<div dir="ltr">Thanks for helping out.  I hope that I am not being too much of a pest, but I really want my group to adopt the Openstack community's puppet modules for deploying Openstack.  Now that I have keystone working on one node I want to expand on that.  I have an HAProxy cluster and I have a signed certificate.  I want to use ssl and use my HAProxy cluster.  I assume that I need to change my POC puppet manifest like so ... <div><br></div><div><span class="im" style="font-size:12.8px"><p>class { '::keystone::endpoint':</p><p>       public_url     => "https://${controller_vip_name}<a href="http://127.0.0.1:5000/" target="_blank">:5000</a>",</p><p>       admin_url      => "<span style="font-size:12.8px">https://</span><span style="font-size:12.8px">${controller_vip_name}</span><a href="http://127.0.0.1:35357/" target="_blank" style="font-size:12.8px">:35357</a><span style="font-size:12.8px">"</span><span style="font-size:12.8px">,</span></p></span><p style="font-size:12.8px">       internal_url     => "<span style="color:rgb(80,0,80);font-size:12.8px">https://</span><span style="color:rgb(80,0,80);font-size:12.8px">${controller_vip_name}</span><a href="http://127.0.0.1:5000/" target="_blank" style="font-size:12.8px">:5000</a><span style="font-size:12.8px">"</span><span style="font-size:12.8px">,</span></p><p style="font-size:12.8px">       region         => 'example-1',</p><p style="font-size:12.8px">    }</p><p style="font-size:12.8px">Where $<span style="color:rgb(80,0,80);font-size:12.8px">controller_vip_name</span><span style="font-size:12.8px"> is the hostname (or IP address) of the virtual interface for my HAProxy </span></p><p style="font-size:12.8px"><span style="font-size:12.8px"><br></span></p><p style="font-size:12.8px"><span style="font-size:12.8px">In my haproxy.cfg I have these lines:</span></p><p style="font-size:12.8px"><span style="font-size:small">frontend keystone-admin-vip</span><br></p><p class="">  bind <a href="http://10.29.103.39:35357">10.29.103.39:35357</a> ssl crt /etc/haproxy/<a href="http://svl-ost-el7.cisco.com">svl-ost-el7.cisco.com</a> no-sslv3 ciphers AES128-SHA:AES256-SHA</p><p class="">  default_backend  keystone-admin-api</p><p class=""><br></p><p class="">frontend keystone-public-vip</p><p class="">  bind <a href="http://10.29.103.39:5000">10.29.103.39:5000</a> ssl crt /etc/haproxy/<a href="http://svl-ost-el7.cisco.com">svl-ost-el7.cisco.com</a> no-sslv3 ciphers AES128-SHA:AES256-SHA</p><p style="font-size:12.8px">













</p><p class="">  default_backend  keystone-public-api</p><p class="">So I guess my question is, "Is there any thing else I need to do besides changing the values I pass to my <span style="color:rgb(80,0,80);font-size:12.8px">keystone::endpoint resource?".</span></p><p class=""><span style="color:rgb(80,0,80);font-size:12.8px"><br></span></p><p class=""><span style="color:rgb(80,0,80);font-size:12.8px">Thanks!</span></p></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jan 8, 2016 at 10:13 AM, Russell Cecala <span dir="ltr"><<a href="mailto:red.cricket.blog@gmail.com" target="_blank">red.cricket.blog@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">oops.  I figured it out ...<div><br></div><div>







