diff --git a/mistral/actions/openstack/actions.py b/mistral/actions/openstack/actions.py index 8393c3c65..85ff0d819 100644 --- a/mistral/actions/openstack/actions.py +++ b/mistral/actions/openstack/actions.py @@ -388,7 +388,25 @@ class BaremetalIntrospectionAction(base.OpenStackAction): @classmethod def _get_fake_client(cls): - return cls._get_client_class()(1) + try: + # ironic-inspector client tries to get and validate it's own + # version when created. This might require checking the keystone + # catalog if the ironic-inspector server is not listening on the + # localhost IP address. Thus, we get a session for this case. + sess = keystone_utils.get_admin_session() + + return cls._get_client_class()(session=sess) + except Exception as e: + LOG.warning("There was an error trying to create the " + "ironic-inspector client using a session: %s" % str(e)) + # If it's not possible to establish a keystone session, attempt to + # create a client without it. This should fall back to where the + # ironic-inspector client tries to get it's own version on the + # default IP address. + LOG.debug("Attempting to create the ironic-inspector client " + "without a session.") + + return cls._get_client_class()() def _get_client(self): ctx = context.ctx() diff --git a/mistral/utils/openstack/keystone.py b/mistral/utils/openstack/keystone.py index 212677392..5f458bcf1 100644 --- a/mistral/utils/openstack/keystone.py +++ b/mistral/utils/openstack/keystone.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +import keystoneauth1.identity.generic as auth_plugins +from keystoneauth1 import session as ks_session from keystoneclient.v3 import client as ks_client from keystoneclient.v3.endpoints import Endpoint from oslo_config import cfg @@ -130,3 +132,19 @@ def is_token_trust_scoped(auth_token): token_info = keystone_client.tokens.validate(auth_token) return 'OS-TRUST:trust' in token_info + + +def get_admin_session(): + """Returns a keystone session from Mistral's service credentials.""" + + auth = auth_plugins.Password( + CONF.keystone_authtoken.auth_uri, + username=CONF.keystone_authtoken.admin_user, + password=CONF.keystone_authtoken.admin_password, + project_name=CONF.keystone_authtoken.admin_tenant_name, + # NOTE(jaosorior): Once mistral supports keystone v3 properly, we can + # fetch the following values from the configuration. + user_domain_name='Default', + project_domain_name='Default') + + return ks_session.Session(auth=auth) diff --git a/tools/sync_db.py b/tools/sync_db.py index 7e70d3c80..6590cb950 100644 --- a/tools/sync_db.py +++ b/tools/sync_db.py @@ -12,6 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +import keystonemiddleware.opts as keystonemw_opts from oslo_config import cfg from oslo_log import log as logging @@ -25,6 +26,14 @@ CONF = cfg.CONF def main(): + # NOTE(jaosorior): This is needed in order for db-sync to also register the + # keystonemiddleware options. Those options are used by clients that need a + # keystone session in order to be able to register their actions. + # This can be removed when mistral moves out of using keystonemiddleware in + # favor of keystoneauth1. + for group, opts in keystonemw_opts.list_auth_token_opts(): + CONF.register_opts(opts, group=group) + config.parse_args() if len(CONF.config_file) == 0: