Add New Openstack Provider: validation TimeOut


#1

Hi all, I have problems adding mirantis mitaka Openstack to manageiq.

Beside i put the log in debug in the GUI i only have a single error level message in fog.log:

ERROR – : excon.error Excon::Error::Timeout: connect_write timeout reached

evm.log:

[----] E, [2017-07-05T14:26:27.897606 #487:3fa77ab4c380] ERROR – : Fog excon.error Excon::Error::Timeout: connect_write timeout reached>
[----] E, [2017-07-05T14:26:27.897886 #487:3fa77ab4c380] ERROR – : MIQ(ManageIQ::Providers::Openstack::CloudManager#verify_api_credentials) Error Class=Excon::Error::Timeout, Message=connect_write timeout reached
[----] E, [2017-07-05T14:26:27.898051 #487:3fa77ab4c380] ERROR – : MIQ(ems_cloud_controller-create): Credential validation was not successful: Login attempt timed out

  • i use an admin user, which is admin of all tenant its see.
  • i use the ssl without verification

What could i do to increase the excon/fog log to debug level plz ?

Best regards

Loic


#2

Check the port of connection. It should be 5000


#3

hi, thanks but we have an nginx reverse proxy in front of keystone who expose the port 5000 through 443 port.
the adminurl of keystone is on an unreachable network on port 35357.

Is that mandatory manageiq has to reach apis via adminurls ?

regards


#4

If you change the type of connection (ssl without verification) try to set port of connection to 443, as I know the 35357 admin url does not needed.


#5

@jolann for OpenStack provider connection fog library is used. U can try to connect to your environment throughout ruby script and investigate issue:

@connection_params = {
  openstack_auth_url:     "http://devstack.test:5000/v3/auth/tokens",
  openstack_username:     "admin",
  openstack_api_key:      "password",
  openstack_project_name: "admin",
  openstack_domain_id:    "default"
}

#6

Thank you, i am trying to debug it from ruby directly with the procedure in fog-openstack github, but reach same time out as in manageiq. here is the exception:

excon.error
:error => #<Excon::Error::Timeout: connect_read timeout reached>
/opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/excon-0.56.0/lib/excon/socket.rb:267:in select_with_timeout': connect_read timeout reached (Excon::Error::Timeout) from /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/excon-0.56.0/lib/excon/ssl_socket.rb:119:inrescue in initialize’
from /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/excon-0.56.0/lib/excon/ssl_socket.rb:116:in initialize' from /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/excon-0.56.0/lib/excon/connection.rb:403:innew’
from /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/excon-0.56.0/lib/excon/connection.rb:403:in socket' from /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/excon-0.56.0/lib/excon/connection.rb:100:inrequest_call’
from /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/excon-0.56.0/lib/excon/middlewares/mock.rb:48:in request_call' from /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/excon-0.56.0/lib/excon/middlewares/instrumentor.rb:23:inblock in request_call’
from /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/excon-0.56.0/lib/excon/standard_instrumentor.rb:24:in instrument' from /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/excon-0.56.0/lib/excon/middlewares/instrumentor.rb:22:inrequest_call’
from /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/excon-0.56.0/lib/excon/middlewares/base.rb:16:in request_call' from /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/excon-0.56.0/lib/excon/middlewares/base.rb:16:inrequest_call’
from /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/excon-0.56.0/lib/excon/middlewares/base.rb:16:in request_call' from /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/excon-0.56.0/lib/excon/connection.rb:249:inrequest’
from /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/fog-core-1.44.3/lib/fog/core/connection.rb:81:in request' from /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/fog-openstack-0.1.20/lib/fog/openstack.rb:438:inretrieve_tokens_v2’
from /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/fog-openstack-0.1.20/lib/fog/openstack.rb:192:in authenticate_v2' from /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/fog-openstack-0.1.20/lib/fog/openstack.rb:150:inauthenticate’
from /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/fog-openstack-0.1.20/lib/fog/openstack/core.rb:182:in authenticate' from /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/fog-openstack-0.1.20/lib/fog/compute/openstack.rb:392:ininitialize’
from /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/fog-core-1.44.3/lib/fog/core/service.rb:115:in new' from /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/fog-core-1.44.3/lib/fog/core/service.rb:115:innew’
from testconnect.rb:18:in `’

here is the ruby script I use:

#!/opt/rubies/ruby-2.3.1/bin/ruby

require “fog/openstack”

@connection_params = {
openstack_auth_url: “https://my keystone fqdn/v2.0/tokens”,
openstack_username: “manageiq”,
openstack_api_key: “*********”,
openstack_project_name: “test-tenant”
}

compute = Fog::Compute::OpenStack.new(@connection_params)
p compute.images

I repeat that my adminurl aren’t reachable (separated non routed network), only publicurl of openstack is reachable.
thanks


#7

@jolann
May be there is some network problem, try to just curl to keystone url:

https://docs.openstack.org/keystone/latest/api_curl_examples.html


#8

Thanks all, you’re right igortiunov, network problem… (not very familiar with docker)
I then deploy qcow2 directly on openstack and then no more problems nor with Azure nor Openstack deployments.

Thanks igortiunov, best regards