watcher

Authentication failed with keystone-middleware 4.2.0

Bug #1539670 reported by David TARDIVEL on 2016-01-29

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	watcher	Fix Released	Critical	Taylor Peoples	watcher mitaka-3 "m3"

Bug Description

Token verification fails in Watcher API Service.
Watcher Decision Engine and Applier can no more instantiate OS module client (nova, ceilometer, ....) due to Authentication failure.

Watcher shall use auth_plugin feature.

David TARDIVEL (david-tardivel) on 2016-02-02

Changed in watcher:
assignee:	nobody → Taylor Peoples (tpeoples)
status:	Confirmed → In Progress
milestone:	none → mitaka-3

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-02-03: Fix merged to watcher (master)

Reviewed: https://review.openstack.org/270039
Committed: https://git.openstack.org/cgit/openstack/watcher/commit/?id=9a6811ae6bd07580d2e485b6312821919451dfa4
Submitter: Jenkins
Branch: master

commit 9a6811ae6bd07580d2e485b6312821919451dfa4
Author: Taylor Peoples <email address hidden>
Date: Wed Jan 20 08:15:47 2016 +0100

Create OpenStackClients convenience class

    The OpenStackClients class provides a convenient way to create and
    cache client instances. The idea behind this code comes from Magnum
    [0].

    The OpenStackClients class will act as the manager of other project's
    clients, providing an easy way to fetch instances of said clients. This
    will allow the clients to be cached.

    An instance of OpenStackClients is created for every call that comes
    into the decision engine and the applier, using the request context to
    pass needed (domain id) parameters to get a Keystone session. This
    instance should be shared as much as possible to avoid additional
    unneccessary connections to the other services.

This class will also allow for the version of each client to be
configurable via the watcher.conf file.

    The method by which a Keystone session is also changed to use the
    keystoneauth1.loading library. In order to avoid DuplicateOptErrors
    with the keystone_authtoken group used for the keystonemiddleware in the
    API code, a new conf group named "watcher_clients_auth" is created. A
    typical configuration using a password authentication scheme will look
    like:
      [watcher_clients_auth]
      auth_type = password
      auth_url = http://<server-ip>:<port>
      username = <username>
      password = <password>
      project_domain_id = default
      user_domain_id = default

[0]: https://github.com/openstack/magnum/blob/master/magnum/common/clients.py

    DocImpact
    Change-Id: Iab9d0b304099686da2e9e2b19e8b1de4332ff378
    Implements: blueprint external-api-versioning
    Closes-Bug: #1530790
    Closes-Bug: #1539670
    Closes-Bug: #1522774

Reviewed:  https://review.openstack.org/270039
Committed: https://git.openstack.org/cgit/openstack/watcher/commit/?id=9a6811ae6bd07580d2e485b6312821919451dfa4
Submitter: Jenkins
Branch:    master

commit 9a6811ae6bd07580d2e485b6312821919451dfa4
Author: Taylor Peoples <tpeoples@us.ibm.com>
Date:   Wed Jan 20 08:15:47 2016 +0100

Create OpenStackClients convenience class
    
    The OpenStackClients class provides a convenient way to create and
    cache client instances.  The idea behind this code comes from Magnum
    [0].
    
    The OpenStackClients class will act as the manager of other project's
    clients, providing an easy way to fetch instances of said clients. This
    will allow the clients to be cached.
    
    An instance of OpenStackClients is created for every call that comes
    into the decision engine and the applier, using the request context to
    pass needed (domain id) parameters to get a Keystone session.  This
    instance should be shared as much as possible to avoid additional
    unneccessary connections to the other services.
    
    This class will also allow for the version of each client to be
    configurable via the watcher.conf file.
    
    The method by which a Keystone session is also changed to use the
    keystoneauth1.loading library.  In order to avoid DuplicateOptErrors
    with the keystone_authtoken group used for the keystonemiddleware in the
    API code, a new conf group named "watcher_clients_auth" is created.  A
    typical configuration using a password authentication scheme will look
    like:
      [watcher_clients_auth]
      auth_type = password
      auth_url = http://<server-ip>:<port>
      username = <username>
      password = <password>
      project_domain_id = default
      user_domain_id = default
    
    [0]: https://github.com/openstack/magnum/blob/master/magnum/common/clients.py
    
    DocImpact
    Change-Id: Iab9d0b304099686da2e9e2b19e8b1de4332ff378
    Implements: blueprint external-api-versioning
    Closes-Bug: #1530790
    Closes-Bug: #1539670
    Closes-Bug: #1522774

Changed in watcher:
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.