<div dir="ltr">Hi Emilien,<div><br></div><div><br></div><div>I am trying to use <a href="https://github.com/openstack/puppet-keystone">https://github.com/openstack/puppet-keystone</a> to set up a Kilo keystone node.  I was hoping to could help me out so I can get my team to adopt puppet for setting up OpenStack.</div><div><br></div><div>On my keystone node I am running centos7 with selinux disabled ...</div><div><br></div><div>







<p class="">[root@svl-ost-mgmt-centos-001 ~]# sestatus </p><p class="">SELinux status:                 disabled</p><p class="">... and I have flushed my iptables ...</p><p class=""><br></p><p class="">[root@svl-ost-mgmt-centos-001 ~]# iptables -L</p><p class="">Chain INPUT (policy ACCEPT)</p><p class="">target     prot opt source               destination         </p><p class=""><br></p><p class="">Chain FORWARD (policy ACCEPT)</p><p class="">target     prot opt source               destination         </p><p class=""><br></p><p class="">Chain OUTPUT (policy ACCEPT)</p><p class="">















</p><p class="">target     prot opt source               destination         </p><p class=""><br></p><p class="">Yet when I run "puppet agent -t"  I get these errors:</p><p class=""><br></p><p class="">[root@ost-mgmt-centos-001 ~]# puppet agent -t</p><p class="">Info: Retrieving pluginfacts</p><p class="">Info: Retrieving plugin</p><p class="">Info: Loading facts</p><p class="">Error: NetworkManager is not running.</p><p class="">Info: Caching catalog for <a href="http://ost-mgmt-centos-001.example.com">ost-mgmt-centos-001.example.com</a></p><p class=""><b>Warning: The tenant parameter is deprecated and will be removed in the future. Please use keystone_user_role to assign a user to a project.</b></p><p class=""><b>Warning: The ignore_default_tenant parameter is deprecated and will be removed in the future.</b></p><p class="">Info: Applying configuration version '1451940682'</p><p class=""><b>Error: /Stage[main]/Keystone::Roles::Admin/Keystone_user[admin]: Could not evaluate: Execution of '/usr/bin/openstack token issue --format value' returned 1: ERROR: openstack The resource could not be found. (HTTP 404) (Request-ID: req-ca2a6dd1-fdb6-48f4-94fe-8f736fcc01dd)</b></p><p class="">Notice: /Stage[main]/Keystone::Roles::Admin/Keystone_user_role[admin@openstack]: Dependency Keystone_user[admin] has failures: true</p><p class=""><b>Warning: /Stage[main]/Keystone::Roles::Admin/Keystone_user_role[admin@openstack]: Skipping because of failed dependencies</b></p><p class="">



















</p><p class="">Notice: Finished catalog run in 12.38 seconds</p><p class="">Here's code I am using on my puppet master ...</p><p class=""><span class="">class</span><span class=""> </span>wrapcontroller<span class="">(</span></p><p class="">








