Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1364052 - Fix trust notifier
Summary: Fix trust notifier
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-aodh
Version: 9.0 (Mitaka)
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: async
: 9.0 (Mitaka)
Assignee: Mehdi ABAAKOUK
QA Contact: Yurii Prokulevych
URL:
Whiteboard:
: 1363888 1367138 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-04 11:45 UTC by Yurii Prokulevych
Modified: 2016-09-21 14:09 UTC (History)
9 users (show)

Fixed In Version: openstack-aodh-2.0.5-1.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-09-21 14:09:17 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
OpenStack gerrit 365640 None None None 2016-09-06 07:53:08 UTC
OpenStack gerrit 368068 None None None 2016-09-09 15:04:17 UTC
Launchpad 1620499 None None None 2016-09-06 07:52:24 UTC
Red Hat Product Errata RHBA-2016:1915 normal SHIPPED_LIVE Red Hat OpenStack Platform 9 Bug Fix and Enhancement Advisory 2016-09-21 18:07:25 UTC

Description Yurii Prokulevych 2016-08-04 11:45:34 UTC
Description of problem:
-----------------------
The keystone methods to get a client with a trust is broken, and simply use service credentials while ignoring the trust. We can't load the options directly from the configuration, we need to build a auth plugin manually.

Version-Release number of selected component (if applicable):
-------------------------------------------------------------
openstack-aodh-evaluator-2.0.3-2.el7ost.noarch
python-aodh-2.0.3-2.el7ost.noarch
openstack-aodh-notifier-2.0.3-2.el7ost.noarch
openstack-aodh-common-2.0.3-2.el7ost.noarch
openstack-aodh-api-2.0.3-2.el7ost.noarch
openstack-aodh-listener-2.0.3-2.el7ost.noarch
python-aodhclient-0.5.0-1.el7ost.noarch

Comment 1 Eoghan Glynn 2016-08-05 13:18:53 UTC
*** Bug 1363888 has been marked as a duplicate of this bug. ***

Comment 2 Mehdi ABAAKOUK 2016-08-05 13:45:18 UTC
State of this:
* We backport the workaround about keystoneauth ignoring the trust_id https://review.openstack.org/#/c/351029/
* We make this backport working when auth-type = password-aodh-legacy https://review.openstack.org/#/c/351068/
* We test it upstream in our gate integration job: https://review.openstack.org/#/c/351221/ (It works but auth-type = password)

Now that still won't work with aodh configured by OSPd, so something else occurs or the fix https://review.openstack.org/#/c/351068/ don't work as expected.

Comment 4 Julien Danjou 2016-08-12 13:02:20 UTC
If the fixes are good enough, updating the package to Aodh 2.0.4 (which has the backports Mehdi did) should be enough.

The upstream release is being pushed at https://review.openstack.org/354712

Once that's done, the package can be updated.

Comment 8 Mehdi ABAAKOUK 2016-09-06 07:55:15 UTC
We need to wait next 2.0.5 upstream release once https://review.openstack.org/#/c/365640/ have been merged.

Comment 9 Steve Baker 2016-09-07 22:03:59 UTC
*** Bug 1367138 has been marked as a duplicate of this bug. ***

Comment 10 Mehdi ABAAKOUK 2016-09-12 07:24:26 UTC
2.0.5 will be released upstream soon, with the fix https://review.openstack.org/#/c/368068/

Comment 12 Yurii Prokulevych 2016-09-15 15:27:20 UTC
Verified with packages:
-----------------------
openstack-aodh-api-2.0.5-1.el7ost.noarch
openstack-aodh-evaluator-2.0.5-1.el7ost.noarch
openstack-aodh-common-2.0.5-1.el7ost.noarch
openstack-aodh-listener-2.0.5-1.el7ost.noarch
python-aodh-2.0.5-1.el7ost.noarch
openstack-aodh-notifier-2.0.5-1.el7ost.noarch

Alarm actions :
---------------
'trust+http://a743e2562d8f4e9aa368b8cf1c418c01:delete@192.0.2.15:8004/v1/0848f706d3f54bd1ae6c49770be6927c/stacks/my-stack/9399c2a8-7714-4251-a5cc-79cb9872f746/resources/web_server_scaledown_policy/signal'

'trust+http://ae8e6d2e1d7b4fddb6e28aafbc6af713:delete@192.0.2.15:8004/v1/0848f706d3f54bd1ae6c49770be6927c/stacks/my-stack/9399c2a8-7714-4251-a5cc-79cb9872f746/resources/web_server_scaleup_policy/signal'

Excerpt from heat-api.log:
--------------------------


2016-09-15 14:54:06.905 4658 INFO eventlet.wsgi.server [req-9db24e1a-a5da-4bec-90e2-9994b3732c3b - admin - default default] 192.0.2.19 - - [15/Sep/2016 14:54:06] "POST /v1/0848f706d3f54bd1ae6c49770be6927c/stacks/my-stack/9399c2a8-7714-4251-a5cc-79cb9872f746/resources/web_server_scaleup_policy/signal HTTP/1.1" 200 192 0.654613
...
2016-09-15 15:22:08.930 9816 INFO eventlet.wsgi.server [req-da17452d-015d-4d0a-b63a-e765c033d8b1 - admin - default default] 192.0.2.19 - - [15/Sep/2016 15:22:08] "POST /v1/0848f706d3f54bd1ae6c49770be6927c/stacks/my-stack/9399c2a8-7714-4251-a5cc-79cb9872f746/resources/web_server_scaledown_policy/signal HTTP/1.1" 200 192 0.562805

Comment 14 errata-xmlrpc 2016-09-21 14:09:17 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-1915.html


Note You need to log in before you can comment on or make changes to this bug.