Heat engine in multi region configuration invokes keystone to wrong region/endpoint in Red Hat OpenStack Platform
Issue
Heat engine in a multiple region configuration invoke keystoneclient to wrong region/endpoint in Red Hat OpenStack Platform.
Keystone response for the identity service with multiple regions that point to different locations:
# keystone service-list | grep -i keystone
| <keystone service uuid> | keystone | identity | Keystone Identity Service |
# keystone endpoint-list |grep <keystone service uuid>
| id | region | publicurl | internalurl | adminurl | service_id |
| <region1 endpoint uuid> | region1 | https://region1.keystone:5000/v2.0 | https://region1.keystone:5000/v2.0 | https://region1.keystone:35357/v2.0 | <keystone service uuid> |
| <region2 endpoint uuid 1> | region2 | https://region2.keystone:5000/v2.0 | https://region2.keystone:5000/v2.0 | https://region2.keystone:35357/v2.0 | <keystone service uuid> |
| <region2 endpoint uuid 2> | region2 | https://region2.keystone:5000/v2.0 | https://region2.keystone:5000/v2.0 | https://region2.keystone:35357/v2.0 | <keystone service uuid> |
| <region3 endpoint uuid> | region3 | https://region3.keystone:5000/v2.0 | https://region3.keystone:5000/v2.0 | https://region3.keystone:35357/v2.0 | <keystone service uuid> |
The configuration in /etc/heat/heat.conf
should be using the region region3
in this example:
[DEFAULT]
# Default region name used to get services endpoints. (string
# value)
region_name=region3
region_name_for_services=region3
[keystone_authtoken]
auth_url=https://region3.keystone:5000
identity_uri=https://region3.keystone:5000
auth_region = region3
region_name = region3
When heat-engine daemon is started in debug mode one sees the config value getting picked up:
2017-02-04 15:35:39.913 Heat 100 DEBUG oslo_service.service region_name_for_services = region3 log_opt_values /usr/lib/python2.7/site-packages/oslo_config/cfg.py:2229
In the stdout from the heat-engine process, one can see that it's trying to authenticate tokens against Keystone for the region "region2":
2017-02-04 15:32:55.256 Heat 92 DEBUG keystoneclient.auth.identity.v3.base Making authentication request to https://region3.keystone:5000/v3/auth/tokens get_auth_ref /usr/lib/python2.7/site-packages/keystoneclient/auth/identity/v3/base.py:188
2017-02-04 15:32:55.357 Heat 92 DEBUG keystoneclient.session REQ: curl -g -i -X GET https://region2.keystone:35357/ -H "Accept: application/json" -H "User-Agent: python-keystoneclient" _http_log_request /usr/lib/python2.7/site-packages/keystoneclient/session.py:198
Environment
Red Hat OpenStack Platform 8
Red Hat OpenStack Platform 9
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.