[Yahoo-eng-team] [Bug 1501672] Re: v2 image download returns 403 when 'get_image_locations' policy set
** Changed in: glance Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1501672 Title: v2 image download returns 403 when 'get_image_locations' policy set Status in Glance: Fix Released Status in Glance kilo series: In Progress Bug description: when get_image_location is set role:admin a regular users sees: $ glance --os-image-api-version 2 image-download 33fd3f1a-4924-4078-9d57-d7f6db4d015b 403 Forbidden: You are not authorized to complete this action. (HTTP 403) v1 works ok. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1501672/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1503974] [NEW] no such option: consoleauth_topic
Public bug reported: [gongysh@fedora22 nova]$ /usr/bin/nova-consoleauth --config-file /etc/nova/nova.conf No handlers could be found for logger "oslo_config.cfg" 2015-10-08 14:25:50.996 31923 CRITICAL nova [-] NoSuchOptError: no such option: consoleauth_topic 2015-10-08 14:25:50.996 31923 ERROR nova Traceback (most recent call last): 2015-10-08 14:25:50.996 31923 ERROR nova File "/usr/bin/nova-consoleauth", line 10, in 2015-10-08 14:25:50.996 31923 ERROR nova sys.exit(main()) 2015-10-08 14:25:50.996 31923 ERROR nova File "/mnt/data3/opt/stack/nova/nova/cmd/consoleauth.py", line 40, in main 2015-10-08 14:25:50.996 31923 ERROR nova topic=CONF.consoleauth_topic) 2015-10-08 14:25:50.996 31923 ERROR nova File "/usr/lib/python2.7/site-packages/oslo_config/cfg.py", line 1902, in __getattr__ 2015-10-08 14:25:50.996 31923 ERROR nova raise NoSuchOptError(name) 2015-10-08 14:25:50.996 31923 ERROR nova NoSuchOptError: no such option: consoleauth_topic 2015-10-08 14:25:50.996 31923 ERROR nova ** Affects: nova Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1503974 Title: no such option: consoleauth_topic Status in OpenStack Compute (nova): New Bug description: [gongysh@fedora22 nova]$ /usr/bin/nova-consoleauth --config-file /etc/nova/nova.conf No handlers could be found for logger "oslo_config.cfg" 2015-10-08 14:25:50.996 31923 CRITICAL nova [-] NoSuchOptError: no such option: consoleauth_topic 2015-10-08 14:25:50.996 31923 ERROR nova Traceback (most recent call last): 2015-10-08 14:25:50.996 31923 ERROR nova File "/usr/bin/nova-consoleauth", line 10, in 2015-10-08 14:25:50.996 31923 ERROR nova sys.exit(main()) 2015-10-08 14:25:50.996 31923 ERROR nova File "/mnt/data3/opt/stack/nova/nova/cmd/consoleauth.py", line 40, in main 2015-10-08 14:25:50.996 31923 ERROR nova topic=CONF.consoleauth_topic) 2015-10-08 14:25:50.996 31923 ERROR nova File "/usr/lib/python2.7/site-packages/oslo_config/cfg.py", line 1902, in __getattr__ 2015-10-08 14:25:50.996 31923 ERROR nova raise NoSuchOptError(name) 2015-10-08 14:25:50.996 31923 ERROR nova NoSuchOptError: no such option: consoleauth_topic 2015-10-08 14:25:50.996 31923 ERROR nova To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1503974/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1503975] [NEW] no such option: consoleauth_topic
Public bug reported: [gongysh@fedora22 nova]$ /usr/bin/nova-consoleauth --config-file /etc/nova/nova.conf No handlers could be found for logger "oslo_config.cfg" 2015-10-08 14:25:50.996 31923 CRITICAL nova [-] NoSuchOptError: no such option: consoleauth_topic 2015-10-08 14:25:50.996 31923 ERROR nova Traceback (most recent call last): 2015-10-08 14:25:50.996 31923 ERROR nova File "/usr/bin/nova-consoleauth", line 10, in 2015-10-08 14:25:50.996 31923 ERROR nova sys.exit(main()) 2015-10-08 14:25:50.996 31923 ERROR nova File "/mnt/data3/opt/stack/nova/nova/cmd/consoleauth.py", line 40, in main 2015-10-08 14:25:50.996 31923 ERROR nova topic=CONF.consoleauth_topic) 2015-10-08 14:25:50.996 31923 ERROR nova File "/usr/lib/python2.7/site-packages/oslo_config/cfg.py", line 1902, in __getattr__ 2015-10-08 14:25:50.996 31923 ERROR nova raise NoSuchOptError(name) 2015-10-08 14:25:50.996 31923 ERROR nova NoSuchOptError: no such option: consoleauth_topic 2015-10-08 14:25:50.996 31923 ERROR nova ** Affects: nova Importance: Undecided Assignee: yong sheng gong (gongysh) Status: In Progress ** Changed in: nova Assignee: (unassigned) => yong sheng gong (gongysh) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1503975 Title: no such option: consoleauth_topic Status in OpenStack Compute (nova): In Progress Bug description: [gongysh@fedora22 nova]$ /usr/bin/nova-consoleauth --config-file /etc/nova/nova.conf No handlers could be found for logger "oslo_config.cfg" 2015-10-08 14:25:50.996 31923 CRITICAL nova [-] NoSuchOptError: no such option: consoleauth_topic 2015-10-08 14:25:50.996 31923 ERROR nova Traceback (most recent call last): 2015-10-08 14:25:50.996 31923 ERROR nova File "/usr/bin/nova-consoleauth", line 10, in 2015-10-08 14:25:50.996 31923 ERROR nova sys.exit(main()) 2015-10-08 14:25:50.996 31923 ERROR nova File "/mnt/data3/opt/stack/nova/nova/cmd/consoleauth.py", line 40, in main 2015-10-08 14:25:50.996 31923 ERROR nova topic=CONF.consoleauth_topic) 2015-10-08 14:25:50.996 31923 ERROR nova File "/usr/lib/python2.7/site-packages/oslo_config/cfg.py", line 1902, in __getattr__ 2015-10-08 14:25:50.996 31923 ERROR nova raise NoSuchOptError(name) 2015-10-08 14:25:50.996 31923 ERROR nova NoSuchOptError: no such option: consoleauth_topic 2015-10-08 14:25:50.996 31923 ERROR nova To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1503975/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1419047] Re: Error on nova compute on Power
[Expired for OpenStack Compute (nova) because there has been no activity for 60 days.] ** Changed in: nova Status: Incomplete => Expired -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1419047 Title: Error on nova compute on Power Status in OpenStack Compute (nova): Expired Bug description: I'm trying to deploy OpenStack in a Power 8 server on a single node. I've created 1 VM for MAAS, 1 VM for juju bootstrap and 4 VMs to use them as compute, ceph and to hold all the OpenStack services. I've deployed OpenStack and everything seemed to work fine, however, I don't see any hypervisor. When I check into the nova logs I find: 2015-02-06 11:36:25.499 54731 TRACE nova.openstack.common.threadgroup libvirtError: XML error: Missing CPU model name 2015-02-06 13:08:29.419 66757 TRACE nova.openstack.common.threadgroup File "/usr/lib/python2.7/dist-packages/nova/virt/libvirt/driver.py", line 2885, in get_host_capabilities 2015-02-06 13:08:29.419 66757 TRACE nova.openstack.common.threadgroup libvirt.VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES) To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1419047/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1503947] [NEW] firewall rule creation doesn't support ip version option on Horizon screen
Public bug reported: There is no item to enter the "ip version" in the rule creation screen of Firewall. - Image attached . Therefore , even if you enter the address of IPv6 to make rules, their "ip version" will be 4 . c.f. neutron firewall-rule-show: http://paste.openstack.org/show/475677/ In addition , there is no item of "ip version" also in the screen that displays the rules of detail. ** Affects: horizon Importance: Undecided Assignee: Reedip (reedip-banerjee) Status: New ** Tags: neutron ** Attachment added: "Screenshot from 2015-09-28 10:39:12.png" https://bugs.launchpad.net/bugs/1503947/+attachment/4488132/+files/Screenshot%20from%202015-09-28%2010%3A39%3A12.png ** Description changed: There is no item to enter the "ip version" in the rule creation screen of Firewall. - Image attached . Therefore , even if you enter the address of IPv6 to make rules, their - "ip version" will is 4 . + "ip version" will be 4 . c.f. neutron firewall-rule-show: http://paste.openstack.org/show/475677/ - - In addition , there is no item of "ip version" also in the screen that displays the rules of detail. + In addition , there is no item of "ip version" also in the screen that + displays the rules of detail. ** Summary changed: - firewall-rule-create doesn't support IPv6 + firewall rule create doesn't support IPv6 -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1503947 Title: firewall rule creation doesn't support ip version option on Horizon screen Status in OpenStack Dashboard (Horizon): New Bug description: There is no item to enter the "ip version" in the rule creation screen of Firewall. - Image attached . Therefore , even if you enter the address of IPv6 to make rules, their "ip version" will be 4 . c.f. neutron firewall-rule-show: http://paste.openstack.org/show/475677/ In addition , there is no item of "ip version" also in the screen that displays the rules of detail. To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1503947/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1503890] [NEW] test_policy assumes oslo.policy internal implementationd details
