search

jenkinsci / openstack-cloud-plugin

Provision nodes from OpenStack on demand
https://plugins.jenkins.io/openstack-cloud
MIT License
47 stars 83 forks source link

Cannot connect on Keystone v3 #162

Closed JGroselle closed 6 years ago

JGroselle commented 7 years ago

Hi everyone,

I face an issue about connecting Jenkins to our OpenStack. OpenStack version = Ocata Keystone version = v3 Jenkins version = 2.60.3 Plugin version = 2.24

I configured endpoint URL properly, so each time I curl this URL from Jenkins server (jenkins user) it return 200:

{"version": {"status": "stable", "updated": "2017-02-22T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.8", "links": [{"href": "https://dashboard.mydomain.io:5000/v3/", "rel": "self"}]}}

Here is the return from curl -I

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Aug 2017 08:56:22 GMT
Content-Type: application/json
Content-Length: 258
Connection: keep-alive
Vary: X-Auth-Token
x-openstack-request-id: req-59ec9d86-ab9b-4969-b1fb-160c8309632c
Front-End-Https: on

NOTE: The OS end point is behind an nginx proxy. NOTE: The certificate is signed by mycompany CA.

Here is the exception raised: Cannot connect to specified cloud, please check the identity and credentials: Not Found

ClientResponseException{message=Not Found, status=404, status-code=NOT_FOUND}
    at org.openstack4j.core.transport.HttpExceptionHandler.mapException(HttpExceptionHandler.java:38)
    at org.openstack4j.core.transport.HttpExceptionHandler.mapException(HttpExceptionHandler.java:23)
    at org.openstack4j.openstack.internal.OSAuthenticator.authenticateV2(OSAuthenticator.java:125)
    at org.openstack4j.openstack.internal.OSAuthenticator.invoke(OSAuthenticator.java:52)
    at org.openstack4j.openstack.client.OSClientBuilder$ClientV2.authenticate(OSClientBuilder.java:117)
    at org.openstack4j.openstack.client.OSClientBuilder$ClientV2.authenticate(OSClientBuilder.java:79)
    at jenkins.plugins.openstack.compute.internal.Openstack.<init>(Openstack.java:130)
    at jenkins.plugins.openstack.compute.internal.Openstack.<init>(Openstack.java:101)
    at jenkins.plugins.openstack.compute.internal.Openstack$Factory.getOpenstack(Openstack.java:648)
    at jenkins.plugins.openstack.compute.internal.Openstack$FactoryEP.get(Openstack.java:617)
    at jenkins.plugins.openstack.compute.JCloudsCloud$DescriptorImpl.doTestConnection(JCloudsCloud.java:509)
    at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
    at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343)
    at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184)
    at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117)
    at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:129)
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845)
    at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248)
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
    at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:135)
    at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:225)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
    at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
    at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:51)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
    at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
    at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:138)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
    at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:49)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
    at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:92)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
    at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90)
    at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
    at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
    at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
    at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:553)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
    at org.eclipse.jetty.server.Server.handle(Server.java:499)
    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
    at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
    at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)

Thank you for your help.

JGroselle commented 7 years ago

Hi again,

I have seen in nginx logs that your plugin try to reach https://dashboard.mydomain.io:5000/v3/tokens. And yes, /tokens do not exist. So 404.

Am I doing something wrong ?

olivergondza commented 7 years ago

Have you configured the plugin with the specific URL that works with CURL, the one that ends with "/v3/"? Since you are getting an HTTP 404, it does not seem to be a certificate issue between Jenkins what ever serves that 404 (OpenStack Horizon or nginx).

JGroselle commented 7 years ago

Hi @olivergondza,

Thank you for your answer. Yes the URL is the same. But I saw that the plugin add "tokens" to the URL. And /v3/tokens do not exist on our platform. so we raise a 404.

olivergondza commented 7 years ago

Plugin forwards user provided URLs to openstack4j library that, I presume, know what is the right thing to do. There is a chance your version is not supported (yet) or is broken, though.

And /v3/tokens do not exist on our platform. so we raise a 404.

I can not comment on the actual protocol used. I find it brittle tempering with the response codes not to risk to provide different codes and confuse clients.

JGroselle commented 6 years ago

Fixed. I did not use the Keystone V3 syntax... RTFM...

Tahvok commented 6 years ago

@JGroselle could you please elaborate more on what you've done? I'm facing the same issue now.

JGroselle commented 6 years ago

Hi @Tahvok, I do not remember very well. But the configured Endpoint URL is https://some.other.host:5000/v3. And now whenI click on "Test Connection" I have "Connection succeeded!" What do you have as Endpoint URL ?

By the way this error is raised when you are not authenticated to OpenStack. So the file reached is not present (404).

Tahvok commented 6 years ago

@JGroselle thanks for getting back to me. I found the issue, I was using credentials for openstack auth v2, and needed to create openstack auth v3 credentials when I changed the url to make it work. Thanks anyway for replying back!