<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 01/04/2016 03:07 PM, Russell Cecala
wrote:<br>
</div>
<blockquote
cite="mid:CAHu+3OxyFD8NpLsA0eXeXeMiKG2zN_3O-LcWDU_1J-Z6XrNwsw@mail.gmail.com"
type="cite">
<div dir="ltr">Thank you for the reply Rich,
<div><br>
</div>
<div>Here are the versions of my puppet modules:</div>
<div><br>
</div>
<div>
<p class="">[root@ost-puppet-centos-001 keystone]# puppet
module list </p>
<p class="">/etc/puppetlabs/puppet/environments/production/modules</p>
<p class="">├── nanliu-staging (<span class="">v1.0.3</span>)</p>
<p class="">├── openstack-keystone (<span class="">v6.1.0</span>)</p>
<p class="">├── openstack-openstacklib (<span class="">v6.1.0</span>)</p>
<p class="">├── puppetlabs-apache (<span class="">v1.7.0</span>)</p>
<p class="">├── puppetlabs-apt (<span class="">v1.8.0</span>)</p>
<p class="">├── puppetlabs-concat (<span class="">v1.2.4</span>)</p>
<p class="">├── puppetlabs-firewall (<span class="">v1.7.1</span>)</p>
<p class="">├── puppetlabs-inifile (<span class="">v1.4.2</span>)</p>
<p class="">├── puppetlabs-mysql (<span class="">v3.6.1</span>)</p>
<p class="">├── puppetlabs-postgresql (<span class="">v3.4.2</span>)</p>
<p class="">├── puppetlabs-rabbitmq (<span class="">v5.3.1</span>)</p>
<p class="">└── puppetlabs-stdlib (<span class="">v4.9.0</span>)</p>
<p class="">/etc/puppetlabs/puppet/modules</p>
<p class="">├── cisco-gis-openstack (<span class="">???</span>)</p>
<p class="">├── haproxy (<span class="">???</span>)</p>
<p class="">├── keepalived (<span class="">???</span>)</p>
<p class="">├── mikduart-unnamed (<span class="">v0.1.0</span>)</p>
<p class="">├── mikduart-unnamed (<span class="">v0.1.0</span>)</p>
<p class="">├── mikduart-unnamed (<span class="">v0.1.0</span>)</p>
<p class="">├── puppetlabs-mongodb (<span class="">v0.10.0</span>)</p>
<p class="">├── saz-memcached (<span class="">v2.4.0</span>)</p>
<p class="">├── setup_mariadb_script (<span class="">???</span>)</p>
<p class="">├── sysctl (<span class="">???</span>)</p>
<p class="">└── wrapmongodb (<span class="">???</span>)</p>
<p class="">/opt/puppet/share/puppet/modules</p>
<p class="">├── puppetlabs-pe_accounts (<span class="">v2.0.2-8-g8acc04e</span>)</p>
<p class="">├── puppetlabs-pe_concat (<span class="">v1.1.2-4-g2b7bba2</span>)</p>
<p class="">├── puppetlabs-pe_console_prune (<span class="">v0.1.1-4-g293f45b</span>)</p>
<p class="">├── puppetlabs-pe_inifile (<span class="">v1.1.4-16-gcb39966</span>)</p>
<p class="">├── puppetlabs-pe_java_ks (<span class="">v1.2.4-35-g44fbb26</span>)</p>
<p class="">├── puppetlabs-pe_postgresql (<span class="">v3.4.4-15-g32e56ed</span>)</p>
<p class="">├── puppetlabs-pe_razor (<span class="">v0.2.1-9-g8d78ec2</span>)</p>
<p class="">├── puppetlabs-pe_repo (<span class="">v0.7.7-59-g4514315</span>)</p>
<p class="">├── puppetlabs-pe_staging (<span class="">v0.3.3-6-gbd9db2b</span>)</p>
<p class="">└── puppetlabs-puppet_enterprise (<span class="">v3.7.1-117-g9c48e73</span>)</p>
<p class=""><br>
</p>
<p class="">I am not sure I have the right values in my openrc
but I have been using:</p>
<p class=""><br>
</p>
<p class=""># cat openrc.localhost </p>
<p class="">export OS_AUTH_URL=<a moz-do-not-send="true"
href="http://127.0.0.1:5000/v2.0">http://127.0.0.1:5000/v2.0</a></p>
<p class="">export OS_PASSWORD=xxxxxxxxxxxxxxxx</p>
<p class="">export OS_TENANT_NAME=admin</p>
<p class="">
</p>
<p class="">export OS_USERNAME=admin</p>
</div>
</div>
</blockquote>
<br>
Is this sourced into the environment where puppet is running? It
should not be.<br>