Public bug reported: Neutron assumes that oslo.policy uses urlrequest.urlopen() http://git.openstack.org/cgit/openstack/neutron/tree/neutron/tests/unit/test_policy.py#n108 http://git.openstack.org/cgit/openstack/neutron/tree/neutron/tests/unit/test_policy.py#n121 Unfortunately this assumption is bad as oslo.policy is now using requests.post() https://review.openstack.org/#/c/226122/ So these 2 tests will fail when we release next oslo.policy version for Mitaka ** Affects: neutron Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1503890 Title: test_policy assumes oslo.policy internal implementationd details Status in neutron: New Bug description: Neutron assumes that oslo.policy uses urlrequest.urlopen() http://git.openstack.org/cgit/openstack/neutron/tree/neutron/tests/unit/test_policy.py#n108 http://git.openstack.org/cgit/openstack/neutron/tree/neutron/tests/unit/test_policy.py#n121 Unfortunately this assumption is bad as oslo.policy is now using requests.post() https://review.openstack.org/#/c/226122/ So these 2 tests will fail when we release next oslo.policy version for Mitaka To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1503890/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1503862] [NEW] VPNaaS: Enhance error checking on subnet changes
Public bug reported: Currently, if the CIDR of a subnet changes, and that subnet is used by VPN, there is no checking performed. Should add a notification for subnet CIDR changes and either block the change, if in use by VPN service/endpoint group, or to cause a sync operation in VPN so that existing connections are updated (if possible). I'm not sure which would be better. Need to ensure that we don't disrupt any existing IPSec connections that have not changed. Need to ensure this supports the new endpoint group capability for VPNaaS, where local subnets are specified in endpoint groups (versus the older method of a sole subnet being associated with a VPN service). ** Affects: neutron Importance: Undecided Status: New ** Tags: vpnaas -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1503862 Title: VPNaaS: Enhance error checking on subnet changes Status in neutron: New Bug description: Currently, if the CIDR of a subnet changes, and that subnet is used by VPN, there is no checking performed. Should add a notification for subnet CIDR changes and either block the change, if in use by VPN service/endpoint group, or to cause a sync operation in VPN so that existing connections are updated (if possible). I'm not sure which would be better. Need to ensure that we don't disrupt any existing IPSec connections that have not changed. Need to ensure this supports the new endpoint group capability for VPNaaS, where local subnets are specified in endpoint groups (versus the older method of a sole subnet being associated with a VPN service). To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1503862/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1503852] [NEW] Do not use SQL IN on empty sequence
Public bug reported: According to a log warning[1] and logstash[2], neutron uses SQL IN operator on an empty list: SAWarning: The IN-predicate on "ports.id" was invoked with an empty sequence. This results in a contradiction, which nonetheless can be expensive to evaluate. Consider alternative strategies for improved performance.' which seems to have an effect on performance. [1] http://logs.openstack.org/82/228582/13/check/gate-neutron-python34/5b36c34/console.html [2] http://logstash.openstack.org/#eyJzZWFyY2giOiJtZXNzYWdlOiBcIlNBV2FybmluZzogVGhlIElOLXByZWRpY2F0ZSBvbiBcIiBBTkQgbWVzc2FnZTogXCJ3YXMgaW52b2tlZCB3aXRoIGFuIGVtcHR5IHNlcXVlbmNlXCIgQU5EIHByb2plY3Q6IFwib3BlbnN0YWNrL25ldXRyb25cIiIsImZpZWxkcyI6W10sIm9mZnNldCI6MCwidGltZWZyYW1lIjoiMTcyODAwIiwiZ3JhcGhtb2RlIjoiY291bnQiLCJ0aW1lIjp7InVzZXJfaW50ZXJ2YWwiOjB9LCJzdGFtcCI6MTQ0NDI0NzYwOTI4NH0= ** Affects: neutron Importance: Undecided Status: New ** Tags: db -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1503852 Title: Do not use SQL IN on empty sequence Status in neutron: New Bug description: According to a log warning[1] and logstash[2], neutron uses SQL IN operator on an empty list: SAWarning: The IN-predicate on "ports.id" was invoked with an empty sequence. This results in a contradiction, which nonetheless can be expensive to evaluate. Consider alternative strategies for improved performance.' which seems to have an effect on performance. [1] http://logs.openstack.org/82/228582/13/check/gate-neutron-python34/5b36c34/console.html [2] http://logstash.openstack.org/#eyJzZWFyY2giOiJtZXNzYWdlOiBcIlNBV2FybmluZzogVGhlIElOLXByZWRpY2F0ZSBvbiBcIiBBTkQgbWVzc2FnZTogXCJ3YXMgaW52b2tlZCB3aXRoIGFuIGVtcHR5IHNlcXVlbmNlXCIgQU5EIHByb2plY3Q6IFwib3BlbnN0YWNrL25ldXRyb25cIiIsImZpZWxkcyI6W10sIm9mZnNldCI6MCwidGltZWZyYW1lIjoiMTcyODAwIiwiZ3JhcGhtb2RlIjoiY291bnQiLCJ0aW1lIjp7InVzZXJfaW50ZXJ2YWwiOjB9LCJzdGFtcCI6MTQ0NDI0NzYwOTI4NH0= To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1503852/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1503847] [NEW] Python34 test failures in gate - Logging Error
Public bug reported: I am seeing "gate-neutron-python34" test failures again in neutron. http://logs.openstack.org/82/228582/13/check/gate-neutron- python34/5b36c34/console.html http://logs.openstack.org/82/228582/13/check/gate-neutron- python34/5b36c34/console.html#_2015-10-07_17_36_06_987 ** Affects: neutron Importance: Undecided Status: New ** Tags: py34 -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1503847 Title: Python34 test failures in gate - Logging Error Status in neutron: New Bug description: I am seeing "gate-neutron-python34" test failures again in neutron. http://logs.openstack.org/82/228582/13/check/gate-neutron- python34/5b36c34/console.html http://logs.openstack.org/82/228582/13/check/gate-neutron- python34/5b36c34/console.html#_2015-10-07_17_36_06_987 To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1503847/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1476770] Re: _translate_from_glance fails with "AttributeError: id" in grenade
** Changed in: python-glanceclient Status: Fix Released => New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1476770 Title: _translate_from_glance fails with "AttributeError: id" in grenade Status in Glance: Invalid Status in OpenStack-Gate: Fix Committed Status in oslo.vmware: Fix Released Status in python-glanceclient: New Bug description: http://logs.openstack.org/28/204128/2/check/gate-grenade- dsvm/80607dc/logs/old/screen-n-api.txt.gz?level=TRACE 2015-07-21 17:05:37.447 ERROR nova.api.openstack [req-9854210d-b9fc-47ff-9f00-1a0270266e2a tempest-ServersTestJSON-34270062 tempest-ServersTestJSON-745803609] Caught error: id 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack Traceback (most recent call last): 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/opt/stack/old/nova/nova/api/openstack/__init__.py", line 125, in __call__ 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack return req.get_response(self.application) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/webob/request.py", line 1317, in send 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack application, catch_exc_info=False) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/webob/request.py", line 1281, in call_application 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack app_iter = application(self.environ, start_response) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/webob/dec.py", line 144, in __call__ 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack return resp(environ, start_response) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/keystonemiddleware/auth_token/__init__.py", line 634, in __call__ 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack return self._call_app(env, start_response) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/keystonemiddleware/auth_token/__init__.py", line 554, in _call_app 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack return self._app(env, _fake_start_response) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/webob/dec.py", line 144, in __call__ 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack return resp(environ, start_response) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/webob/dec.py", line 144, in __call__ 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack return resp(environ, start_response) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/routes/middleware.py", line 136, in __call__ 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack response = self.app(environ, start_response) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/webob/dec.py", line 144, in __call__ 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack return resp(environ, start_response) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/webob/dec.py", line 130, in __call__ 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack resp = self.call_func(req, *args, **self.kwargs) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/webob/dec.py", line 195, in call_func 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack return self.func(req, *args, **kwargs) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/opt/stack/old/nova/nova/api/openstack/wsgi.py", line 756, in __call__ 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack content_type, body, accept) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/opt/stack/old/nova/nova/api/openstack/wsgi.py", line 821, in _process_stack 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack action_result = self.dispatch(meth, request, action_args) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/opt/stack/old/nova/nova/api/openstack/wsgi.py", line 911, in dispatch 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack return method(req=request, **action_args) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/opt/stack/old/nova/nova/api/openstack/compute/servers.py", line 636, in create 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack self._handle_create_exception(*sys.exc_info()) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/opt/stack/old/nova/nova/api/openstack/compute/serve
[Yahoo-eng-team] [Bug 1503712] Re: Error while deleting tenant in openstack Juno
