I'm going to mark this as Invalid since keystone's stable/ocata branch
includes the policy.json file [0]. All the work to move policy into code
was done in Pike. Per comment #9, this should be reopened if there are
steps provided to recreate the issue.

[0]
https://github.com/openstack/keystone/tree/stable/ocata/etchttps://github.com/openstack/keystone/tree/stable/ocata/etc

** Changed in: keystone
       Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1697458

Title:
  Cannot deploy stable/ocata keystone due to missing policy.json

Status in devstack:
  Incomplete
Status in OpenStack Identity (keystone):
  Invalid

Bug description:
  I tried to deploy stable/ocata environment for following 2 ways in
  Ubuntu 16.04.2 LTS.  Both ways were failed to deploy.  Am I missing
  something?

  Pattern A: using master devstack and following local.conf

    REQUIREMENTS_BRANCH=stable/ocata
    KEYSTONE_BRANCH=stable/ocata
    NOVA_BRANCH=stable/ocata
    NEUTRON_BRANCH=stable/ocata
    GLANCE_BRANCH=stable/ocata
    CINDER_BRANCH=stable/ocata
    IRONIC_BRANCH=stable/ocata
    SWIFT_BRANCH=stable/ocata

    disable_service n-net
    disable_service horizon
    disable_service tempest
    disable_service c-api
    disable_service c-vol
    disable_service c-sch
    enable_service neutron
    enable_plugin ironic https://git.openstack.org/openstack/ironic stable/ocata
    enable_service s-proxy
    enable_service s-object
    enable_service s-container
    enable_service s-account
    ..(snip)...

  Pattern B: using stable/ocata devstack and same local.conf with above
  definition.

  
  [Error for Pattern A] /opt/stack/logs/stack.sh.log

       ...(snip)...
      2017-06-12 13:21:57.118 | ++lib/keystone:create_keystone_accounts:330  
openstack project show admin -f value -c id
      2017-06-12 13:22:00.598 | You are not authorized to perform the requested 
action: identity:list_projects. (HTTP 403) (Request-ID: 
req-55f243e3-8720-4cc2-a63d-8c5dfcfa269d)

      I executed 'source devstack/openrc admin admin; openstack --debug 
endpoint list' and got an error:
          ...(snip)...
          REQ: curl -g -i -X GET http://192.168.122.198/identity/v3/auth/tokens 
-H "X-Subject-Token: {SHA1}23dde272ead75b0e520d229864a9fb9931aeabce" -H 
"User-Agent: python-keystoneclient"
   -H "Accept: application/json" -H "X-Auth-Token: 
{SHA1}23dde272ead75b0e520d229864a9fb9931aeabce"
          Resetting dropped connection: 192.168.122.198 
http://192.168.122.198:80 "GET /identity/v3/auth/tokens 
   HTTP/1.1" 403 141
          RESP: [403] Date: Mon, 12 Jun 2017 13:22:54 GMT Server: Apache/2.4.18 
(Ubuntu) Vary: X-Auth-Token Content-Type: application/json Content-Length: 141 
x-openstack-request-id: req-bb143aa4-e31a-46f6-91e2-89984a512ad4 Connection: 
close
          RESP BODY: {"error": {"message": "You are not authorized to perform 
the requested action: identity:validate_token.", "code": 403, "title": 
"Forbidden"}}
          ...(snip)...

  [Error for Pattern B] /opt/stack/logs/stack.sh.log
      2017-06-12 13:52:53.474 | ++::                                        
curl -g -k --noproxy '*' -s -o /dev/null -w '%{http_code}' 
http://192.168.122.198/identity/v3/
      2017-06-12 13:52:53.498 | +::                                        [[ 
503 == 503 ]]
      2017-06-12 13:52:53.505 | +::                                        
sleep 1
      2017-06-12 13:52:54.517 | ++::                                        
curl -g -k --noproxy '*' -s -o /dev/null -w '%{http_code}' 
http://192.168.122.198/identity/v3/
      2017-06-12 13:52:54.537 | +::                                        [[ 
503 == 503 ]]
      2017-06-12 13:52:54.544 | +::                                        
sleep 1
      ...(snip)...
      2017-06-12 13:52:55.363 | [ERROR] /home/stack/devstack/lib/keystone:615 
keystone did not start
      2017-06-12 13:52:56.371 | Error on exit

    I also checked /var/log/apache2/error.log

      [Mon Jun 12 22:56:01.868120 2017] [proxy:error] [pid 32263:tid 
140048708118272] (111)Connection refused: AH02454: uwsgi: attempt to connect to 
Unix domain socket /var/run/uwsgi/keystone-wsgi-public.socket 
(uwsgi-uds-keystone-wsgi-public) failed
      [Mon Jun 12 22:56:01.868214 2017] [proxy:error] [pid 32263:tid 
140048708118272] AH00959: ap_proxy_connect_backend disabling worker for 
(uwsgi-uds-keystone-wsgi-public) for 0s
      [Mon Jun 12 22:56:01.868232 2017] [:error] [pid 32263:tid 
140048708118272] [client 192.168.122.198:36640] failed to make connection to 
backend: httpd-UDS:0

To manage notifications about this bug go to:
https://bugs.launchpad.net/devstack/+bug/1697458/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to