<p>MariaDB [keystone_db_name]> select * from project;</p>
<p>+----------------------------------+-----------+-------+-----------------------------------+---------+-----------+-----------+</p>
<p>| id                               | name      | extra | description                       | enabled | domain_id | parent_id |</p>
<p>+----------------------------------+-----------+-------+-----------------------------------+---------+-----------+-----------+</p>
<p>| af4e7a8966fb4665aaac22a8b9687c8f | openstack | {}    | admin tenant                      |       1 | default   | NULL      |</p>
<p>| b83b33cc7d314181af50a2a80c995b0c | services  | {}    | Tenant for the openstack services |       1 | default   | NULL      |</p>
<p>+----------------------------------+-----------+-------+-----------------------------------+---------+-----------+-----------+</p>
<p><b>2 rows in set (0.01 sec)</b></p>
<p><br></p>
<p>MariaDB [keystone_db_name]> quit</p>
<p><b>Bye</b></p>
<p>[root@ost-services-centos-001 ~]# exit</p>
<p>logout</p>
<p>Connection to ost-services-centos-001 closed.</p>
<p>[root@ost-mgmt-centos-001 ~]# openstack --os-auth-url <a href="http://127.0.0.1:35357" target="_blank">http://127.0.0.1:35357</a>    --os-project-name openstack --os-username admin --os-auth-type password   token issue</p>
<p>Password: </p>
<p>+------------+----------------------------------+</p>
<p>| Field      | Value                            |</p>
<p>+------------+----------------------------------+</p>
<p>| expires    | 2016-01-08T19:12:14Z             |</p>
<p>| id         | 581a5c2e8a074740a510cbadebf17815 |</p>
<p>| project_id | af4e7a8966fb4665aaac22a8b9687c8f |</p>
<p>| user_id    | b3f1f4bcfb114559a05378bd6ce39e55 |</p>
<p>+------------+----------------------------------+</p></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jan 8, 2016 at 10:09 AM, Russell Cecala <span dir="ltr"><<a href="mailto:red.cricket.blog@gmail.com" target="_blank">red.cricket.blog@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Rich,  <div><br></div><div>Thanks for all your help so far.  </div><div>I am getting clean puppet runs (I still get depreciation warnings) but "puppet agent -t" is running without error now:</div><div><br></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><span><div><p>[root@ost-mgmt-centos-001 ~]# puppet agent -t</p></div><div><p>Info: Retrieving pluginfacts</p></div><div><p>Info: Retrieving plugin</p></div><div><p>Info: Loading facts</p></div><div><p>Error: NetworkManager is not running.</p></div><div><p>Info: Caching catalog for <a href="http://ost-mgmt-centos-001.example.com" target="_blank">ost-mgmt-centos-001.example.com</a></p></div><div><p><b>Warning: The tenant parameter is deprecated and will be removed in the future. Please use keystone_user_role to assign a user to a project.</b></p></div><div><p><b>Warning: The ignore_default_tenant parameter is deprecated and will be removed in the future.</b></p></div></span><div><p>Info: Applying configuration version '1452275612'</p></div><div><p>Notice: /Stage[main]/Wrapcontroller/Exec[/usr/bin/curl <a href="http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo" target="_blank">http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo</a> | /usr/bin/tee /var/www/cgi-bin/keystone/main /var/www/cgi-bin/keystone/admin]/returns: executed successfully</p></div><div><p>Notice: Finished catalog run in 11.53 seconds</p></div></blockquote><div><br></div><div>Here is the puppet module I am using currently:</div><div><br></div><div>







<p><span>class</span><span> </span>wrapcontroller<span>(</span></p><p><span>... long list of parameters I am not using yet ...</span></p><p><span>) {</span></p><p><span>    </span><span>class</span><span> {</span>'my-openstack::disable_firewall'<span>:} -></span></p><p><span>    </span><span>class</span><span> {</span>'my-openstack::disable_selinux'<span>:} -></span></p><p><span>    </span><span>class</span><span> {</span>'my-openstack::disable_network_manager'<span>:} -></span></p><span><p><br></p><p><span>    </span><span>exec</span><span> { </span>'/bin/yum -y install <a href="http://dl.fedora" target="_blank">http://dl.fedora</a><span>project</span>.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm'<span>: </span><span>unless</span><span> => </span>'/bin/rpm -q epel-release'<span>, }</span></p><p><span>    </span><span>exec</span><span> { </span>'/bin/yum -y install <a href="http://rdo.fedorapeople.org/openstack-kilo/rdo-release-kilo.rpm" target="_blank">http://rdo.fedorapeople.org/openstack-kilo/rdo-release-kilo.rpm</a>'<span>: </span><span>unless</span><span> => </span>'/bin/rpm -q rdo-release'<span>, }</span></p></span><p><span>    </span><span>exec</span><span> { </span>'/usr/bin/curl <a href="http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo" target="_blank">http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo</a> | /usr/bin/tee /var/www/cgi-bin/keystone/main /var/www/cgi-bin/keystone/admin'<span>:}</span><br></p></div><div>