I'm going to assume you're on a stable/kilo or older release of Keystone, but I'll refer to master's setup.cfg as well. If you got that configuration value from documentation somewhere, then we need to re- open this as a doc bug. Basically, you've set the trust driver to be a revocation driver, which can't be expected to work. The only supported backend driver for trusts is keystone.trust.backends.sql.Trust: https://github.com/openstack/keystone/blob/stable/kilo/etc/keystone.conf.sample#L1733 https://github.com/openstack/keystone/blob/01b5a711c3056a54e138f73ff5f78ff1827655ea/setup.cfg#L155-L156 Whereas you have a value intended to be used as a [revoke] driver: https://github.com/openstack/keystone/blob/stable/kilo/etc/keystone.conf.sample#L1495 https://github.com/openstack/keystone/blob/01b5a711c3056a54e138f73ff5f78ff1827655ea/setup.cfg#L172 ** Changed in: keystone Status: Incomplete => Invalid ** Tags removed: kestone -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1503712 Title: Error while deleting tenant in openstack Juno Status in Keystone: Invalid Bug description: Hi, When I'm trying to delete project with keystone: keystone tenant-delete radomirProject I get this error in keystone.log 2015-10-07 16:28:49.132 2465 INFO eventlet.wsgi.server [-] 10.0.2.60 - - [07/Oct/2015 16:28:49] "POST /v2.0/tokens HTTP/1.1" 200 2494 0.091314 2015-10-07 16:28:49.154 2455 INFO eventlet.wsgi.server [-] 10.0.2.60 - - [07/Oct/2015 16:28:49] "GET /v2.0/tenants/12a876bf668240de8bff9d9869bb4334 HTTP/1.1" 200 263 0.011250 2015-10-07 16:28:49.182 2455 ERROR keystone.common.wsgi [-] 'Revoke' object has no attribute 'list_trusts_for_trustee' 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi Traceback (most recent call last): 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 223, in __call__ 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi result = method(context, **params) 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/assignment/controllers.py", line 135, in delete_project 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi self.assignment_api.delete_project(tenant_id) 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/notifications.py", line 112, in wrapper 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi result = f(*args, **kwargs) 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/assignment/core.py", line 150, in delete_project 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi self._emit_invalidate_user_project_tokens_notification(payload) 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/notifications.py", line 124, in wrapper 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi public=self.public) 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/notifications.py", line 254, in _send_notification 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi notify_event_callbacks(service, resource_type, operation, payload) 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/notifications.py", line 204, in notify_event_callbacks 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi cb(service, resource_type, operation, payload) 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/token/provider.py", line 516, in _delete_user_project_tokens_callback 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi project_id=project_id) 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/token/persistence/core.py", line 167, in delete_tokens_for_user 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi for trust in self.trust_api.list_trusts_for_trustee(user_id): 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/manager.py", line 74, in __getattr__ 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi f = getattr(self.driver, name) 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi AttributeError: 'Revoke' object has no attribute 'list_trusts_for_trustee' 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1503712/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.
[Yahoo-eng-team] [Bug 1499856] Re: latest doa breaks with new db layout
** Changed in: horizon Status: Confirmed => Fix Released ** Changed in: django-openstack-auth Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1499856 Title: latest doa breaks with new db layout Status in django-openstack-auth: Fix Released Status in OpenStack Dashboard (Horizon): Fix Released Bug description: When upgrading to new horizon and doa, a mysql backed session engine sees this error: ERRORS: openstack_auth.User.keystone_user_id: (mysql.E001) MySQL does not allow unique CharFields to have a max_length > 255. To manage notifications about this bug go to: https://bugs.launchpad.net/django-openstack-auth/+bug/1499856/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1484196] Re: Re-enable test_firewall_insertion_mode_add_remove_router FwaaS test
Fix was committed during the Liberty cycle, with https://review.openstack.org/#/c/212145/ ** Changed in: neutron Status: New => Fix Committed ** Changed in: neutron Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1484196 Title: Re-enable test_firewall_insertion_mode_add_remove_router FwaaS test Status in neutron: Fix Released Bug description: After we resolve whatever is causing #1483875 https://review.openstack.org/#/c/211979/1 To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1484196/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1491307] Re: [OSSA 2015-021] secgroup rules doesn't work for instance immediately (CVE-2015-7713)
** Changed in: ossa Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1491307 Title: [OSSA 2015-021] secgroup rules doesn't work for instance immediately (CVE-2015-7713) Status in OpenStack Compute (nova): Fix Released Status in OpenStack Security Advisory: Fix Released Bug description: I have an OpenStack kilo setup on RHEL7.1 with a controller and a compute node (network-compute + network-network),the config is following: # /etc/nova.nova.conf on contrller node [DEFAULT] network_api_class = nova.network.api.API security_group_api = nova # /etc/nova/nova.conf on compute node [DEFAULT] network_api_class = nova.network.api.API security_group_api = nova firewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDriver network_manager = nova.network.manager.FlatDHCPManager network_size = 254 allow_same_net_traffic = False multi_host = True send_arp_for_ha = True share_dhcp_address = True force_dhcp_release = True flat_network_bridge = br100 flat_interface = eth0 public_interface = eth0 steps for test 1: 1) create and start VM instance-1 with secgroup default; 2) VM instance-1 ping br100: OK; 3) br100 ping VM instance-1: operation not permitted (because of no secgroup-rules for ICMP) 4) nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0 5) br100 ping VM instance-1: i got the same wrong message, not expected. steps for test 2: 1) nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0; 2) create and start VM instance-2 with secgroup default; 3) br100 ping instance-2: OK It seems that command "nova secgroup-add-rule ..." doesn't work immediately for the existed or running VM instances? To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1491307/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1408591] Re: AttributeError: "'Instance' object has no attribute 'get_flavor'" when call compute_api.update
Closing. Like Melanie said, the compute/api::update() method was removed in this commit: https://github.com/openstack/nova/commit/01d28bcadd3db9255dd46138caa4bd31837baaf1 ** Changed in: nova Status: In Progress => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1408591 Title: AttributeError: "'Instance' object has no attribute 'get_flavor'" when call compute_api.update Status in OpenStack Compute (nova): Invalid Bug description: In nova/notifications.py(370)info_from_instance(): The AttributeError: "'Instance' object has no attribute 'get_flavor'" throws on: instance_type = instance.get_flavor() The stacktrace is: -> self.compute_api.update(context, local_instance, **base_options) /usr/lib/python2.7/site-packages/nova/compute/api.py(235)wrapped() -> return func(self, context, target, *args, **kwargs) /usr/lib/python2.7/site-packages/nova/compute/api.py(1501)update() -> refs = self._update(context, instance, **kwargs) /usr/lib/python2.7/site-packages/nova/compute/api.py(1510)_update() -> instance_ref, service="api") /usr/lib/python2.7/site-packages/nova/notifications.py(146)send_update() -> old_display_name=old_display_name) /usr/lib/python2.7/site-packages/nova/notifications.py(226)_send_instance_update_notification() -> payload = info_from_instance(context, instance, None, None) > /usr/lib/python2.7/site-packages/nova/notifications.py(370)info_from_instance() -> instance_type = instance.get_flavor() I tried pass into the db instance and nova object instance, I believe this should be the defect. Please look into it. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1408591/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1503755] [NEW] Admin with project-scoped token unable to grant, check, list, revoke roles for domain group/user
