Heat engine in multi region configuration invokes keystone to wrong region/endpoint in Red Hat OpenStack Platform

Solution In Progress - Updated -

Issue

Heat engine in a multiple region configuration invoke keystoneclient to wrong region/endpoint in Red Hat OpenStack Platform.

Keystone response for the identity service with multiple regions that point to different locations:

# keystone service-list  | grep -i keystone
| <keystone service uuid> |  keystone  |     identity    |         Keystone Identity Service         |

# keystone endpoint-list |grep <keystone service uuid>
|                id                |    region    |                          publicurl                          |                         internalurl                         |                         adminurl                         |            service_id            |
| <region1 endpoint uuid> | region1 |          https://region1.keystone:5000/v2.0          |          https://region1.keystone:5000/v2.0          |        https://region1.keystone:35357/v2.0        | <keystone service uuid> |
| <region2 endpoint uuid 1> | region2  |         https://region2.keystone:5000/v2.0        |         https://region2.keystone:5000/v2.0        |      https://region2.keystone:35357/v2.0       | <keystone service uuid> |
| <region2 endpoint uuid 2> | region2  |         https://region2.keystone:5000/v2.0        |         https://region2.keystone:5000/v2.0        |      https://region2.keystone:35357/v2.0       | <keystone service uuid> |
| <region3 endpoint uuid> | region3  |          https://region3.keystone:5000/v2.0          |          https://region3.keystone:5000/v2.0          |        https://region3.keystone:35357/v2.0        | <keystone service uuid> |

The configuration in /etc/heat/heat.conf should be using the region region3 in this example:

[DEFAULT]
# Default region name used to get services endpoints. (string
# value)
region_name=region3
region_name_for_services=region3

[keystone_authtoken]
auth_url=https://region3.keystone:5000
identity_uri=https://region3.keystone:5000
auth_region = region3
region_name = region3

When heat-engine daemon is started in debug mode one sees the config value getting picked up:

2017-02-04 15:35:39.913 Heat 100 DEBUG oslo_service.service region_name_for_services       = region3 log_opt_values /usr/lib/python2.7/site-packages/oslo_config/cfg.py:2229

In the stdout from the heat-engine process, one can see that it's trying to authenticate tokens against Keystone for the region "region2":

2017-02-04 15:32:55.256 Heat 92 DEBUG keystoneclient.auth.identity.v3.base Making authentication request to https://region3.keystone:5000/v3/auth/tokens get_auth_ref /usr/lib/python2.7/site-packages/keystoneclient/auth/identity/v3/base.py:188
2017-02-04 15:32:55.357 Heat 92 DEBUG keystoneclient.session REQ: curl -g -i -X GET https://region2.keystone:35357/ -H "Accept: application/json" -H "User-Agent: python-keystoneclient" _http_log_request /usr/lib/python2.7/site-packages/keystoneclient/session.py:198

Environment

Red Hat OpenStack Platform 8
Red Hat OpenStack Platform 9

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content