<p><span>    </span><span>$packages</span><span> = [</span>'mariadb'<span>, </span>'mod_wsgi'<span>, </span>'memcached'<span>, </span>'python-memcached'<span>]</span></p>
<p>    <span>package</span> { <span>$packages</span> : <span>ensure</span> => <span>present</span>, }</p><span>
<p><br></p>
<p><span>    </span><span>exec</span><span> { </span>'keystone_database_init'<span>:</span></p>
<p><span>        </span><span>command</span><span> => </span>'/usr/bin/keystone-manage db_sync'<span>,</span></p>
<p>        <span>onlyif</span> => [</p>
<p><span>            </span><span>"/usr/bin/mysql -u</span>$keystone_db_user<span> -p</span>$keystone_db_pass<span> -h</span>$db_host<span> -P</span>$db_port<span> </span>$keystone_db_name<span> -e 'show tables'"</span><span>,</span></p>
<p><span>            </span>"/usr/bin/test -z \"`/usr/bin/mysql -u<span>$keystone_db_user</span> -p<span>$keystone_db_pass</span> -h<span>$db_host</span> -P<span>$db_port</span> <span>$keystone_db_name</span> -e 'show tables'`\""</p>
<p>        ],</p>
<p>        <span>require</span> => <span>Package</span>[<span>'mariadb'</span>],</p>
<p>    }</p>
</span><p><span>    </span><span>$services</span><span> = [</span>'memcached'<span>]</span></p>
<p>    <span>service</span> { <span>$services</span> : <span>ensure</span> => <span>running</span>, <span>enable</span> => <span>true</span>, }</p>
<p>    # found out that you shouldn't create the wsgi-ketstone.conf file as it prevents httpd from starting</p>
<p><span>    </span><span>file</span><span> { </span>'/etc/httpd/conf.d/wsgi-keystone.conf'<span>:</span></p>
<p>        <span>ensure</span>  => <span>absent</span>,</p>
<p>#        content => template( "wrapcontroller/wsgi-keystone.conf.erb" ),</p>
<p>    }</p></div><div class="gmail_extra"><span>







<p><span>    </span><span>class</span><span> {</span>'::keystone'<span>:</span></p>
<p><span>        </span>admin_token<span>                => </span>$keystone_auth_token<span>,</span></p>
</span><p>        <span>catalog_type</span>               => <span>'sql'</span>,</p><span>
<p><span>        </span>database_connection<span>        => </span><span>"mysql://</span>${keystone_db_user}<span>:</span>${keystone_db_pass}<span>@</span>${db_host}<span>:</span>${db_port}<span>/</span>${keystone_db_name}<span>"</span><span>,</span></p>
<p>        <span>debug</span>                      => <span>$debug</span>,</p>
</span><p>        <span>verbose</span>                    => <span>$debug</span>,</p>
<p>    }<br></p>
<p><br></p>
<p>#    include ::apache</p>
<p>#    class { '::keystone::wsgi::apache': ssl => false, }</p><span>
<p><span>    </span><span>class</span><span> { </span>'::keystone::roles::admin'<span>:</span></p>
<p><span>       </span>email<span>        => </span>$keystone_admin_email<span>,</span></p>
<p><span>       </span>password<span>     => </span>$keystone_admin_password<span>,</span></p>
<p>    }</p>
<p><span>    </span><span>class</span><span> { </span>'::keystone::endpoint'<span>:</span></p>
<p><span>       </span><span>public_url</span><span>     => </span>"<a href="http://127.0.0.1:5000" target="_blank">http://127.0.0.1:5000</a>"<span>,</span></p>
<p><span>       </span><span>admin_url</span><span>      => </span>"<a href="http://127.0.0.1:35357" target="_blank">http://127.0.0.1:35357</a>"<span>,</span></p>
</span><p><span>       </span><span>internal_url</span><span>     => </span>"<a href="http://127.0.0.1:5000" target="_blank">http://127.0.0.1:5000</a>"<span>,</span></p>
<p>       <span>region</span>         => <span>'example-1'</span>,</p>
<p>    }</p></div><div class="gmail_extra">}</div><div class="gmail_extra"><br></div><div class="gmail_extra">The above runs but I am unable to verify that keystone is working as per the docs here:</div><div class="gmail_extra"><br></div><div class="gmail_extra"><a href="http://docs.openstack.org/kilo/install-guide/install/yum/content/keystone-verify.html" target="_blank">http://docs.openstack.org/kilo/install-guide/install/yum/content/keystone-verify.html</a><br></div><div class="gmail_extra"><br></div><div class="gmail_extra">