Public bug reported: Prerequisites: 1)Create group and user in some domain 2)Create some test role 3)Grant test role to domain group and to domain user Steps to reproduce: 1)Get project-scoped token for admin user (using API: http://address:port/v3/auth/tokens) with header "Content-Type: application/json" and body { "auth": { "identity": { "methods": ["password"], "password": { "user": {" "name": "admin", "domain": { "id": "default" }, "password": "adminpwd" } } }, "scope": { "project": { "name": "project_name", "domain": { "id": "default" } } } } } 2)Using token from step 1 (from header "X-Subject-Token") check role for domain group/user (HEAD type of request, API: http://address:port/v3/domains/{domain_id}/groups/{group_id}/roles/{role_id} and API: http://address:port/v3/domains/{domain_id}/users/{user_id}/roles/{role_id}) with headers "Content-Type: application/json" and "X-Auth-Token: token_from_step_1" Expected result: Admin with project-scoped should be able to check role for domain group/user Actual result: Admin with project-scoped can't check role for domain group/user - there is 403 HTTP code (Forbidden) and "No response received" in body of response 3)Using token from step 1 (from header "X-Subject-Token") list roles for domain group/user (HEAD type of request, API: http://address:port/v3/domains/{domain_id}/groups/{group_id}/roles and API: http://address:port/v3/domains/{domain_id}/users/{user_id}/roles) with headers "Content-Type: application/json" and "X-Auth-Token: token_from_step_1" Expected result: Admin with project-scoped should be able to list roles for domain group/user Actual result: Admin with project-scoped can't list roles for domain group/user - there is 403 HTTP code (Forbidden) and following body of response: { "error": { "message": "You are not authorized to perform the requested action: identity:list_grants (Disable debug mode to suppress these details.)", "code": 403, "title": "Forbidden" } } But admin with domain-scoped token can check and list roles for domain group/user. And can check and list roles for project group/user. In policy.json are following: "admin_on_project_filter" : "rule:cloud_admin or (rule:admin_required and (project_id:%(scope.project.id)s or domain_id:%(target.project.domain_id)s))", "check_grant": "rule:cloud_admin or rule:domain_admin_for_grants or rule:project_admin_for_grants", "list_grants": "rule:cloud_admin or rule:domain_admin_for_grants or rule:project_admin_for_grants", ** Affects: keystone Importance: Undecided Status: New ** Description changed: Prerequisites: 1)Create group and user in some domain 2)Create some test role 3)Grant test role to domain group and to domain user Steps to reproduce: 1)Get project-scoped token for admin user (using API: http://address:port/v3/auth/tokens) with header "Content-Type: application/json" and body { "auth": { - "identity": { - "methods": ["password"], - "password": { - "user": {" - "name": "admin", - "domain": { "id": "default" }, - "password": "adminpwd" - } - } - }, - "scope": { - "project": { - "name": "project_name", - "domain": { "id": "default" } - } - } - } + "identity": { + "methods": ["password"], + "password": { + "user": {" + "name": "admin", + "domain": { "id": "default" }, + "password": "adminpwd" + } + } + }, + "scope": { + "project": { + "name": "project_name", + "domain": { "id": "default" } + } + } + } } 2)Using token from step 1 (from header "X-Subject-Token") check role for domain group/user (HEAD type of request, API: http://address:port/v3/domains/{domain_id}/groups/{group_id}/roles/{role_id} and API: http://address:port/v3/domains/{domain_id}/users/{user_id}/roles/{role_id}) with headers "Content-Type: application/json" and "X-Auth-Token: token_from_step_1" Expected result: Admin with project-scoped should be able to check role for domain group/user Actual result: Admin with project-scoped can't check role for domain group/user - there is 403 HTTP code (Forbidden) and "No response received" in body of response 3)Using token from step 1 (from header "X-Subject-Token") list roles for domain group/user (HEAD type of request, API: http://address:port/v3/domains/{domain_id}/groups/{group_id}/roles and API: http://address:port/v3/domains/{domain_id}/users/{user_id}/roles) with headers "Content-Type: application/json" and "X-Auth-Token: token_from_step_1" Expected result: Admin with project-scoped should be able to list roles for domain group/user Actual result: Admin with project-scoped can't list roles for domain group/user - the
[Yahoo-eng-team] [Bug 1503750] [NEW] OVS agent may report AttributeError if db_get_val fails in port_bound()
Public bug reported: If db_get_val fails for some reason, it returns None, and then we get AttributeError when trying to call .update() on it. > /var/log/neutron/openvswitch-agent.log-20151007:2015-10-07 11:28:38.589 27560 > ERROR neutron.agent.ovsdb.impl_vsctl > [req-f164f551-f0e9-4284-8e53-0ffd9591a21d - - - - -] Unable to execute > ['ovs-vsctl', '--timeout=10', '--oneline', '--format=json', '--', > '--columns=other_config', 'list', 'Port', u'tapb5c2c181-bb']. > /var/log/neutron/openvswitch-agent.log-20151007:2015-10-07 11:28:38.589 27560 > ERROR neutron.agent.ovsdb.impl_vsctl Traceback (most recent call last): > /var/log/neutron/openvswitch-agent.log-20151007:2015-10-07 11:28:38.589 27560 > ERROR neutron.agent.ovsdb.impl_vsctl File > "/usr/lib/python2.7/site-packages/neutron/agent/ovsdb/impl_vsctl.py", line > 63, in run_vsctl > /var/log/neutron/openvswitch-agent.log-20151007:2015-10-07 11:28:38.589 27560 > ERROR neutron.agent.ovsdb.impl_vsctl log_fail_as_error=False).rstrip() > /var/log/neutron/openvswitch-agent.log-20151007:2015-10-07 11:28:38.589 27560 > ERROR neutron.agent.ovsdb.impl_vsctl File > "/usr/lib/python2.7/site-packages/neutron/agent/linux/utils.py", line 158, in > execute > /var/log/neutron/openvswitch-agent.log-20151007:2015-10-07 11:28:38.589 27560 > ERROR neutron.agent.ovsdb.impl_vsctl raise RuntimeError(m) > /var/log/neutron/openvswitch-agent.log-20151007:2015-10-07 11:28:38.589 27560 > ERROR neutron.agent.ovsdb.impl_vsctl RuntimeError: > /var/log/neutron/openvswitch-agent.log-20151007:2015-10-07 11:28:38.589 27560 > ERROR neutron.agent.ovsdb.impl_vsctl Command: ['ovs-vsctl', '--timeout=10', > '--oneline', '--format=json', '--', '--columns=other_config', 'list', 'Port', > u'tapb5c2c181-bb'] > /var/log/neutron/openvswitch-agent.log-20151007:2015-10-07 11:28:38.589 27560 > ERROR neutron.agent.ovsdb.impl_vsctl Exit code: 1 > /var/log/neutron/openvswitch-agent.log-20151007:2015-10-07 11:28:38.589 27560 > ERROR neutron.agent.ovsdb.impl_vsctl > /var/log/neutron/openvswitch-agent.log-20151007:2015-10-07 11:28:38.589 27560 > ERROR neutron.agent.ovsdb.impl_vsctl > /var/log/neutron/openvswitch-agent.log-20151007:2015-10-07 11:28:38.590 27560 > ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent > [req-f164f551-f0e9-4284-8e53-0ffd9591a21d - - - - -] Error while processing > VIF ports > /var/log/neutron/openvswitch-agent.log-20151007:2015-10-07 11:28:38.590 27560 > ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent > Traceback (most recent call last): > /var/log/neutron/openvswitch-agent.log-20151007:2015-10-07 11:28:38.590 27560 > ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File > "/usr/lib/python2.7/site-packages/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py", > line 1725, in rpc_loop > /var/log/neutron/openvswitch-agent.log-20151007:2015-10-07 11:28:38.590 27560 > ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent > ovs_restarted) > /var/log/neutron/openvswitch-agent.log-20151007:2015-10-07 11:28:38.590 27560 > ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File > "/usr/lib/python2.7/site-packages/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py", > line 1451, in process_network_ports > /var/log/neutron/openvswitch-agent.log-20151007:2015-10-07 11:28:38.590 27560 > ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent > devices_added_updated, ovs_restarted)) > /var/log/neutron/openvswitch-agent.log-20151007:2015-10-07 11:28:38.590 27560 > ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File > "/usr/lib/python2.7/site-packages/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py", > line 1342, in treat_devices_added_or_updated > /var/log/neutron/openvswitch-agent.log-20151007:2015-10-07 11:28:38.590 27560 > ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent > ovs_restarted) > /var/log/neutron/openvswitch-agent.log-20151007:2015-10-07 11:28:38.590 27560 > ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File > "/usr/lib/python2.7/site-packages/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py", > line 1238, in treat_vif_port > /var/log/neutron/openvswitch-agent.log-20151007:2015-10-07 11:28:38.590 27560 > ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent > fixed_ips, device_owner, ovs_restarted) > /v
