search

docker / machine

Machine management for a container-centric world
https://docs.docker.com/machine/
Apache License 2.0
6.63k stars 1.97k forks source link

possible bug in docker-machine openstack: calls v2 of API for tenants when given v3 auth? #3774

Open cboettig opened 8 years ago

cboettig commented 8 years ago

When calling docker-machine using the openstack interface with V3 of the API, I get an unexpected error which seems to suggest that docker-machine is calling v2 of the API for the tenants. Perhaps I'm doing something wrong in my call here, but given that the v2 appears to come out of nowhere I wonder if this is a bug?

I'm calling against the openstack setup of the NSF Jetstream system; trying to debug with the devs there but think it might be a docker-machine issue?

After sourcing in my openrc.sh env vars appropriately, here's the docker-machine command I am using (with secure/personal variables replaced):

docker-machine --debug create --driver openstack --openstack-flavor-id m1.tiny --openstack-image-id IMAGEIDHASH --openstack-keypair-name KEYPAIR --openstack-sec-groups default --openstack-tenant-name TENANTNAME --openstack-domain-name DOMAIN  --openstack-private-key-file ~/.ssh/id_rsa --openstack-auth-url  https://jblb.jetstream-cloud.org:XXXX/v3  testbed

Which gives the following:


Docker Machine Version:  0.8.1, build 41b3b25
Found binary path at /usr/local/bin/docker-machine
Launching plugin server for driver openstack
Plugin server listening at address 127.0.0.1:39073
() Calling .GetVersion
Using API Version  1
() Calling .SetConfigRaw
() Calling .GetMachineName
(flag-lookup) Calling .GetMachineName
(flag-lookup) Calling .DriverName
(flag-lookup) Calling .GetCreateFlags
Found binary path at /usr/local/bin/docker-machine
Launching plugin server for driver openstack
Plugin server listening at address 127.0.0.1:44650
() Calling .GetVersion
Using API Version  1
() Calling .SetConfigRaw
() Calling .GetMachineName
(testbed) Calling .GetMachineName
(testbed) Calling .DriverName
(testbed) Calling .GetCreateFlags
(testbed) Calling .SetConfigFromFlags
Running pre-create checks...
(testbed) Calling .PreCreateCheck
(testbed) Calling .GetConfigRaw
Creating machine...
(testbed) Calling .Create
(testbed) DBG | Authenticating... map[DomainName:tacc Username:cboettig TenantName:TG-DEB160003 TenantID: AuthUrl:https://jblb.jetstream-cloud.org:XXXXX/v3 Insecure:false DomainID:]

Error creating machine: Error in driver during machine creation: Expected HTTP response code [200 204] when accessing [GET https://jblb.jetstream-cloud.org:XXXXX/v2.0/tenants], but got 403 instead
{"error": {"message": "You are not authorized to perform the requested action: admin_required", "code": 403, "title": "Forbidden"}}

I find it strange that the error message occurs on a call to GET https://jblb.jetstream-cloud.org:XXXXX/v2.0/tenants, surely this should be v3.0 instead? (Also confusing that it says earlier in the debug trace Using API Version 1, though perhaps that refers to something else?)

nathanleclaire commented 8 years ago

@fsoppelsa

fsoppelsa commented 8 years ago

What is OS_AUTH_URL and/or OS_IDENTITY_API_VERSION here?

cboettig commented 8 years ago

Thanks. OS_AUTH_URL is set to the same value as it has in the command line option shown above (I assume the latter takes precedence anyhow) --openstack-auth-url https://jblb.jetstream-cloud.org:XXXX/v3 (made anonymous obviously).

The OS_IDENTITY_API_VERSION is set to 3, and is specified in the openrc.sh file I linked in the above, OS_IDENTITY_API_VERSION=3.

Hodgegoblin commented 7 years ago

Were you able to resolve this issue? I am having the same issue trying to create to a devstack installation.

jscottsf commented 6 years ago

Having the same issue here. Any resolution?

Error creating machine: Error in driver during machine creation: Expected HTTP response code [200 204] when accessing [GET https://iu.jetstream-cloud.org:5000/v2.0/tenants], but got 404 instead
{"error": {"message": "(http://iu.jetstream-cloud.org:5000/v2.0/tenants): The resource could not be found.", "code": 404, "title": "Not Found"}}

Seems this issue has been Open for two years? Would love to use docker-machine with OS.

kevinkjt2000 commented 5 years ago

It seems that several of the imports are for v2 support only https://github.com/docker/machine/blob/61ef47dc5d6b1658e3d6636f9382d50507c8c7e1/drivers/openstack/client.go#L16-L25 v3 would be an awesome feature!

lcaflc commented 5 years ago

I also have this issue. Moreover identity / keystone API v2 is now deprecated and no longuer available in rocky release and more. So since we upgraded docker-machine is no longuer usable.

kayrus commented 5 years ago

It would be great if someone can take a look on the #4755, which has to resolve this issue.

doug-ba commented 4 years ago

Is there anybody who can look at kayrus's PR? This issue is preventing my team from giving rancher a real evaluation.