Heat engine in multi region configuration invokes keystone to wrong region/endpoint in Red Hat OpenStack Platform
Issue
Heat engine in a multiple region configuration invoke keystoneclient to wrong region/endpoint in Red Hat OpenStack Platform.
Keystone response for the identity service with multiple regions that point to different locations:
# keystone service-list | grep -i keystone
| <keystone service uuid> | keystone | identity | Keystone Identity Service |
# keystone endpoint-list |grep <keystone service uuid>
| id | region | publicurl | internalurl | adminurl | service_id |
| <region1 endpoint uuid> | region1 | https://region1.keystone:5000/v2.0 | https://region1.keystone:5000/v2.0 | https://region1.keystone:35357/v2.0 | <keystone service uuid> |
| <region2 endpoint uuid 1> | region2 | https://region2.keystone:5000/v2.0 | https://region2.keystone:5000/v2.0 | https://region2.keystone:35357/v2.0 | <keystone service uuid> |
| <region2 endpoint uuid 2> | region2 | https://region2.keystone:5000/v2.0 | https://region2.keystone:5000/v2.0 | https://region2.keystone:35357/v2.0 | <keystone service uuid> |
| <region3 endpoint uuid> | region3 | https://region3.keystone:5000/v2.0 | https://region3.keystone:5000/v2.0 | https://region3.keystone:35357/v2.0 | <keystone service uuid> |
The configuration in /etc/heat/heat.conf should be using the region region3 in this example:
[DEFAULT]
# Default region name used to get services endpoints. (string
# value)
region_name=region3
region_name_for_services=region3
[keystone_authtoken]
auth_url=https://region3.keystone:5000
identity_uri=https://region3.keystone:5000
auth_region = region3
region_name = region3
When heat-engine daemon is started in debug mode one sees the config value getting picked up:
2017-02-04 15:35:39.913 Heat 100 DEBUG oslo_service.service region_name_for_services = region3 log_opt_values /usr/lib/python2.7/site-packages/oslo_config/cfg.py:2229
In the stdout from the heat-engine process, one can see that it's trying to authenticate tokens against Keystone for the region "region2":
2017-02-04 15:32:55.256 Heat 92 DEBUG keystoneclient.auth.identity.v3.base Making authentication request to https://region3.keystone:5000/v3/auth/tokens get_auth_ref /usr/lib/python2.7/site-packages/keystoneclient/auth/identity/v3/base.py:188
2017-02-04 15:32:55.357 Heat 92 DEBUG keystoneclient.session REQ: curl -g -i -X GET https://region2.keystone:35357/ -H "Accept: application/json" -H "User-Agent: python-keystoneclient" _http_log_request /usr/lib/python2.7/site-packages/keystoneclient/session.py:198
Environment
Red Hat OpenStack Platform 8
Red Hat OpenStack Platform 9
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