[Yahoo-eng-team] [Bug 1503741] [NEW] Admin with project-scoped token unable to list of users (got 401 HTTP Code)
Public bug reported: Steps to reproduce: 1)Get project-scoped token for admin user (using API: http://address:port/v3/auth/tokens) with header "Content-Type: application/json" and body { "auth": { "identity": { "methods": ["password"], "password": { "user": {" "name": "admin", "domain": { "id": "default" }, "password": "adminpwd" } } }, "scope": { "project": { "name": "project_name", "domain": { "id": "default" } } } } } 2)Using token from step 1 (from header "X-Subject-Token") get the list of users (API: http://address:port/v3/users) with headers "Content-Type: application/json" and "X-Auth-Token: token_from_step_1" Expected result: Admin with project-scoped should be able to list users Actual result: Admin with project-scoped can't list users - there is 401 HTTP code and following body of response { "error": { "message": "The request you have made requires authentication. (Disable debug mode to suppress these details.)", "code": 401, "title": "Unauthorized" } } But admin with domain-scoped can list users. In policy.json is following rule for list_users: "rule:admin_required" ** Affects: keystone Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1503741 Title: Admin with project-scoped token unable to list of users (got 401 HTTP Code) Status in Keystone: New Bug description: Steps to reproduce: 1)Get project-scoped token for admin user (using API: http://address:port/v3/auth/tokens) with header "Content-Type: application/json" and body { "auth": { "identity": { "methods": ["password"], "password": { "user": {" "name": "admin", "domain": { "id": "default" }, "password": "adminpwd" } } }, "scope": { "project": { "name": "project_name", "domain": { "id": "default" } } } } } 2)Using token from step 1 (from header "X-Subject-Token") get the list of users (API: http://address:port/v3/users) with headers "Content- Type: application/json" and "X-Auth-Token: token_from_step_1" Expected result: Admin with project-scoped should be able to list users Actual result: Admin with project-scoped can't list users - there is 401 HTTP code and following body of response { "error": { "message": "The request you have made requires authentication. (Disable debug mode to suppress these details.)", "code": 401, "title": "Unauthorized" } } But admin with domain-scoped can list users. In policy.json is following rule for list_users: "rule:admin_required" To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1503741/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1503712] [NEW] Cannot delete tenant in openstack Juno
Public bug reported: Hi, When I'm trying to delete project with keystone: keystone tenant-delete radomirProject I get this error in keystone.log 2015-10-07 16:28:49.132 2465 INFO eventlet.wsgi.server [-] 10.0.2.60 - - [07/Oct/2015 16:28:49] "POST /v2.0/tokens HTTP/1.1" 200 2494 0.091314 2015-10-07 16:28:49.154 2455 INFO eventlet.wsgi.server [-] 10.0.2.60 - - [07/Oct/2015 16:28:49] "GET /v2.0/tenants/12a876bf668240de8bff9d9869bb4334 HTTP/1.1" 200 263 0.011250 2015-10-07 16:28:49.182 2455 ERROR keystone.common.wsgi [-] 'Revoke' object has no attribute 'list_trusts_for_trustee' 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi Traceback (most recent call last): 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 223, in __call__ 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi result = method(context, **params) 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/assignment/controllers.py", line 135, in delete_project 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi self.assignment_api.delete_project(tenant_id) 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/notifications.py", line 112, in wrapper 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi result = f(*args, **kwargs) 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/assignment/core.py", line 150, in delete_project 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi self._emit_invalidate_user_project_tokens_notification(payload) 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/notifications.py", line 124, in wrapper 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi public=self.public) 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/notifications.py", line 254, in _send_notification 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi notify_event_callbacks(service, resource_type, operation, payload) 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/notifications.py", line 204, in notify_event_callbacks 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi cb(service, resource_type, operation, payload) 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/token/provider.py", line 516, in _delete_user_project_tokens_callback 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi project_id=project_id) 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/token/persistence/core.py", line 167, in delete_tokens_for_user 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi for trust in self.trust_api.list_trusts_for_trustee(user_id): 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/manager.py", line 74, in __getattr__ 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi f = getattr(self.driver, name) 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi AttributeError: 'Revoke' object has no attribute 'list_trusts_for_trustee' 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi ** Affects: keystone Importance: Undecided Status: New ** Tags: kestone -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1503712 Title: Cannot delete tenant in openstack Juno Status in Keystone: New Bug description: Hi, When I'm trying to delete project with keystone: keystone tenant-delete radomirProject I get this error in keystone.log 2015-10-07 16:28:49.132 2465 INFO eventlet.wsgi.server [-] 10.0.2.60 - - [07/Oct/2015 16:28:49] "POST /v2.0/tokens HTTP/1.1" 200 2494 0.091314 2015-10-07 16:28:49.154 2455 INFO eventlet.wsgi.server [-] 10.0.2.60 - - [07/Oct/2015 16:28:49] "GET /v2.0/tenants/12a876bf668240de8bff9d9869bb4334 HTTP/1.1" 200 263 0.011250 2015-10-07 16:28:49.182 2455 ERROR keystone.common.wsgi [-] 'Revoke' object has no attribute 'list_trusts_for_trustee' 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi Traceback (most recent call last): 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 223, in __call__ 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi result = method(context, **params) 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/assignment/controllers.py", line 135, in delete_project 2015-10-07 16:28:49.182 2455 TRACE keystone.common.wsgi self.a
[Yahoo-eng-team] [Bug 1503708] [NEW] InstanceV2 backports to V1 lack a context
Public bug reported: When we convert a V2 instance to a V1 instance, we don't provide it a context, which could, under some circumstances, cause a failure to lazy- load things we need to construct the older instance. ** Affects: nova Importance: High Assignee: Dan Smith (danms) Status: In Progress -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1503708 Title: InstanceV2 backports to V1 lack a context Status in OpenStack Compute (nova): In Progress Bug description: When we convert a V2 instance to a V1 instance, we don't provide it a context, which could, under some circumstances, cause a failure to lazy-load things we need to construct the older instance. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1503708/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1284986] Re: Filter of port details with field parameter as junk value is not throwing error
** Changed in: neutron Status: Incomplete => Confirmed ** Changed in: neutron Importance: Undecided => Medium ** Project changed: neutron => python-neutronclient ** Tags added: released-neutronclient -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1284986 Title: Filter of port details with field parameter as junk value is not throwing error Status in python-neutronclient: Confirmed Bug description: Description: neutron port-show would give us the details about particular port. When we filter the details of port by mentioning --field parameter, we get details of only mentioned field. When --field parameter value is given as junk, there is no error code and proper error message returned. Instead we get 200 as response code and improper error message Also if the junk field is mentioned along with one or more valid fields, it simply neglects the junk field as long as we give at least one valid field. Steps to reproduce: 1. Do neutron port-list and get list of ports to note ID of any one port 2. neutron port-show --field JUNK Actual Result: Response code 200 and Error message: "need more than 0 values to unpack" Expected Result: Must return 400 as response code as the request is a bad request. and Error message should be " The field parameter value entered is invalid" LOG: # A single invalid field REQ: curl -i http://127.0.0.1:9696/v2.0/ports/023f2108-3524-47b3-aa5a- ebe10d37deb9.json?fields=dedjfsdgfj -X GET -H "X-Auth-Token: " -H "Content-Type: application/json" -H "Accept: application/json" -H "User-Agent: python-neutronclient" RESP:{'date': 