[Openstack-operators] OpenStack Puppet module Keystone Juno

Rich Megginson rmeggins at redhat.com
Mon Jan 4 21:19:49 UTC 2016


On 01/04/2016 02:06 PM, Russell Cecala wrote:
> Hi Emilien,
>
>
> I am trying to use https://github.com/openstack/puppet-keystone to set 
> up a Kilo keystone node.

I'm assuming you're using the kilo branch there?

> I was hoping to could help me out so I can get my team to adopt puppet 
> for setting up OpenStack.
>
> On my keystone node I am running centos7 with selinux disabled ...

What version of openstackclient are you using?

Do you have a $HOME/openrc or /root/openrc, or are you otherwise 
defining OS_* environment variables in the environment before running 
puppet?

>
> [root at svl-ost-mgmt-centos-001 ~]# sestatus
>
> SELinux status:                 disabled
>
> ... and I have flushed my iptables ...
>
>
> [root at svl-ost-mgmt-centos-001 ~]# iptables -L
>
> Chain INPUT (policy ACCEPT)
>
> target     prot opt source destination
>
>
> Chain FORWARD (policy ACCEPT)
>
> target     prot opt source destination
>
>
> Chain OUTPUT (policy ACCEPT)
>
> target     prot opt source destination
>
>
> Yet when I run "puppet agent -t"  I get these errors:
>
>
> [root at ost-mgmt-centos-001 ~]# puppet agent -t
>
> Info: Retrieving pluginfacts
>
> Info: Retrieving plugin
>
> Info: Loading facts
>
> Error: NetworkManager is not running.
>
> Info: Caching catalog for ost-mgmt-centos-001.example.com 
> <http://ost-mgmt-centos-001.example.com>
>
> *Warning: The tenant parameter is deprecated and will be removed in 
> the future. Please use keystone_user_role to assign a user to a project.*
>
> *Warning: The ignore_default_tenant parameter is deprecated and will 
> be removed in the future.*
>
> Info: Applying configuration version '1451940682'
>
> *Error: /Stage[main]/Keystone::Roles::Admin/Keystone_user[admin]: 
> Could not evaluate: Execution of '/usr/bin/openstack token issue 
> --format value' returned 1: ERROR: openstack The resource could not be 
> found. (HTTP 404) (Request-ID: req-ca2a6dd1-fdb6-48f4-94fe-8f736fcc01dd)*
>
> Notice: 
> /Stage[main]/Keystone::Roles::Admin/Keystone_user_role[admin at openstack]: 
> Dependency Keystone_user[admin] has failures: true
>
> *Warning: 
> /Stage[main]/Keystone::Roles::Admin/Keystone_user_role[admin at openstack]: 
> Skipping because of failed dependencies*
>
> Notice: Finished catalog run in 12.38 seconds
>
> Here's code I am using on my puppet master ...
>
> classwrapcontroller(
>
> ... big list of parameters I am not using until I can get keystone 
> going ...
>
> ) {
>
>
> exec{ '/bin/yum -y install 
> http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm': 
> unless=> '/bin/rpm -q epel-release', }
>
> exec{ '/bin/yum -y install 
> http://rdo.fedorapeople.org/openstack-kilo/rdo-release-kilo.rpm': 
> unless=> '/bin/rpm -q rdo-release', }
>
>
> package { 'mariadb': ensure => present, }
>
> exec{ 'keystone_database_init':
>
> command=> '/usr/bin/keystone-manage db_sync',
>
> onlyif => [
>
> "/usr/bin/mysql 
> -u$keystone_db_user-p$keystone_db_pass-h$db_host-P$db_port$keystone_db_name-e 
> 'show tables'",
>
> "/usr/bin/test -z \"`/usr/bin/mysql -u$keystone_db_user 
> -p$keystone_db_pass -h$db_host -P$db_port $keystone_db_name -e 'show 
> tables'`\""
>
>         ],
>
> require => Package['mariadb'],
>
>     }
>
>
> class{'::keystone':
>
> admin_token                => $keystone_auth_token,
>
> database_connection        => 
> "mysql://${keystone_db_user}:${keystone_db_pass}@${db_host}:${db_port}/${keystone_db_name}",
>
> debug         => $debug,
>
> enabled         => true,
>
> enable_ssl         => false,
>
> service_name         => 'httpd',# this is a kilo thing
>
> verbose         => $debug,
>
>     }
>
>
> include ::apache
>
> class{ '::keystone::wsgi::apache': ssl=> false, }
>
> class{ '::keystone::roles::admin':
>
> email      => $keystone_admin_email,
>
> password    => $keystone_admin_password,
>
>     }
>
> class{ '::keystone::endpoint':
>
> public_url    => "http://127.0.0.1:5000",
>
> admin_url      => "http://127.0.0.1:35357",
>
> default_domain=> 'admin',
>
>     }
>
> }
>
> Thanks! And Happy New Year to you :)
> Red
>
>
>
> On Tue, Nov 24, 2015 at 2:38 PM, Emilien Macchi <emilien at redhat.com 
> <mailto:emilien at redhat.com>> wrote:
>
>
>
>     On 11/24/2015 11:21 PM, Russell Cecala wrote:
>     > I am trying to use the OpenStack community puppet modules. 
>     Here's the
>     > keystone module I am using:
>     https://github.com/openstack/puppet-keystone
>     > I am using the stable juno branch.  I have in my puppet manifest
>     for my
>     > controller nodes this resource definition:
>     >
>     >     class { '::keystone::roles::admin':
>     >         admin        => $keystone_admin_user,
>     >         email        => $keystone_admin_email,
>     >         password     => $keystone_admin_password,
>     >     } ->
>     >
>     > And when puppet runs that code I get this error:
>     >
>     >     Error:
>     >
>     /Stage[main]/Keystone::Roles::Admin/Keystone_user_role[keystone_admin_user at openstack]:
>     > Could not evaluate: Execution of '/usr/bin/openstack domain show
>     > --format shell' returned 2: usage: openstack domain show [-h] [-f
>     > {shell,table,value}] [-c COLUMN]
>     >                                  [--max-width <integer>]
>     [--prefix PREFIX]
>     >                                  <domain>
>     >     openstack domain show: error: too few arguments
>
>     Sounds like an issue with your version of openstackclient, can you
>     provide it?
>
>     >
>     > Can anyone help me?  Are these Puppet modules still being supported?
>
>     Yes :-)
>
>     > Does anyone use them?  Thanks!
>
>     Double yes.
>     --
>     Emilien Macchi
>
>
>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20160104/de34289a/attachment.html>


More information about the OpenStack-operators mailing list