:26:35.741 23078 TRACE keystone.common.wsgi File
"/usr/lib/python2.6/site-packages/keystone/identity/core.py", line 93, in
_load_driver
2014-08-27 15:26:35.741 23078 TRACE keystone.common.wsgi
domain_config['cfg'].identity.driver, domain_config['cfg']))
2014-08-27 15:26:35.741 23078 TRACE keystone.common.wsgi File
"/usr/lib/python2.6/site-packages/keystone/openstack/common/importutils.py",
line 38, in import_object
2014-08-27 15:26:35.741 23078 TRACE keystone.common.wsgi return
import_class(import_str)(*args, **kwargs)
2014-08-27 15:26:35.741 23078 TRACE keystone.common.wsgi File
"/usr/lib/python2.6/site-packages/keystone/common/dependency.py", line 166, in
wrapper
2014-08-27 15:26:35.741 23078 TRACE keystone.common.wsgi
self.__wrapped_init__(*args, **kwargs)
2014-08-27 15:26:35.741 23078 TRACE keystone.common.wsgi TypeError:
object.__init__() takes no parameters
2014-08-27 15:26:35.741 23078 TRACE keystone.common.wsgi
2014-08-27 15:26:35.744 23078 INFO eventlet.wsgi.server [-] 128.142.152.106 -
- [27/Aug/2014 15:26:35] "POST /v2.0/tokens HTTP/1.1" 400 238 0.036876
After that, keystone raises this error every X seconds for ever
2014-08-27 15:26:46.683 23078 INFO eventlet.wsgi.server [-] 128.142.152.106 -
- [27/Aug/2014 15:26:46] "POST /v2.0/tokens HTTP/1.1" 500 348 0.005080
2014-08-27 15:27:02.864 23078 DEBUG keystone.middleware.core [-] Auth token
not in the request header. Will not build auth context. process_request
/usr/lib/python2.6/site-packages/keystone/middleware/core.py:276
2014-08-27 15:27:02.867 23078 DEBUG keystone.common.wsgi [-] arg_dict: {}
__call__ /usr/lib/python2.6/site-packages/keystone/common/wsgi.py:181
2014-08-27 15:27:02.868 23078 ERROR keystone.common.wsgi [-] 'driver'
2014-08-27 15:27:02.868 23078 TRACE keystone.common.wsgi Traceback (most
recent call last):
2014-08-27 15:27:02.868 23078 TRACE keystone.common.wsgi File
"/usr/lib/python2.6/site-packages/keystone/common/wsgi.py", line 212, in
__call__
2014-08-27 15:27:02.868 23078 TRACE keystone.common.wsgi result =
method(context, **params)
2014-08-27 15:27:02.868 23078 TRACE keystone.common.wsgi File
"/usr/lib/python2.6/site-packages/keystone/token/controllers.py", line 99, in
authenticate
2014-08-27 15:27:02.868 23078 TRACE keystone.common.wsgi context, auth)
2014-08-27 15:27:02.868 23078 TRACE keystone.common.wsgi File
"/usr/lib/python2.6/site-packages/keystone/token/controllers.py", line 279, in
_authenticate_local
2014-08-27 15:27:02.868 23078 TRACE keystone.common.wsgi username,
CONF.identity.default_domain_id)
2014-08-27 15:27:02.868 23078 TRACE keystone.common.wsgi File
"/usr/lib/python2.6/site-packages/keystone/identity/core.py", line 182, in
wrapper
2014-08-27 15:27:02.868 23078 TRACE keystone.common.wsgi return f(self,
*args, **kwargs)
2014-08-27 15:27:02.868 23078 TRACE keystone.common.wsgi File
"/usr/lib/python2.6/site-packages/keystone/identity/core.py", line 193, in
wrapper
2014-08-27 15:27:02.868 23078 TRACE keystone.common.wsgi return f(self,
*args, **kwargs)
2014-08-27 15:27:02.868 23078 TRACE keystone.common.wsgi File
"/usr/lib/python2.6/site-packages/keystone/identity/core.py", line 555, in
get_user_by_name
2014-08-27 15:27:02.868 23078 TRACE keystone.common.wsgi driver =
self._select_identity_driver(domain_id)
2014-08-27 15:27:02.868 23078 TRACE keystone.common.wsgi File
"/usr/lib/python2.6/site-packages/keystone/identity/core.py", line 372, in
_select_identity_driver
2014-08-27 15:27:02.868 23078 TRACE keystone.common.wsgi driver =
(self.domain_configs.get_domain_driver(domain_id) or
2014-08-27 15:27:02.868 23078 TRACE keystone.common.wsgi File
"/usr/lib/python2.6/site-packages/keystone/identity/core.py", line 145, in
get_domain_driver
2014-08-27 15:27:02.868 23078 TRACE keystone.common.wsgi return
self[domain_id]['driver']
2014-08-27 15:27:02.868 23078 TRACE keystone.common.wsgi KeyError: 'driver'
2014-08-27 15:27:02.868 23078 TRACE keystone.common.wsgi
2014-08-27 15:27:02.873 23078 INFO eventlet.wsgi.server [-] 128.142.152.106 -
- [27/Aug/2014 15:27:02] "POST /v2.0/tokens HTTP/1.1" 500 348 0.009450
It is suppose that multidomain feature is ready on Juno 2 (correct me
if I'm wrong) but I think that there are some problems. I don't know
if it is related with this bug
https://bugs.launchpad.net/keystone/+bug/1217017
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1362181/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
