Public bug reported: keystone mitaka
I'm not entirely sure what is happening here, keystone is set up for federation with a SAML2 idp, all federated users can use all services with the exception of heat. this gets a little bit complicated because first I ran into this bug (heat cannot find federated users role) https://bugs.launchpad.net/murano/+bug/1589993 for which the workaround is to grant the federated user the heat_stack_owner role Once the role is granted directly to the federated user (e.g. not to the users group) the previous error goes away - keystone now throws this error when using heat object of type 'NoneType' has no len() I think heat might be looking for a userid in the default sql domain perhaps >Sep 23 10:48:06 node-30 keystone-admin: 2016-09-23 10:48:06.420 10012 INFO >keystone.token.providers.fernet.utils >[req-dd5cc8a6-7c57-4166-931d-6a5ebf8a91f0 283c6248ff874714a4a5d69471ef2fad >f653c7eb3d244f09b37f69cdd1ef4e82 - default default] Loaded 2 encryption keys >(max_active_keys=3) from: /etc/keystone/fernet-keys <14>Sep 23 10:48:06 node-30 keystone-admin: 2016-09-23 10:48:06.480 10013 INFO keystone.common.wsgi [req-6998992e-83b7-4743-9ac5-036c2aed28ff - - - - -] GET http://172.25.60.5:35357/ <15>Sep 23 10:48:06 node-30 keystone-admin: 2016-09-23 10:48:06.492 10011 DEBUG keystone.middleware.auth [req-298ebc90-2aec-4dc9-b0af-00ef2c14c5f0 - - - - -] There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. _build_auth_context /usr/lib/python2.7/dist-packages/keystone/middleware/auth.py:71 <14>Sep 23 10:48:06 node-30 keystone-admin: 2016-09-23 10:48:06.494 10011 INFO keystone.common.wsgi [req-298ebc90-2aec-4dc9-b0af-00ef2c14c5f0 - - - - -] POST http://172.25.60.5:35357/v3/auth/tokens <15>Sep 23 10:48:06 node-30 keystone-admin: 2016-09-23 10:48:06.559 10011 DEBUG oslo_messaging._drivers.amqpdriver [req-298ebc90-2aec-4dc9-b0af-00ef2c14c5f0 - - - - -] CAST unique_id: bed1de3722504cb9b5e84b7ed3e7e4af size: 906 NOTIFY exchange: keystone topic: notifications.info _send /usr/lib/python2.7/dist-packages/oslo_messaging/_drivers/amqpdriver.py:480 <15>Sep 23 10:48:06 node-30 keystone-admin: 2016-09-23 10:48:06.569 10011 DEBUG dogpile.core.dogpile [req-298ebc90-2aec-4dc9-b0af-00ef2c14c5f0 - - - - -] NeedRegenerationException _enter /usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py:94 <15>Sep 23 10:48:06 node-30 keystone-admin: 2016-09-23 10:48:06.570 10011 DEBUG dogpile.core.dogpile [req-298ebc90-2aec-4dc9-b0af-00ef2c14c5f0 - - - - -] no value, waiting for create lock _enter_create /usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py:127 <15>Sep 23 10:48:06 node-30 keystone-admin: 2016-09-23 10:48:06.570 10011 DEBUG dogpile.core.dogpile [req-298ebc90-2aec-4dc9-b0af-00ef2c14c5f0 - - - - -] value creation lock <dogpile.cache.region._LockWrapper object at 0x7f116ead6cd0> acquired _enter_create /usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py:131 <15>Sep 23 10:48:06 node-30 keystone-admin: 2016-09-23 10:48:06.571 10011 DEBUG dogpile.core.dogpile [req-298ebc90-2aec-4dc9-b0af-00ef2c14c5f0 - - - - -] Calling creation function _enter_create /usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py:148 <15>Sep 23 10:48:06 node-30 keystone-admin: 2016-09-23 10:48:06.579 10011 DEBUG dogpile.core.dogpile [req-298ebc90-2aec-4dc9-b0af-00ef2c14c5f0 - - - - -] Released creation lock _enter_create /usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py:154 <11>Sep 23 10:48:06 node-30 keystone-admin: 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi [req-298ebc90-2aec-4dc9-b0af-00ef2c14c5f0 - - - - -] object of type 'NoneType' has no len() 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi Traceback (most recent call last): 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 249, in __call__ 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi result = method(context, **params) 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", line 416, in authenticate_for_token 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi parent_audit_id=token_audit_id) 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/common/manager.py", line 124, in wrapped 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs) 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/token/provider.py", line 384, in issue_v3_token 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi parent_audit_id) 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/token/providers/fernet/core.py", line 44, in issue_v3_token 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi *args, **kwargs) 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/token/providers/common.py", line 621, in issue_v3_token 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi audit_info=parent_audit_id) 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/token/providers/common.py", line 519, in get_token_data 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi self._populate_user(token_data, user_id, trust) 2016-09-23 10:48:06.580 100 <15>Sep 23 10:48:07 node-30 keystone-admin: 2016-09-23 10:48:07.258 10014 DEBUG keystone.middleware.auth [req-b765bdb6-2843-4ade-92d6-11db786b38f6 - - - - -] There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. _build_auth_context /usr/lib/python2.7/dist-packages/keystone/middleware/auth.py:71 ** Affects: keystone Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1627098 Title: federated users cannot user heat Status in OpenStack Identity (keystone): New