'Wed, 26 Feb 2014 05:22:08 GMT', 'status': '200', 'content-length': '12', 'content-type': 'application/json; charset=UTF-8', 'content-location': 'http://127.0.0.1:9696/v2.0/ports/023f2108-3524-47b3-aa5a- ebe10d37deb9.json?fields=dedjfsdgfj'} {"port": {}} need more than 0 values to unpack venkater@ravi-tempest-devstack2:~$ - # Interestingly it simply neglects a junk filed as long as you give at least one valid field! This holds even with more valid fields. curl -i http://127.0.0.1:9696/v2.0/ports/023f2108-3524-47b3-aa5a- ebe10d37deb9.json?fields=id&fields=dedjfsdgfj -X GET -H "X-Auth-Token: " -H "Content-Type: application/json" -H "Accept: application/json" -H "User-Agent: python-neutronclient" RESP:{'date': 'Wed, 26 Feb 2014 05:29:16 GMT', 'status': '200', 'content-length': '56', 'content-type': 'application/json; charset=UTF-8', 'content-location': 'http://127.0.0.1:9696/v2.0/ports/023f2108-3524-47b3-aa5a- ebe10d37deb9.json?fields=id&fields=dedjfsdgfj'} {"port": {"id": "023f2108-3524-47b3-aa5a-ebe10d37deb9"}} # Giving id , junk and another valid field curl -i http://127.0.0.1:9696/v2.0/ports/023f2108-3524-47b3-aa5a-ebe10d37deb9.json?fields=id&fields=nnnjsj&fields=name -X GET -H "X-Auth-Token: " -H "Content-Type: application/json" -H "Accept: application/json" -H "User-Agent: python-neutronclient" RESP:{'date': 'Wed, 26 Feb 2014 05:35:01 GMT', 'status': '200', 'content-length': '108', 'content-type': 'application/json; charset=UTF-8', 'content-location': 'http://127.0.0.1:9696/v2.0/ports/023f2108-3524-47b3-aa5a- ebe10d37deb9.json?fields=id&fields=nnnjsj&fields=name'} {"port": {"id": "023f2108-3524-47b3-aa5a-ebe10d37deb9", "name": "vip- 20da0078-e8e0-4ef8-9d65-a03e54850d45"}} To manage notifications about this bug go to: https://bugs.launchpad.net/python-neutronclient/+bug/1284986/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1213590] Re: Add support for Client_ID DHCP option
*** This bug is a duplicate of bug 1447105 *** https://bugs.launchpad.net/bugs/1447105 ** This bug has been marked a duplicate of bug 1447105 dhcp agent doesn't support client identifier option -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1213590 Title: Add support for Client_ID DHCP option Status in neutron: Incomplete Bug description: Add a a follow-up patch for Neutron Extra DHCP opts extension for setting Client ID. this will follow the patch https://review.openstack.org/#/c/30441/ ; Change-Id: I45fe7a16bc6c5975a765dd6a065558b9ba702e5b DHCP Server should be able to manage IP allocation based on Client ID instead of MAC. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1213590/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1209396] Re: dhcp-agent is too restrictive around metadata route injection
*** This bug is a duplicate of bug 1483939 *** https://bugs.launchpad.net/bugs/1483939 ** This bug has been marked a duplicate of bug 1483939 Allow host route injection of metadata server IP via DHCP -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1209396 Title: dhcp-agent is too restrictive around metadata route injection Status in neutron: Incomplete Bug description: When using the enable_isolated_metadata flag, if gateway-ip is set (implicitly or explicitly), dnsmasq will not inject the metadata route, presumably under the assumption that a subnet with a gateway will rely on the router owning the gateway IP to handle metadata routing. However, in our deployments we have found many valid use- cases for subnets with external routers but internal metadata via the metadata-agent. It seems that this scenario is exactly what "isolated metadata" should entail, but the current code checks for enable_isolated_metadata and that gateway-ip is not set. There is an awkward workaround to have an external gateway-ip and metadata route injection, by passing the defaultroute as a static host route, disabling the gateway-ip attribute and adjusting the allocation-pool to account for the gateway IP, like so: subnet-create --no-gateway --host-route \ destination=0.0.0.0/0,nexthop=x.x.x.1 --allocation-pool \ start=x.x.x.2,end=x.x.x.254 net1 x.x.x.0/24 Aside from the added complexity and administrative overhead of this workaround, it also fails entirely on certain images (such as the common Cirros image) using dhcp clients/configurations that don't understand the classless-static-route DHCP option, which is what --host-route uses, in addition to the metadata route injection. Given this limitation in such images, an acceptable compromise would be for at least the router-option to pass the default route always, and the metadata route to fail to be injected This gateway_ip check seems to be an unnecessary restriction. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1209396/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1261313] Re: prevent multiple neutron-netns-cleanup running simultaneously
It was actually the case since start: https://review.openstack.org/#/c/11651/ ** Changed in: neutron Status: Confirmed => Opinion ** Changed in: neutron Status: Opinion => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1261313 Title: prevent multiple neutron-netns-cleanup running simultaneously Status in neutron: Invalid Bug description: Debian Neutron has set a cron entry to invoke neutron-netns-cleanup every hour, in ordinary system, it works fine, but in our heavy stress test environment, I found there are over 10 neutron-netns-cleanup processes running. Can we introduce a lock which can prevent spawning new instance when there is already one running ? To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1261313/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1392527] Re: [OSSA 2015-017] Deleting instance while resize instance is running leads to unuseable compute nodes (CVE-2015-3280)
** Changed in: ossa Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1392527 Title: [OSSA 2015-017] Deleting instance while resize instance is running leads to unuseable compute nodes (CVE-2015-3280) Status in OpenStack Compute (nova): New Status in OpenStack Compute (nova) juno series: Fix Committed Status in OpenStack Compute (nova) kilo series: Fix Committed Status in OpenStack Security Advisory: Fix Released Bug description: Steps to reproduce: 1) Create a new instance,waiting until it’s status goes to ACTIVE state 2) Call resize API 3) Delete the instance immediately after the task_state is “resize_migrated” or vm_state is “resized” 4) Repeat 1 through 3 in a loop I have kept attached program running for 4 hours, all instances created are deleted (nova list returns empty list) but I noticed instances directories with the name “_resize> are not deleted from the instance path of the compute nodes (mainly from the source compute nodes where the instance was running before resize). If I keep this program running for couple of more hours (depending on the number of compute nodes), then it completely uses the entire disk of the compute nodes (based on the disk_allocation_ratio parameter value). Later, nova scheduler doesn’t select these compute nodes for launching new vms and starts reporting error "No valid hosts found". Note: Even the periodic tasks doesn't cleanup these orphan instance directories from the instance path. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1392527/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1467560] Re: RFE: add instance uuid field to nova.quota_usages table
** Changed in: nova Status: Won't Fix => New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1467560 Title: RFE: add instance uuid field to nova.quota_usages table Status in OpenStack Compute (nova): New Bug description: In Icehouse, the nova.quota_usages table frequently gets out-of-sync with the currently active/stopped instances in a tenant/project, specifically, there are times when the instance will be set to terminated/deleted in the instances table and the quota_usages table will retain the data, counting against the tenant's total quota. As far as I can tell there is no way to correlate instances.uuid with the records in nova.quota_usages. I propose adding an instance uuid column to make future cleanup of this table easier. I also propose a housecleaning task that does this clean up automatically. Thanks, Dan To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1467560/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1501672] Re: v2 image download returns 403 when 'get_image_locations' policy set
** Also affects: glance/kilo Importance: Undecided Status: New ** Changed in: glance/kilo Status: New => In Progress ** Changed in: glance/kilo Importance: Undecided => High -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1501672 Title: v2 image download returns 403 when 'get_image_locations' policy set Status in Glance: Fix Committed Status in Glance kilo series: In Progress Bug description: when get_image_location is set role:admin a regular users sees: $ glance --os-image-api-version 2 image-download 33fd3f1a-4924-4078-9d57-d7f6db4d015b 403 Forbidden: You are not authorized to complete this action. (HTTP 403) v1 works ok. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1501672/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1399706] Re: QoS on Juno with RBD backend dont work for VM
*** This bug is a duplicate of bug 1405367 *** https://bugs.launchpad.net/bugs/1405367 ** This bug has been marked a duplicate of bug 1405367 Rbd backend doesn't support disk IO qos -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1399706 Title: QoS on Juno with RBD backend dont work for VM Status in OpenStack Compute (nova): Confirmed Bug description: Hi, QoS for volume work with RBD but not for VM. So to solve this problem, you need to pass quota:disk_write_bytes_sec etc... extra parameters to VM. At ligne 645/usr/lib/python2.7/site- packages/nova/virt/libvirt/imagebackend.py add this at the end on the «libvirt_info» method add this extra code : Ex: def libvirt_info(self, disk_bus, disk_dev, device_type, cache_mode, extra_specs, hypervisor_version): ... if auth_enabled: info.auth_secret_type = 'ceph' info.auth_secret_uuid = CONF.libvirt.rbd_secret_uuid +tune_items = ['disk_read_bytes_sec', 'disk_read_iops_sec', +'disk_write_bytes_sec', 'disk_write_iops_sec', +'disk_total_bytes_sec', 'disk_total_iops_sec'] +for key, value in extra_specs.iteritems(): +scope = key.split(':') +if len(scope) > 1 and scope[0] == 'quota': +if scope[1] in tune_items: +setattr(info, scope[1], value) return info after this patch, if you «dumpxml VM ID» with virsh you got the missing ... Ex: virsh # dumpxml 2 ... 83886080 15000 ... Voilà... Ivan To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1399706/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1503642] [NEW] Firewall-Update command help content does not display "admin_state_up" argument
Public bug reported: Get the help contents of the firewall-update command stack@stevens-creek:~/firewall$ neutron help firewall-update usage: neutron firewall-update [-h] [--request-format {json,xml}] [--policy POLICY] [--router ROUTER | --no-routers] FIREWALL Update a given firewall. positional arguments: FIREWALL ID or name of firewall to update. optional arguments: -h, --helpshow this help message and exit --request-format {json,xml} The XML or JSON request format. --policy POLICY Firewall policy name or ID. --router ROUTER Firewall associated router names or IDs (requires FWaaS router insertion extension, this option can be repeated) --no-routers Associate no routers with the firewall (requires FWaaS router insertion extension) stack@stevens-creek:~/firewall$ Issue : --admin_state_up argument does not display in the contents Expected: Help contents should have --admin_state_up argumment since we are able to make firewall UP and DOWN by updating the --admin_state_up toTrue/False ** Affects: neutron Importance: Undecided Status: New ** Tags: fwaas -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1503642 Title: Firewall-Update command help content does not display "admin_state_up" argument Status in neutron: New Bug description: Get the help contents of the firewall-update command stack@stevens-creek:~/firewall$ neutron help firewall-update usage: neutron firewall-update [-h] [--request-format {json,xml}] [--policy POLICY] [--router ROUTER | --no-routers] FIREWALL Update a given firewall. positional arguments: FIREWALL ID or name of firewall to update. optional arguments: -h, --helpshow this help message and exit --request-format {json,xml} The XML or JSON request format. --policy POLICY Firewall policy name or ID. --router ROUTER Firewall associated router names or IDs (requires FWaaS router insertion extension, this option can be repeated) --no-routers Associate no routers with the firewall (requires FWaaS router insertion extension) stack@stevens-creek:~/firewall$ Issue : --admin_state_up argument does not display in the contents Expected: Help contents should have --admin_state_up argumment since we are able to make firewall UP and DOWN by updating the --admin_state_up toTrue/False To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1503642/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1501672] Re: v2 image download returns 403 when 'get_image_locations' policy set
** Also affects: glance/liberty Importance: Undecided Status: New ** No longer affects: glance/liberty ** Changed in: glance Milestone: None => liberty-rc2 -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1501672 Title: v2 image download returns 403 when 'get_image_locations' policy set Status in Glance: Fix Committed Bug description: when get_image_location is set role:admin a regular users sees: $ glance --os-image-api-version 2 image-download 33fd3f1a-4924-4078-9d57-d7f6db4d015b 403 Forbidden: You are not authorized to complete this action. (HTTP 403) v1 works ok. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1501672/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1503595] [NEW] Firewall remain in active state even after deleting router associated with firewall
Public bug reported: Steps to Reproduce: == 1. Create a network,subnet,router and add router interface 2. Create firewall rule 3. Create firewall Policy with the above firewall rule 4. Create firewall with above policy And make above route set to the firewall. 5. Then delete the router attached to the firewall and check the status of the firewall Issue : Firewall remain in ACTIVE state even though router id field is blank while getting the details of the firewall {code} stack@stevens-creek:~/firewall$ neutron firewall-list +--+-+--+ | id | name| firewall_policy_id | +--+-+--+ | 71746ed4-4e12-48c6-8db5-31543276058e | user-fw | 320f68ea-4947-484d-af32-5ead4f368348 | +--+-+--+ stack@stevens-creek:~/firewall$ neutron firewall-show user-fw ++--+ | Field | Value| ++--+ | admin_state_up | True | | description| | | firewall_policy_id | 320f68ea-4947-484d-af32-5ead4f368348 | | id | 71746ed4-4e12-48c6-8db5-31543276058e | | name | user-fw | | router_ids | | | status | ACTIVE | | tenant_id | 84dc1f66b8b34fb2a48e2dce7031f279 | ++--+ stack@stevens-creek:~/firewall$ {code} Expected : Firewall state should change to either pending or error state. ** Affects: neutron Importance: Undecided Status: New ** Tags: fwaas -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1503595 Title: Firewall remain in active state even after deleting router associated with firewall Status in neutron: New Bug description: Steps to Reproduce: == 1. Create a network,subnet,router and add router interface 2. Create firewall rule 3. Create firewall Policy with the above firewall rule 4. Create firewall with above policy And make above route set to the firewall. 5. Then delete the router attached to the firewall and check the status of the firewall Issue : Firewall remain in ACTIVE state even though router id field is blank while getting the details of the firewall {code} stack@stevens-creek:~/firewall$ neutron firewall-list +--+-+--+ | id | name| firewall_policy_id | +--+-+--+ | 71746ed4-4e12-48c6-8db5-31543276058e | user-fw | 320f68ea-4947-484d-af32-5ead4f368348 | +--+-+--+ stack@stevens-creek:~/firewall$ neutron firewall-show user-fw ++--+ | Field | Value| ++--+ | admin_state_up | True | | description| | | firewall_policy_id | 320f68ea-4947-484d-af32-5ead4f368348 | | id | 71746ed4-4e12-48c6-8db5-31543276058e | | name | user-fw | | router_ids | | | status | ACTIVE | | tenant_id | 84dc1f66b8b34fb2a48e2dce7031f279 | ++--+ stack@stevens-creek:~/firewall$ {code} Expected : Firewall state should change to either pending or error state. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1503595/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1500656] Re: neutron-lbaas devstack readme.md is out of date
** Changed in: neutron Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1500656 Title: neutron-lbaas devstack readme.md is out of date Status in neutron: Fix Released Bug description: The neutron-lbaas/devstack/README.md is missing the steps required to install the Octavia plugin under devstack. This can lead to confusion and failure because the service provider configuration setting has been updated to use Octavia in the plugin.sh devstack script. The user will see an error "no ready devices" if they missed the Octavia plugin steps. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1500656/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1501505] Re: Allow updating of TLS refs
** Changed in: neutron Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1501505 Title: Allow updating of TLS refs Status in neutron: Fix Released Bug description: A bug prevented updating of default_tls_container_ref and failing with a 503 This bug uncovered a few other issues with null key checks and complaints if sni_container_refs were not provided. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1501505/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1483100] Re: neutron-lbaas V2 lbaas-member-list returns all members, not just those for the specified pool
** Changed in: neutron Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1483100 Title: neutron-lbaas V2 lbaas-member-list returns all members, not just those for the specified pool Status in neutron: Fix Released Bug description: Boot 4 webserver instances. Create two loadbalancer stacks: lb1/listener1/pool1/[member1,member2] lb2/listener2/pool2/[member3,member4] Do "neutron lbaas-member-list pool1" and you will get all 4 instances. Likewise, "neutron lbaas-member-list pool2" will return the same 4 instances. The pool_id is being properly provided to the LBaaS API by the neutron client, but is not being assigned to the filter on the DB query. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1483100/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1503575] [NEW] switching projects via project switcher does not work
Public bug reported: I have a user, being member in 2 projects loggin in works, but when switching to the other project, I get a trace: [07/Oct/2015 07:30:46] "GET /auth/switch/5152e1ca69ad4c9c894becf2e60a6230/?next=/project/ HTTP/1.1" 302 0 Unable to retrieve project list. Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/openstack_auth/user.py", line 318, in authorized_tenants is_federated=self.is_federated) File "/usr/lib/python2.7/site-packages/openstack_auth/utils.py", line 139, in wrapper result = func(*args, **kwargs) File "/usr/lib/python2.7/site-packages/openstack_auth/utils.py", line 324, in get_project_list projects = client.tenants.list() File "/usr/lib/python2.7/site-packages/keystoneclient/v2_0/tenants.py", line 123, in list tenant_list = self._list('/tenants%s' % query, 'tenants') File "/usr/lib/python2.7/site-packages/keystoneclient/base.py", line 124, in _list resp, body = self.client.get(url, **kwargs) File "/usr/lib/python2.7/site-packages/keystoneclient/adapter.py", line 170, in get return self.request(url, 'GET', **kwargs) File "/usr/lib/python2.7/site-packages/keystoneclient/adapter.py", line 206, in request resp = super(LegacyJsonAdapter, self).request(*args, **kwargs) File "/usr/lib/python2.7/site-packages/keystoneclient/adapter.py", line 95, in request return self.session.request(url, method, **kwargs) File "/usr/lib/python2.7/site-packages/keystoneclient/utils.py", line 337, in inner return func(*args, **kwargs) File "/usr/lib/python2.7/site-packages/keystoneclient/session.py", line 401, in request raise exceptions.from_response(resp, method, url) Unauthorized: The request you have made requires authentication. (Disable debug mode to suppress these details.) (HTTP 401) (Request-ID: req-18cdb92c-54ca-442d-b4d0-e95122a04064) DEBUG:oslo_policy.policy:Rule [telemetry:compute_statistics] does not exist DEBUG:oslo_policy.policy:Rule [default] does not exist DEBUG:oslo_policy.policy:Rule [telemetry:get_meter] does not exist DEBUG:oslo_policy.policy:Rule [default] does not exist Unable to retrieve project list. Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/openstack_auth/user.py", line 318, in authorized_tenants is_federated=self.is_federated) File "/usr/lib/python2.7/site-packages/openstack_auth/utils.py", line 139, in wrapper result = func(*args, **kwargs) File "/usr/lib/python2.7/site-packages/openstack_auth/utils.py", line 324, in get_project_list projects = client.tenants.list() File "/usr/lib/python2.7/site-packages/keystoneclient/v2_0/tenants.py", line 123, in list tenant_list = self._list('/tenants%s' % query, 'tenants') File "/usr/lib/python2.7/site-packages/keystoneclient/base.py", line 124, in _list resp, body = self.client.get(url, **kwargs) File "/usr/lib/python2.7/site-packages/keystoneclient/adapter.py", line 170, in get return self.request(url, 'GET', **kwargs) File "/usr/lib/python2.7/site-packages/keystoneclient/adapter.py", line 206, in request resp = super(LegacyJsonAdapter, self).request(*args, **kwargs) File "/usr/lib/python2.7/site-packages/keystoneclient/adapter.py", line 95, in request return self.session.request(url, method, **kwargs) File "/usr/lib/python2.7/site-packages/keystoneclient/utils.py", line 337, in inner return func(*args, **kwargs) File "/usr/lib/python2.7/site-packages/keystoneclient/session.py", line 401, in request raise exceptions.from_response(resp, method, url) Unauthorized: The request you have made requires authentication. (Disable debug mode to suppress these details.) (HTTP 401) (Request-ID: req-d6b1136b-6944-4815-9fe2-64a0f47b7e52) Unable to retrieve project list. Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/openstack_auth/user.py", line 318, in authorized_tenants is_federated=self.is_federated) File "/usr/lib/python2.7/site-packages/openstack_auth/utils.py", line 139, in wrapper result = func(*args, **kwargs) File "/usr/lib/python2.7/site-packages/openstack_auth/utils.py", line 324, in get_project_list projects = client.tenants.list() File "/usr/lib/python2.7/site-packages/keystoneclient/v2_0/tenants.py", line 123, in list tenant_list = self._list('/tenants%s' % query, 'tenants') File "/usr/lib/python2.7/site-packages/keystoneclient/base.py", line 124, in _list resp, body = self.client.get(url, **kwargs) File "/usr/lib/python2.7/site-packages/keystoneclient/adapter.py", line 170, in get return self.request(url, 'GET', **kwargs) File "/usr/lib/python2.7/site-packages/keystoneclient/adapter.py", line 206, in request resp = super(LegacyJsonAdapter, self).request(*args, **kwargs) File "/usr/lib/python2.7/site-packages/keystoneclient/adapter.py", line 95, in request return self.session.request(url, method, **kwargs) File "/usr/lib/python2.7/site-packages/keysto
[Yahoo-eng-team] [Bug 1476770] Re: _translate_from_glance fails with "AttributeError: id" in grenade
** Changed in: python-glanceclient Status: New => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1476770 Title: _translate_from_glance fails with "AttributeError: id" in grenade Status in Glance: Invalid Status in OpenStack-Gate: Fix Committed Status in oslo.vmware: Fix Released Status in python-glanceclient: Fix Released Bug description: http://logs.openstack.org/28/204128/2/check/gate-grenade- dsvm/80607dc/logs/old/screen-n-api.txt.gz?level=TRACE 2015-07-21 17:05:37.447 ERROR nova.api.openstack [req-9854210d-b9fc-47ff-9f00-1a0270266e2a tempest-ServersTestJSON-34270062 tempest-ServersTestJSON-745803609] Caught error: id 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack Traceback (most recent call last): 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/opt/stack/old/nova/nova/api/openstack/__init__.py", line 125, in __call__ 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack return req.get_response(self.application) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/webob/request.py", line 1317, in send 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack application, catch_exc_info=False) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/webob/request.py", line 1281, in call_application 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack app_iter = application(self.environ, start_response) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/webob/dec.py", line 144, in __call__ 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack return resp(environ, start_response) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/keystonemiddleware/auth_token/__init__.py", line 634, in __call__ 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack return self._call_app(env, start_response) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/keystonemiddleware/auth_token/__init__.py", line 554, in _call_app 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack return self._app(env, _fake_start_response) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/webob/dec.py", line 144, in __call__ 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack return resp(environ, start_response) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/webob/dec.py", line 144, in __call__ 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack return resp(environ, start_response) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/routes/middleware.py", line 136, in __call__ 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack response = self.app(environ, start_response) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/webob/dec.py", line 144, in __call__ 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack return resp(environ, start_response) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/webob/dec.py", line 130, in __call__ 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack resp = self.call_func(req, *args, **self.kwargs) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/webob/dec.py", line 195, in call_func 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack return self.func(req, *args, **kwargs) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/opt/stack/old/nova/nova/api/openstack/wsgi.py", line 756, in __call__ 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack content_type, body, accept) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/opt/stack/old/nova/nova/api/openstack/wsgi.py", line 821, in _process_stack 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack action_result = self.dispatch(meth, request, action_args) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/opt/stack/old/nova/nova/api/openstack/wsgi.py", line 911, in dispatch 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack return method(req=request, **action_args) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/opt/stack/old/nova/nova/api/openstack/compute/servers.py", line 636, in create 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack self._handle_create_exception(*sys.exc_info()) 2015-07-21 17:05:37.447 21251 TRACE nova.api.openstack File "/opt/stack/old/nova/nova/api/openstack/comp