<br>
<blockquote
cite="mid:CAHu+3OxyFD8NpLsA0eXeXeMiKG2zN_3O-LcWDU_1J-Z6XrNwsw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<p class=""><br>
</p>
<p class="">I believe this is the openstackclient version I am
using:</p>
<p class=""><br>
</p>
<p class="">[root@ost-mgmt-centos-001 ~]# rpm -qa | grep
openstackclient</p>
<p class="">
</p>
<p class="">python-<span class=""><b>openstackclient</b></span>-1.0.3-2.el7.noarch</p>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Jan 4, 2016 at 1:19 PM, Rich
Megginson <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><span class="">
<div>On 01/04/2016 02:06 PM, Russell Cecala wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi Emilien,
<div><br>
</div>
<div><br>
</div>
<div>I am trying to use <a moz-do-not-send="true"
href="https://github.com/openstack/puppet-keystone"
target="_blank">https://github.com/openstack/puppet-keystone</a>
to set up a Kilo keystone node.</div>
</div>
</blockquote>
<br>
</span> I'm assuming you're using the kilo branch there?<span
class=""><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div>I was hoping to could help me out so I can get
my team to adopt puppet for setting up OpenStack.</div>
<div><br>
</div>
<div>On my keystone node I am running centos7 with
selinux disabled ...</div>
</div>
</blockquote>
<br>
</span> What version of openstackclient are you using?<br>
<br>
Do you have a $HOME/openrc or /root/openrc, or are you
otherwise defining OS_* environment variables in the
environment before running puppet?<br>
<br>
<blockquote type="cite">
<div>
<div class="h5">
<div dir="ltr">
<div><br>
</div>
<div>
<p>[root@svl-ost-mgmt-centos-001 ~]# sestatus </p>
<p>SELinux status: disabled</p>
<p>... and I have flushed my iptables ...</p>
<p><br>
</p>
<p>[root@svl-ost-mgmt-centos-001 ~]# iptables -L</p>
<p>Chain INPUT (policy ACCEPT)</p>
<p>target prot opt source
destination </p>
<p><br>
</p>
<p>Chain FORWARD (policy ACCEPT)</p>
<p>target prot opt source
destination </p>
<p><br>
</p>
<p>Chain OUTPUT (policy ACCEPT)</p>
<p> </p>
<p>target prot opt source
destination </p>
<p><br>
</p>
<p>Yet when I run "puppet agent -t" I get these
errors:</p>
<p><br>
</p>
<p>[root@ost-mgmt-centos-001 ~]# puppet agent -t</p>
<p>Info: Retrieving pluginfacts</p>
<p>Info: Retrieving plugin</p>
<p>Info: Loading facts</p>
<p>Error: NetworkManager is not running.</p>
<p>Info: Caching catalog for <a
moz-do-not-send="true"
href="http://ost-mgmt-centos-001.example.com"
target="_blank">ost-mgmt-centos-001.example.com</a></p>
<p><b>Warning: The tenant parameter is
deprecated and will be removed in the
future. Please use keystone_user_role to
assign a user to a project.</b></p>
<p><b>Warning: The ignore_default_tenant
parameter is deprecated and will be removed
in the future.</b></p>
<p>Info: Applying configuration version
'1451940682'</p>
<p><b>Error:
/Stage[main]/Keystone::Roles::Admin/Keystone_user[admin]:
Could not evaluate: Execution of
'/usr/bin/openstack token issue --format
value' returned 1: ERROR: openstack The
resource could not be found. (HTTP 404)
(Request-ID:
req-ca2a6dd1-fdb6-48f4-94fe-8f736fcc01dd)</b></p>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</blockquote>
</div>
</div>
</blockquote>
<br>
<b>This usually indicates that it is trying to ensure that the user
"admin" exists but the password is incorrect. That is, the class
{ '::keystone::roles::admin': password =>
$keystone_admin_password is not correct.<br>
<br>
If you are sure it is correct, then it could be a mismatch between
the identity api version used by the puppet module and the one