Bug description: keystone mitaka I'm not entirely sure what is happening here, keystone is set up for federation with a SAML2 idp, all federated users can use all services with the exception of heat. this gets a little bit complicated because first I ran into this bug (heat cannot find federated users role) https://bugs.launchpad.net/murano/+bug/1589993 for which the workaround is to grant the federated user the heat_stack_owner role Once the role is granted directly to the federated user (e.g. not to the users group) the previous error goes away - keystone now throws this error when using heat object of type 'NoneType' has no len() I think heat might be looking for a userid in the default sql domain perhaps >Sep 23 10:48:06 node-30 keystone-admin: 2016-09-23 10:48:06.420 10012 INFO keystone.token.providers.fernet.utils [req-dd5cc8a6-7c57-4166-931d-6a5ebf8a91f0 283c6248ff874714a4a5d69471ef2fad f653c7eb3d244f09b37f69cdd1ef4e82 - default default] Loaded 2 encryption keys (max_active_keys=3) from: /etc/keystone/fernet-keys <14>Sep 23 10:48:06 node-30 keystone-admin: 2016-09-23 10:48:06.480 10013 INFO keystone.common.wsgi [req-6998992e-83b7-4743-9ac5-036c2aed28ff - - - - -] GET http://172.25.60.5:35357/ <15>Sep 23 10:48:06 node-30 keystone-admin: 2016-09-23 10:48:06.492 10011 DEBUG keystone.middleware.auth [req-298ebc90-2aec-4dc9-b0af-00ef2c14c5f0 - - - - -] There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. _build_auth_context /usr/lib/python2.7/dist-packages/keystone/middleware/auth.py:71 <14>Sep 23 10:48:06 node-30 keystone-admin: 2016-09-23 10:48:06.494 10011 INFO keystone.common.wsgi [req-298ebc90-2aec-4dc9-b0af-00ef2c14c5f0 - - - - -] POST http://172.25.60.5:35357/v3/auth/tokens <15>Sep 23 10:48:06 node-30 keystone-admin: 2016-09-23 10:48:06.559 10011 DEBUG oslo_messaging._drivers.amqpdriver [req-298ebc90-2aec-4dc9-b0af-00ef2c14c5f0 - - - - -] CAST unique_id: bed1de3722504cb9b5e84b7ed3e7e4af size: 906 NOTIFY exchange: keystone topic: notifications.info _send /usr/lib/python2.7/dist-packages/oslo_messaging/_drivers/amqpdriver.py:480 <15>Sep 23 10:48:06 node-30 keystone-admin: 2016-09-23 10:48:06.569 10011 DEBUG dogpile.core.dogpile [req-298ebc90-2aec-4dc9-b0af-00ef2c14c5f0 - - - - -] NeedRegenerationException _enter /usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py:94 <15>Sep 23 10:48:06 node-30 keystone-admin: 2016-09-23 10:48:06.570 10011 DEBUG dogpile.core.dogpile [req-298ebc90-2aec-4dc9-b0af-00ef2c14c5f0 - - - - -] no value, waiting for create lock _enter_create /usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py:127 <15>Sep 23 10:48:06 node-30 keystone-admin: 2016-09-23 10:48:06.570 10011 DEBUG dogpile.core.dogpile [req-298ebc90-2aec-4dc9-b0af-00ef2c14c5f0 - - - - -] value creation lock <dogpile.cache.region._LockWrapper object at 0x7f116ead6cd0> acquired _enter_create /usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py:131 <15>Sep 23 10:48:06 node-30 keystone-admin: 2016-09-23 10:48:06.571 10011 DEBUG dogpile.core.dogpile [req-298ebc90-2aec-4dc9-b0af-00ef2c14c5f0 - - - - -] Calling creation function _enter_create /usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py:148 <15>Sep 23 10:48:06 node-30 keystone-admin: 2016-09-23 10:48:06.579 10011 DEBUG dogpile.core.dogpile [req-298ebc90-2aec-4dc9-b0af-00ef2c14c5f0 - - - - -] Released creation lock _enter_create /usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py:154 <11>Sep 23 10:48:06 node-30 keystone-admin: 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi [req-298ebc90-2aec-4dc9-b0af-00ef2c14c5f0 - - - - -] object of type 'NoneType' has no len() 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi Traceback (most recent call last): 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 249, in __call__ 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi result = method(context, **params) 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", line 416, in authenticate_for_token 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi parent_audit_id=token_audit_id) 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/common/manager.py", line 124, in wrapped 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs) 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/token/provider.py", line 384, in issue_v3_token 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi parent_audit_id) 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/token/providers/fernet/core.py", line 44, in issue_v3_token 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi *args, **kwargs) 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/token/providers/common.py", line 621, in issue_v3_token 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi audit_info=parent_audit_id) 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi File "/usr/lib/python2.7/dist-packages/keystone/token/providers/common.py", line 519, in get_token_data 2016-09-23 10:48:06.580 10011 ERROR keystone.common.wsgi self._populate_user(token_data, user_id, trust) 2016-09-23 10:48:06.580 100 <15>Sep 23 10:48:07 node-30 keystone-admin: 2016-09-23 10:48:07.258 10014 DEBUG keystone.middleware.auth [req-b765bdb6-2843-4ade-92d6-11db786b38f6 - - - - -] There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. _build_auth_context /usr/lib/python2.7/dist-packages/keystone/middleware/auth.py:71 To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1627098/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp