Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 1367138

Summary: Autoscaling with trust notifier doesn't work
Product: Red Hat OpenStack Reporter: Yurii Prokulevych <yprokule>
Component: openstack-heatAssignee: Steve Baker <sbaker>
Status: CLOSED DUPLICATE QA Contact: Amit Ugol <augol>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 9.0 (Mitaka)CC: mburns, rhel-osp-director-maint, sbaker, shardy, srevivo, therve, yprokule
Target Milestone: ---   
Target Release: 10.0 (Newton)   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-09-07 22:03:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Yurii Prokulevych 2016-08-15 16:57:18 UTC
Description of problem:
Auto scaling with 'trust' notifier doesn't work.
Aodh sends requests but got 403 error.

At the mean time regular alarming is working.

Version-Release number of selected component (if applicable):


Steps to Reproduce:
1. Create stack with templates attached.
2. Trigger alarms

Additional info:
Virtual setup: 3controllers + 1compute + 1ceph

Excerpts from logs/alarms/trusts attached

Comment 6 Zane Bitter 2016-08-15 19:20:04 UTC
Can you attach the heat-engine log? The heat-api log doesn't offer any clues beyond what's already in the description.

Comment 11 Zane Bitter 2016-08-16 16:22:46 UTC
Hmm, OK, there's no record of the request in the heat-engine log, so it must be failing in heat-api but the logs for that don't offer any more clues other than that it returned a 403 Forbidden error. The keystone logs might conceivably help.

Comment 13 Zane Bitter 2016-08-16 17:12:31 UTC
Nothing out of the ordinary in the keystone logs either - the responses are not logged. We're going to need help from somebody who knows how all of this is supposed to work.

Comment 16 Thomas Hervé 2016-09-02 19:08:22 UTC
I found the issue, it relies in Aodh: you have to use the v3 API to request the trust token, otherwise I believe it's ignored. Before the refactoring of keystoneauth, we used to force v3 by doing replace('v2.0', 'v3') on the URL, which is ugly but works.

We have to restore such a hack I belive if we want to continue supporting v2.0 in OSP 9.

It's also possible that we can reconfigure aodh with Keystone v3, but I don't know how, especially if we have to support upgrades.

Comment 17 Steve Baker 2016-09-05 03:53:34 UTC
Could it be that this upstream change will configure Aodh with v3?

Comment 18 Steve Baker 2016-09-07 22:03:59 UTC
I'm going to mark this as a duplicate of bug 1364052. Can you please test when that fix is available? If it doesn't fix this issue then this bug can be de-duped

*** This bug has been marked as a duplicate of bug 1364052 ***