Skip to content
This repository has been archived by the owner. It is now read-only.

OpenStack modules don't work with cloud specified auth #5250

Closed
jackivanov opened this issue Oct 13, 2016 · 8 comments

Comments

Projects
None yet
4 participants
@jackivanov
Copy link

commented Oct 13, 2016

ISSUE TYPE
  • Bug Report
COMPONENT NAME

os_keystone_service, os_user, etc..

ANSIBLE VERSION
ansible 2.2.0
  config file = 
  configured module search path = Default w/o overrides
CONFIGURATION
[defaults]
hostfile = hosts
host_key_checking = False
retry_files_enabled = False
#deprecation_warnings=False
#display_skipped_hosts=False

[paramiko_connection]
record_host_keys = False

[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null  -o IdentitiesOnly=yes
SUMMARY

I get an error with modules for OpenStack. openstack cli works well with the same parameters

STEPS TO REPRODUCE
- os_keystone_service:
    cloud: local_bypass
    state: present
    name: keystone
    service_type: identity
    description: 'OpenStack Identity'
[root@domain ~]# cat /etc/openstack/clouds.yaml 
clouds:
  local_bypass:
    auth_type: token_endpoint
    identity_api_version: 3
    auth:
      token: QWESDFwse423fs
      url: http://domain.com:35357/v3
EXPECTED RESULTS

Create a service suceffull

ACTUAL RESULTS
fatal: [domain.com]: FAILED! => {
    "changed": false, 
    "failed": true, 
    "invocation": {
        "module_args": {
            "api_timeout": null, 
            "auth": null, 
            "auth_type": null, 
            "availability_zone": null, 
            "cacert": null, 
            "cert": null, 
            "cloud": "local_bypass", 
            "description": "OpenStack Identity", 
            "enabled": true, 
            "endpoint_type": "public", 
            "key": null, 
            "name": "keystone", 
            "region_name": null, 
            "service_type": "identity", 
            "state": "present", 
            "timeout": 180, 
            "verify": true, 
            "wait": true
        }, 
        "module_name": "os_keystone_service"
    }, 
    "msg": "Problem with auth parameters"
}

but with openstack-cli it works well

# openstack --os-cloud local_bypass service create --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Identity               |
| enabled     | True                             |
| id          | c70acc58b250421d8084c2a26f358e88 |
| name        | keystone                         |
| type        | identity                         |
+-------------+----------------------------------+
@jackivanov

This comment has been minimized.

Copy link
Author

commented Oct 13, 2016

The same behavior if use credentials directly in the module:

- os_keystone_service:
    auth_type: token_endpoint
    auth:
      token: QWESDFwse423fs
      url: http://domain.com:35357/v3
    state: present
    name: keystone
    service_type: identity
    description: 'OpenStack Identity'
fatal: [domain.com]: FAILED! => {
    "changed": false, 
    "failed": true, 
    "invocation": {
        "module_args": {
            "api_timeout": null, 
            "auth": {
                "token": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
                "url": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
            }, 
            "auth_type": "token_endpoint", 
            "availability_zone": null, 
            "cacert": null, 
            "cert": null, 
            "cloud": null, 
            "description": "OpenStack Identity", 
            "enabled": true, 
            "endpoint_type": "public", 
            "key": null, 
            "name": "keystone", 
            "region_name": null, 
            "service_type": "identity", 
            "state": "present", 
            "timeout": 180, 
            "verify": true, 
            "wait": true
        }, 
        "module_name": "os_keystone_service"
    }, 
    "msg": "Problem with auth parameters"
}

@jackivanov jackivanov closed this Oct 13, 2016

@jackivanov jackivanov reopened this Oct 13, 2016

@ansibot

This comment has been minimized.

Copy link

commented Oct 13, 2016

@emonty, @Shrews, @juliakreger, @j2sol, @rcarrillocruz, ping. This issue is waiting on your response.
click here for bot help

@emonty

This comment has been minimized.

Copy link
Contributor

commented Oct 24, 2016

Made a patch here:
https://review.openstack.org/390148

token_endpoint isn't actually a valid auth plugin - it is a python-openstackclient specific thing. However, it's still a pretty crappy experience for the user to hit against that - so I think making os-client-config do what you meant there is fair.

@ansibot

This comment has been minimized.

Copy link

commented Oct 29, 2016

@emonty, @Shrews, @juliakreger, @j2sol, @rcarrillocruz, ping. This issue is still waiting on your response.
click here for bot help

openstack-gerrit pushed a commit to openstack/os-client-config that referenced this issue Oct 31, 2016

Support token_endpoint as an auth_type
For backwards compat with what operators have been trained to do, map
token_endpoint to admin_token for them. This has shown up a few times in
the wild. Most recently:

ansible/ansible-modules-core#5250

Change-Id: Ie083381e7fda19e016b6425939bd3c2dc260fa9b
@ansibot

This comment has been minimized.

Copy link

commented Nov 13, 2016

@emonty, @Shrews, @juliakreger, @j2sol, @rcarrillocruz, ping. This issue is still waiting on your response.
click here for bot help

@ansibot ansibot added the openstack label Nov 18, 2016

@ansibot

This comment has been minimized.

Copy link

commented Nov 29, 2016

@emonty, @Shrews, @juliakreger, @j2sol, @rcarrillocruz, @Thingee, ping. This issue is still waiting on your response.
click here for bot help

@ansibot

This comment has been minimized.

Copy link

commented Dec 7, 2016

This repository has been locked. All new issues and pull requests should be filed in https://github.com/ansible/ansible

Please read through the repomerge page in the dev guide. The guide contains links to tools which automatically move your issue or pull request to the ansible/ansible repo.

@Thingee

This comment has been minimized.

Copy link

commented Dec 21, 2016

This issue was moved to ansible/ansible#19617

@ansibot ansibot closed this Jan 2, 2017

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.