Open Stack

On 01/04/2016 03:07 PM, Russell Cecala wrote:
> Thank you for the reply Rich,
>
> Here are the versions of my puppet modules:
>
> [root at ost-puppet-centos-001 keystone]# puppet module list
>
> /etc/puppetlabs/puppet/environments/production/modules
>
> ├── nanliu-staging (v1.0.3)
>
> ├── openstack-keystone (v6.1.0)
>
> ├── openstack-openstacklib (v6.1.0)
>
> ├── puppetlabs-apache (v1.7.0)
>
> ├── puppetlabs-apt (v1.8.0)
>
> ├── puppetlabs-concat (v1.2.4)
>
> ├── puppetlabs-firewall (v1.7.1)
>
> ├── puppetlabs-inifile (v1.4.2)
>
> ├── puppetlabs-mysql (v3.6.1)
>
> ├── puppetlabs-postgresql (v3.4.2)
>
> ├── puppetlabs-rabbitmq (v5.3.1)
>
> └── puppetlabs-stdlib (v4.9.0)
>
> /etc/puppetlabs/puppet/modules
>
> ├── cisco-gis-openstack (???)
>
> ├── haproxy (???)
>
> ├── keepalived (???)
>
> ├── mikduart-unnamed (v0.1.0)
>
> ├── mikduart-unnamed (v0.1.0)
>
> ├── mikduart-unnamed (v0.1.0)
>
> ├── puppetlabs-mongodb (v0.10.0)
>
> ├── saz-memcached (v2.4.0)
>
> ├── setup_mariadb_script (???)
>
> ├── sysctl (???)
>
> └── wrapmongodb (???)
>
> /opt/puppet/share/puppet/modules
>
> ├── puppetlabs-pe_accounts (v2.0.2-8-g8acc04e)
>
> ├── puppetlabs-pe_concat (v1.1.2-4-g2b7bba2)
>
> ├── puppetlabs-pe_console_prune (v0.1.1-4-g293f45b)
>
> ├── puppetlabs-pe_inifile (v1.1.4-16-gcb39966)
>
> ├── puppetlabs-pe_java_ks (v1.2.4-35-g44fbb26)
>
> ├── puppetlabs-pe_postgresql (v3.4.4-15-g32e56ed)
>
> ├── puppetlabs-pe_razor (v0.2.1-9-g8d78ec2)
>
> ├── puppetlabs-pe_repo (v0.7.7-59-g4514315)
>
> ├── puppetlabs-pe_staging (v0.3.3-6-gbd9db2b)
>
> └── puppetlabs-puppet_enterprise (v3.7.1-117-g9c48e73)
>
>
> I am not sure I have the right values in my openrc but I have been using:
>
>
> # cat openrc.localhost
>
> export OS_AUTH_URL=http://127.0.0.1:5000/v2.0
>
> export OS_PASSWORD=xxxxxxxxxxxxxxxx
>
> export OS_TENANT_NAME=admin
>
> export OS_USERNAME=admin
>

Is this sourced into the environment where puppet is running?  It should 
not be.

>
> I believe this is the openstackclient version I am using:
>
>
> [root at ost-mgmt-centos-001 ~]# rpm -qa | grep openstackclient
>
> python-*openstackclient*-1.0.3-2.el7.noarch
>
>
> On Mon, Jan 4, 2016 at 1:19 PM, Rich Megginson <rmeggins at redhat.com 
> <mailto:rmeggins at redhat.com>> wrote:
>
>     On 01/04/2016 02:06 PM, Russell Cecala wrote:
>>     Hi Emilien,
>>
>>
>>     I am trying to use https://github.com/openstack/puppet-keystone
>>     to set up a Kilo keystone node.
>
>     I'm assuming you're using the kilo branch there?
>
>>     I was hoping to could help me out so I can get my team to adopt
>>     puppet for setting up OpenStack.
>>
>>     On my keystone node I am running centos7 with selinux disabled ...
>
>     What version of openstackclient are you using?
>
>     Do you have a $HOME/openrc or /root/openrc, or are you otherwise
>     defining OS_* environment variables in the environment before
>     running puppet?
>
>>
>>     [root at svl-ost-mgmt-centos-001 ~]# sestatus
>>
>>     SELinux status:                 disabled
>>
>>     ... and I have flushed my iptables ...
>>
>>
>>     [root at svl-ost-mgmt-centos-001 ~]# iptables -L
>>
>>     Chain INPUT (policy ACCEPT)
>>
>>     target     prot opt source destination
>>
>>
>>     Chain FORWARD (policy ACCEPT)
>>
>>     target     prot opt source destination
>>
>>
>>     Chain OUTPUT (policy ACCEPT)
>>
>>     target     prot opt source destination
>>
>>
>>     Yet when I run "puppet agent -t"  I get these errors:
>>
>>
>>     [root at ost-mgmt-centos-001 ~]# puppet agent -t
>>
>>     Info: Retrieving pluginfacts
>>
>>     Info: Retrieving plugin
>>
>>     Info: Loading facts
>>
>>     Error: NetworkManager is not running.
>>
>>     Info: Caching catalog for ost-mgmt-centos-001.example.com
>>     <http://ost-mgmt-centos-001.example.com>
>>
>>     *Warning: The tenant parameter is deprecated and will be removed
>>     in the future. Please use keystone_user_role to assign a user to
>>     a project.*
>>
>>     *Warning: The ignore_default_tenant parameter is deprecated and
>>     will be removed in the future.*
>>
>>     Info: Applying configuration version '1451940682'
>>
>>     *Error: /Stage[main]/Keystone::Roles::Admin/Keystone_user[admin]:
>>     Could not evaluate: Execution of '/usr/bin/openstack token issue
>>     --format value' returned 1: ERROR: openstack The resource could
>>     not be found. (HTTP 404) (Request-ID:
>>     req-ca2a6dd1-fdb6-48f4-94fe-8f736fcc01dd)*
>>

*This usually indicates that it is trying to ensure that the user 
"admin" exists but the password is incorrect.  That is, the class { 
'::keystone::roles::admin':        password     => 
$keystone_admin_password is not correct.