specified in the environment. Check the keystone access logs to
see what URL this is trying to access - something with /token or
/tokens, or something with /auth/token or /auth/tokens<br>
<br>
</b>
<blockquote
cite="mid:CAHu+3OxyFD8NpLsA0eXeXeMiKG2zN_3O-LcWDU_1J-Z6XrNwsw@mail.gmail.com"
type="cite">
<div class="gmail_extra">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<blockquote type="cite">
<div>
<div class="h5">
<div dir="ltr">
<div>
<p>Notice:
/Stage[main]/Keystone::Roles::Admin/Keystone_user_role[admin@openstack]:
Dependency Keystone_user[admin] has failures:
true</p>
<p><b>Warning:
/Stage[main]/Keystone::Roles::Admin/Keystone_user_role[admin@openstack]:
Skipping because of failed dependencies</b></p>
<p> </p>
<p>Notice: Finished catalog run in 12.38 seconds</p>
<p>Here's code I am using on my puppet master
...</p>
<p><span>class</span><span> </span>wrapcontroller<span>(</span></p>
<p> </p>
<p>... big list of parameters I am not using
until I can get keystone going ...</p>
<p>) {</p>
<p><br>
</p>
<p><span> </span><span>exec</span><span> { </span>'/bin/yum
-y install <a moz-do-not-send="true"
href="http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm"
target="_blank">http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm</a>'<span>:
</span><span>unless</span><span> => </span>'/bin/rpm
-q epel-release'<span>, }</span></p>
<p><span> </span><span>exec</span><span> { </span>'/bin/yum
-y install <a moz-do-not-send="true"
href="http://rdo.fedorapeople.org/openstack-kilo/rdo-release-kilo.rpm"
target="_blank">http://rdo.fedorapeople.org/openstack-kilo/rdo-release-kilo.rpm</a>'<span>:
</span><span>unless</span><span> => </span>'/bin/rpm
-q rdo-release'<span>, }</span></p>
<p><br>
</p>
<p> <span>package</span> { <span>'mariadb'</span>:
<span>ensure</span> => <span>present</span>,
}</p>
<p><span> </span><span>exec</span><span> { </span>'keystone_database_init'<span>:</span></p>
<p><span> </span><span>command</span><span>
=> </span>'/usr/bin/keystone-manage
db_sync'<span>,</span></p>
<p> <span>onlyif</span> => [</p>
<p><span> </span><span>"/usr/bin/mysql
-u</span>$keystone_db_user<span> -p</span>$keystone_db_pass<span>
-h</span>$db_host<span> -P</span>$db_port<span>
</span>$keystone_db_name<span> -e 'show
tables'"</span><span>,</span></p>
<p><span> </span>"/usr/bin/test -z
\"`/usr/bin/mysql -u<span>$keystone_db_user</span>
-p<span>$keystone_db_pass</span> -h<span>$db_host</span>
-P<span>$db_port</span> <span>$keystone_db_name</span>
-e 'show tables'`\""</p>
<p> ],</p>
<p> <span>require</span> => <span>Package</span>[<span>'mariadb'</span>],</p>
<p> }</p>
<p><br>
</p>
<p><span> </span><span>class</span><span> {</span>'::keystone'<span>:</span></p>
<p><span> </span>admin_token<span>
=> </span>$keystone_auth_token<span>,</span></p>
<p><span> </span>database_connection<span>
=> </span><span>"mysql://</span>${keystone_db_user}<span>:</span>${keystone_db_pass}<span>@</span>${db_host}<span>:</span>${db_port}<span>/</span>${keystone_db_name}<span>"</span><span>,</span></p>
<p> <span>debug</span>
=> <span>$debug</span>,</p>
<p> <span>enabled</span>
=> <span>true</span>,</p>
<p> <span>enable_ssl</span>
=> <span>false</span>,</p>
<p> <span>service_name</span>
=> <span>'httpd'</span>,<span> # this
is a kilo thing</span></p>
<p> <span>verbose</span>
=> <span>$debug</span>,</p>
<p> }</p>
<p><br>
</p>
<p> <span>include</span> ::apache</p>
<p><span> </span><span>class</span><span> {
</span>'::keystone::wsgi::apache'<span>: </span><span>ssl</span><span>
=> </span><span>false</span><span>, }</span></p>