</p><p class="">... big list of parameters I am not using until I can get keystone going ...</p><p class="">) {</p><p class=""><br></p><p class=""><span class="">    </span><span class="">exec</span><span class=""> { </span>'/bin/yum -y install <a href="http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm">http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm</a>'<span class="">: </span><span class="">unless</span><span class=""> => </span>'/bin/rpm -q epel-release'<span class="">, }</span></p><p class=""><span class="">    </span><span class="">exec</span><span class=""> { </span>'/bin/yum -y install <a href="http://rdo.fedorapeople.org/openstack-kilo/rdo-release-kilo.rpm">http://rdo.fedorapeople.org/openstack-kilo/rdo-release-kilo.rpm</a>'<span class="">: </span><span class="">unless</span><span class=""> => </span>'/bin/rpm -q rdo-release'<span class="">, }</span></p><p class=""><br></p><p class="">    <span class="">package</span> { <span class="">'mariadb'</span>: <span class="">ensure</span> => <span class="">present</span>, }</p><p class=""><span class="">    </span><span class="">exec</span><span class=""> { </span>'keystone_database_init'<span class="">:</span></p><p class=""><span class="">        </span><span class="">command</span><span class=""> => </span>'/usr/bin/keystone-manage db_sync'<span class="">,</span></p><p class="">        <span class="">onlyif</span> => [</p><p class=""><span class="">            </span><span class="">"/usr/bin/mysql -u</span>$keystone_db_user<span class=""> -p</span>$keystone_db_pass<span class=""> -h</span>$db_host<span class=""> -P</span>$db_port<span class=""> </span>$keystone_db_name<span class=""> -e 'show tables'"</span><span class="">,</span></p><p class=""><span class="">            </span>"/usr/bin/test -z \"`/usr/bin/mysql -u<span class="">$keystone_db_user</span> -p<span class="">$keystone_db_pass</span> -h<span class="">$db_host</span> -P<span class="">$db_port</span> <span class="">$keystone_db_name</span> -e 'show tables'`\""</p><p class="">        ],</p><p class="">        <span class="">require</span> => <span class="">Package</span>[<span class="">'mariadb'</span>],</p><p class="">    }</p><p class=""><br></p><p class=""><span class="">    </span><span class="">class</span><span class=""> {</span>'::keystone'<span class="">:</span></p><p class=""><span class="">        </span>admin_token<span class="">                => </span>$keystone_auth_token<span class="">,</span></p><p class=""><span class="">        </span>database_connection<span class="">        => </span><span class="">"mysql://</span>${keystone_db_user}<span class="">:</span>${keystone_db_pass}<span class="">@</span>${db_host}<span class="">:</span>${db_port}<span class="">/</span>${keystone_db_name}<span class="">"</span><span class="">,</span></p><p class="">        <span class="">debug</span>                      => <span class="">$debug</span>,</p><p class="">        <span class="">enabled</span>                    => <span class="">true</span>,</p><p class="">        <span class="">enable_ssl</span>                 => <span class="">false</span>,</p><p class="">        <span class="">service_name</span>               => <span class="">'httpd'</span>,<span class=""> # this is a kilo thing</span></p><p class="">        <span class="">verbose</span>                    => <span class="">$debug</span>,</p><p class="">    }</p><p class=""><br></p><p class="">    <span class="">include</span> ::apache</p><p class=""><span class="">    </span><span class="">class</span><span class=""> { </span>'::keystone::wsgi::apache'<span class="">: </span><span class="">ssl</span><span class=""> => </span><span class="">false</span><span class="">, }</span></p><p class=""><span class="">    </span><span class="">class</span><span class=""> { </span>'::keystone::roles::admin'<span class="">:</span></p><p class=""><span class="">       </span>email<span class="">        => </span>$keystone_admin_email<span class="">,</span></p><p class=""><span class="">       </span>password<span class="">     => </span>$keystone_admin_password<span class="">,</span></p><p class="">    }</p><p class=""><span class="">    </span><span class="">class</span><span class=""> { </span>'::keystone::endpoint'<span class="">:</span></p><p class=""><span class="">       </span><span class="">public_url</span><span class="">     => </span>"<a href="http://127.0.0.1:5000">http://127.0.0.1:5000</a>"<span class="">,</span></p><p class=""><span class="">       </span><span class="">admin_url</span><span class="">      => </span>"<a href="http://127.0.0.1:35357">http://127.0.0.1:35357</a>"<span class="">,</span></p><p class=""><span class="">       </span>default_domain<span class=""> => </span><span class="">'admin'</span><span class="">,</span></p><p class="">    }</p><p class="">











































</p><p class="">}</p></div><div>Thanks! And Happy New Year to you :)</div><div>Red</div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Nov 24, 2015 at 2:38 PM, Emilien Macchi <span dir="ltr"><<a href="mailto:emilien@redhat.com" target="_blank">emilien@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
<br>
On 11/24/2015 11:21 PM, Russell Cecala wrote:<br>
> I am trying to use the OpenStack community puppet modules.  Here's the<br>
> keystone module I am using:  <a href="https://github.com/openstack/puppet-keystone" rel="noreferrer" target="_blank">https://github.com/openstack/puppet-keystone</a><br>
> I am using the stable juno branch.  I have in my puppet manifest for my<br>
> controller nodes this resource definition:<br>
><br>
>     class { '::keystone::roles::admin':<br>
>         admin        => $keystone_admin_user,<br>
>         email        => $keystone_admin_email,<br>
>         password     => $keystone_admin_password,<br>
>     } -><br>
><br>
> And when puppet runs that code I get this error:<br>
><br>
>     Error:<br>
> /Stage[main]/Keystone::Roles::Admin/Keystone_user_role[keystone_admin_user@openstack]:<br>
> Could not evaluate: Execution of '/usr/bin/openstack domain show<br>
> --format shell' returned 2: usage: openstack domain show [-h] [-f<br>
> {shell,table,value}] [-c COLUMN]<br>
>                                  [--max-width <integer>] [--prefix PREFIX]<br>
>                                  <domain><br>
>     openstack domain show: error: too few arguments<br>
<br>
</span>Sounds like an issue with your version of openstackclient, can you<br>
provide it?<br>
<span class=""><br>
><br>
> Can anyone help me?  Are these Puppet modules still being supported?<br>
<br>
</span>Yes :-)<br>
<span class=""><br>
> Does anyone use them?  Thanks!<br>
<br>
</span>Double yes.<br>
<span class="HOEnZb"><font color="#888888">--<br>
Emilien Macchi<br>
<br>
</font></span></blockquote></div><br></div>