If you are sure it is correct, then it could be a mismatch between the 
identity api version used by the puppet module and the one specified in 
the environment.  Check the keystone access logs to see what URL this is 
trying to access - something with /token or /tokens, or something with 
/auth/token or /auth/tokens

*
>
>>     Notice:
>>     /Stage[main]/Keystone::Roles::Admin/Keystone_user_role[admin at openstack]:
>>     Dependency Keystone_user[admin] has failures: true
>>
>>     *Warning:
>>     /Stage[main]/Keystone::Roles::Admin/Keystone_user_role[admin at openstack]:
>>     Skipping because of failed dependencies*
>>
>>     Notice: Finished catalog run in 12.38 seconds
>>
>>     Here's code I am using on my puppet master ...
>>
>>     classwrapcontroller(
>>
>>     ... big list of parameters I am not using until I can get
>>     keystone going ...
>>
>>     ) {
>>
>>
>>     exec{ '/bin/yum -y install
>>     http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm':
>>     unless=> '/bin/rpm -q epel-release', }
>>
>>     exec{ '/bin/yum -y install
>>     http://rdo.fedorapeople.org/openstack-kilo/rdo-release-kilo.rpm':
>>     unless=> '/bin/rpm -q rdo-release', }
>>
>>
>>     package { 'mariadb': ensure => present, }
>>
>>     exec{ 'keystone_database_init':
>>
>>     command=> '/usr/bin/keystone-manage db_sync',
>>
>>     onlyif => [
>>
>>     "/usr/bin/mysql
>>     -u$keystone_db_user-p$keystone_db_pass-h$db_host-P$db_port$keystone_db_name-e
>>     'show tables'",
>>
>>     "/usr/bin/test -z \"`/usr/bin/mysql -u$keystone_db_user
>>     -p$keystone_db_pass -h$db_host -P$db_port $keystone_db_name -e
>>     'show tables'`\""
>>
>>             ],
>>
>>     require => Package['mariadb'],
>>
>>         }
>>
>>
>>     class{'::keystone':
>>
>>     admin_token          => $keystone_auth_token,
>>
>>     database_connection      =>
>>     "mysql://${keystone_db_user}:${keystone_db_pass}@${db_host}:${db_port}/${keystone_db_name}",
>>
>>     debug     => $debug,
>>
>>     enabled     => true,
>>
>>     enable_ssl     => false,
>>
>>     service_name     => 'httpd',# this is a kilo thing
>>
>>     verbose     => $debug,
>>
>>         }
>>
>>
>>     include ::apache
>>
>>     class{ '::keystone::wsgi::apache': ssl=> false, }
>>
>>     class{ '::keystone::roles::admin':
>>
>>     email        => $keystone_admin_email,
>>
>>     password    => $keystone_admin_password,
>>
>>         }
>>
>>     class{ '::keystone::endpoint':
>>
>>     public_url    => "http://127.0.0.1:5000",
>>
>>     admin_url    => "http://127.0.0.1:35357",
>>
>>     default_domain=> 'admin',
>>
>>         }
>>
>>     }
>>
>>     Thanks! And Happy New Year to you :)
>>     Red
>>
>>
>>
>>     On Tue, Nov 24, 2015 at 2:38 PM, Emilien Macchi
>>     <emilien at redhat.com <mailto:emilien at redhat.com>> wrote:
>>
>>
>>
>>         On 11/24/2015 11:21 PM, Russell Cecala wrote:
>>         > I am trying to use the OpenStack community puppet modules. 
>>         Here's the
>>         > keystone module I am using:
>>         https://github.com/openstack/puppet-keystone
>>         > I am using the stable juno branch.  I have in my puppet
>>         manifest for my
>>         > controller nodes this resource definition:
>>         >
>>         >     class { '::keystone::roles::admin':
>>         >         admin        => $keystone_admin_user,
>>         >         email        => $keystone_admin_email,
>>         >         password     => $keystone_admin_password,
>>         >     } ->
>>         >
>>         > And when puppet runs that code I get this error:
>>         >
>>         >     Error:
>>         >
>>         /Stage[main]/Keystone::Roles::Admin/Keystone_user_role[keystone_admin_user at openstack]:
>>         > Could not evaluate: Execution of '/usr/bin/openstack domain
>>         show
>>         > --format shell' returned 2: usage: openstack domain show
>>         [-h] [-f
>>         > {shell,table,value}] [-c COLUMN]
>>         > [--max-width <integer>] [--prefix PREFIX]
>>         > <domain>
>>         >     openstack domain show: error: too few arguments
>>
>>         Sounds like an issue with your version of openstackclient,
>>         can you
>>         provide it?
>>
>>         >
>>         > Can anyone help me?  Are these Puppet modules still being
>>         supported?
>>
>>         Yes :-)
>>
>>         > Does anyone use them?  Thanks!
>>
>>         Double yes.
>>         --
>>         Emilien Macchi
>>
>>
>>
>>
>>     _______________________________________________
>>     OpenStack-operators mailing list
>>     OpenStack-operators at lists.openstack.org
>>     <mailto:OpenStack-operators at lists.openstack.org>
>>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>
>     _______________________________________________
>     OpenStack-operators mailing list
>     OpenStack-operators at lists.openstack.org
>     <mailto:OpenStack-operators at lists.openstack.org>
>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20160104/d5c04f65/attachment.html>