<p><span> </span><span>class</span><span> {
</span>'::keystone::roles::admin'<span>:</span></p>
<p><span> </span>email<span> =>
</span>$keystone_admin_email<span>,</span></p>
<p><span> </span>password<span> =>
</span>$keystone_admin_password<span>,</span></p>
<p> }</p>
<p><span> </span><span>class</span><span> {
</span>'::keystone::endpoint'<span>:</span></p>
<p><span> </span><span>public_url</span><span>
=> </span>"<a moz-do-not-send="true"
href="http://127.0.0.1:5000" target="_blank">http://127.0.0.1:5000</a>"<span>,</span></p>
<p><span> </span><span>admin_url</span><span>
=> </span>"<a moz-do-not-send="true"
href="http://127.0.0.1:35357"
target="_blank">http://127.0.0.1:35357</a>"<span>,</span></p>
<p><span> </span>default_domain<span>
=> </span><span>'admin'</span><span>,</span></p>
<p> }</p>
<p> </p>
<p>}</p>
</div>
<div>Thanks! And Happy New Year to you :)</div>
<div>Red</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Nov 24, 2015 at
2:38 PM, Emilien Macchi <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:emilien@redhat.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:emilien@redhat.com">emilien@redhat.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex"><span><br>
<br>
On 11/24/2015 11:21 PM, Russell Cecala
wrote:<br>
> I am trying to use the OpenStack
community puppet modules. Here's the<br>
> keystone module I am using: <a
moz-do-not-send="true"
href="https://github.com/openstack/puppet-keystone"
target="_blank"><a class="moz-txt-link-freetext" href="https://github.com/openstack/puppet-keystone">https://github.com/openstack/puppet-keystone</a></a><br>
> I am using the stable juno branch. I
have in my puppet manifest for my<br>
> controller nodes this resource
definition:<br>
><br>
> class { '::keystone::roles::admin':<br>
> admin =>
$keystone_admin_user,<br>
> email =>
$keystone_admin_email,<br>
> password =>
$keystone_admin_password,<br>
> } -><br>
><br>
> And when puppet runs that code I get
this error:<br>
><br>
> Error:<br>
>
/Stage[main]/Keystone::Roles::Admin/Keystone_user_role[keystone_admin_user@openstack]:<br>
> Could not evaluate: Execution of
'/usr/bin/openstack domain show<br>
> --format shell' returned 2: usage:
openstack domain show [-h] [-f<br>
> {shell,table,value}] [-c COLUMN]<br>
>
[--max-width <integer>] [--prefix
PREFIX]<br>
>
<domain><br>
> openstack domain show: error: too
few arguments<br>
<br>
</span>Sounds like an issue with your version
of openstackclient, can you<br>
provide it?<br>
<span><br>
><br>
> Can anyone help me? Are these Puppet
modules still being supported?<br>
<br>
</span>Yes :-)<br>
<span><br>
> Does anyone use them? Thanks!<br>
<br>
</span>Double yes.<br>
<span><font color="#888888">--<br>
Emilien Macchi<br>
<br>
</font></span></blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<span class="">
<pre>_______________________________________________
OpenStack-operators mailing list
<a moz-do-not-send="true" href="mailto:OpenStack-operators@lists.openstack.org" target="_blank">OpenStack-operators@lists.openstack.org</a>
<a moz-do-not-send="true" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators</a>
</pre>
</span></blockquote>
<br>
</div>
<br>
_______________________________________________<br>
OpenStack-operators mailing list<br>
<a moz-do-not-send="true"
href="mailto:OpenStack-operators@lists.openstack.org">OpenStack-operators@lists.openstack.org</a><br>
<a moz-do-not-send="true"
href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators"
rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>