hi,all
My env is contrail3.0 + openstack M
I encounter an issue which is similar to
https://bugs.launchpad.net/opencontrail/+bug/1590790
when I remove all the security groups of a VM.
If this is not the first time, in another hand, when I remove security
groups if the __no_rule__ security is already exist,the operation would be
failed and raise RefsExistError
this is because,the request without admin role there is no permission to
read __no_rule__ security, and then attempt to create it which already exist.
In fact, the tenant has the admin role.
the contrail2.20 there is no the issue,so I check the code I found this is
because we disable auth=keystone in contrail-api.conf and 'HTTP_X_ROLE'
Deprecated in Mitaka of openstack.
disable auth=keystone,in contrail2.20 would add 'admin' role into the
header for all requests to see all resources (those code is delete in
contrail3.0)
enable auth=keystone,while auth_middleware.get_admin_token() raise
AttributeError: 'AuthProtocol' object has no attribute 'get_admin_token'
So,
1. how can I fix the issue while diable auth in contrail-api.conf ?
2. if enable auth=keystone, how to integrate with Mitaka ?
any help would be appreciated
Keyang Li
l...@certusnet.com.cn
_______________________________________________
Dev mailing list
Dev@lists.opencontrail.org
http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
