[Bug 2086520] Re: Heat Appends Duplicate '/v3' to Keystone Endpoint URL, Causing Authorization Failure

sowmya 2086520 at bugs.launchpad.net
Fri Nov 15 08:18:52 UTC 2024


Fix has been merged into the upstream repository:
https://review.opendev.org/c/openstack/heat/+/933986

** Changed in: heat (Ubuntu)
     Assignee: (unassigned) => sowmya (sowmya.nethi)

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to heat in Ubuntu.
https://bugs.launchpad.net/bugs/2086520

Title:
  Heat Appends Duplicate '/v3' to Keystone Endpoint URL, Causing
  Authorization Failure

Status in heat package in Ubuntu:
  New

Bug description:
  Description
  ==========
  Heat erroneously appends /v3 to the Keystone endpoint URL, even when the version is already included, resulting in a malformed URL and subsequent communication issues.

  When creating a Kubernetes cluster using Magnum, the VMs created as
  part of the Heat stack attempt to communicate with the Keystone URL,
  which is determined by the server_keystone_endpoint_type setting in
  heat.conf. The issue arises in the file
  heat/engine/clients/os/keystone/heat_keystoneclient.py, where the
  Keystone URL is fetched from the service catalog. The following code
  snippet demonstrates the problem:

  def server_keystone_endpoint_url(self, fallback_endpoint):
      ks_endpoint_type = cfg.CONF.server_keystone_endpoint_type
      if (ks_endpoint_type in ['public', 'internal', 'admin']):
          if (hasattr(self.context, 'auth_plugin') and
                  hasattr(self.context.auth_plugin, 'get_access')):
              try:
                  auth_ref = self.context.auth_plugin.get_access(self.session)
                  if hasattr(auth_ref, "service_catalog"):
                      unversioned_sc_auth_uri = (
                          auth_ref.service_catalog.get_urls(
                              service_type='identity',
                              interface=ks_endpoint_type))
                      if len(unversioned_sc_auth_uri) > 0:
                          sc_auth_uri = (
                              unversioned_sc_auth_uri[0] + "/v3")
                          return sc_auth_uri

  The issue leads to the Heat stack creation process failing, as the VMs
  try to connect to a Keystone URL with a duplicated /v3, resulting in
  authorization errors. The following error message is logged in the VM:

  Sep 30 05:19:40 new-cluster1-taypswwfmte6-master-0 heat-container-agent[2624]: Authorization failed: Not Found (HTTP 404) (Request-ID: req-108d6dda-f180-493a-ba10-4afb59ecfd56)
  Sep 30 05:19:40 new-cluster1-taypswwfmte6-master-0 podman[2605]: /var/lib/os-collect-config/local-data not found. Skipping

  This issue specifically occurs when the Keystone endpoint URL already
  ends with /v3.

  Here is the commit : https://opendev.org/openstack/heat/commit/c79e1db

  Steps to Reproduce
  ===============
  Create or deploy a Kubernetes cluster using Magnum. 
  Below are the commands for template and cluster creation
  1. openstack coe cluster template create new-cluster-template1 \
            --image magnum-fedora-coreos-40  \
            --external-network  PUBLICNET \
            --dns-nameserver 8.8.8.8 \
            --master-flavor gp.0.4.8 \
            --flavor gp.0.4.8  \
            --network-driver calico \
            --volume-driver cinder \
            --docker-volume-size 3 \
            --coe kubernetes

  2. openstack coe cluster create new-cluster1 \
            --cluster-template new-cluster-template1 \
            --master-count 1 \
            --node-count 1 \
            --master-flavor gp.0.4.8 --keypair test-mykey --labels kube_tag=v1.27.8-rancher2,container_runtime=containerd,containerd_version=1.6.28,containerd_tarball_sha256=f70736e52d61e5ad225f4fd21643b5ca1220013ab8b6c380434caeefb572da9b,cloud_provider_tag=v1.27.3,cinder_csi_plugin_tag=v1.27.3,k8s_keystone_auth_tag=v1.27.3,magnum_auto_healer_tag=v1.27.3,octavia_ingress_controller_tag=v1.27.3,calico_tag=v3.26.4

  Expected Result
  ===========
  The cluster creation process is successful without any errors.

  Actual Result
  ===========
  Cluster creation fails due to the VM's inability to communicate with the malformed Keystone URL containing duplicate /v3.

  Environment
  ===========
  OpenStack Heat 2024.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/heat/+bug/2086520/+subscriptions




More information about the Ubuntu-openstack-bugs mailing list