<p>[root@ost-mgmt-centos-001 ~]# openstack --os-auth-url <a href="http://127.0.0.1:35357" target="_blank">http://127.0.0.1:35357</a>    --os-project-name admin --os-username admin --os-auth-type password   token issue</p>
<p>Password: </p>
<p>ERROR: openstack Invalid user / password (Disable debug mode to suppress these details.) (HTTP 401) (Request-ID: req-7c9b4b3b-dfe8-48a9-98eb-668b18e9b3bb)</p>
<p>[root@ost-mgmt-centos-001 ~]# openstack --os-auth-url <a href="http://127.0.0.1:35357" target="_blank">http://127.0.0.1:35357</a>    --os-project-name admin --os-username admin --os-auth-type password   token issue</p>
<p>Password: </p>
<p>ERROR: openstack Could not find project: admin (Disable debug mode to suppress these details.) (HTTP 401) (Request-ID: req-c42ee03c-eb7b-4858-9743-a376fda0dc1f)</p><p><br></p><p><br></p><p>openstack Could not find project: admin <br></p><p>Hmm what is the project's name?  How can I figure that out?</p><p><br></p><p>Thanks,</p><p>Russ</p></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jan 5, 2016 at 2:22 PM, Rich Megginson <span dir="ltr"><<a href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
  
    
  
  <div text="#000000" bgcolor="#FFFFFF"><span>
    <div>On 01/05/2016 02:42 PM, Russell Cecala
      wrote:<br>
    </div>
    <blockquote type="cite">
      <div dir="ltr">Hi Rich,
        <div><br>
        </div>
        <div>I guess I am kind of confused. I thought "<b style="font-size:12.8px">class {
            '::keystone::roles::admin':" </b><span style="font-size:12.8px">was suppose to create the "admin"
            user and set the password to $keystone_admin_password.  If
            class { '::keystone::roles::admin' doesn't create the admin
            user what does?</span></div>
      </div>
    </blockquote>
    <br></span>
    It either creates it, or ensures that it has the specified
    properties, if it already exists.  In this case, it seems that it
    already exists, so it attempts to ensure that it has the specified
    properties.<span><br>
    <br>
    <blockquote type="cite">
      <div dir="ltr">
        <div><span style="font-size:12.8px">And what kind of user are we
            talking about?  A user that shows up in the /etc/passwd file
            or an mysql user or a keystone user of some sort?</span></div>
      </div>
    </blockquote>
    <br></span>
    a keystone user - a user that shows up when you do "$ openstack user
    list" as an admin user.<div><div><br>
    <br>
    <blockquote type="cite">
      <div dir="ltr">
        <div><span style="font-size:12.8px">Sorry I am pretty confused
            :) </span></div>
        <div><span style="font-size:12.8px"><br>
          </span></div>
        <div><span style="font-size:12.8px">After I truncate my
            /var/log/keystone/keystone.log and run puppet agent -t I get
            this output to my keystone.log </span></div>
        <div><br>
        </div>
        <div>
          <p>2016-01-05 16:28:38.342 10596 DEBUG
            keystone.middleware.core [-] RBAC: auth_context: {}
            process_request
            /usr/lib/python2.7/site-packages/keystone/middleware/core.py:239</p>
          <p>2016-01-05 16:28:38.346 10596 INFO
            keystone.common.wsgi [-] GET /projects?</p>
          <p>2016-01-05 16:28:38.347 10596 WARNING
            keystone.common.controller [-] RBAC: Bypassing authorization</p>
          <p>2016-01-05 16:28:38.352 10596 INFO
            eventlet.wsgi.server [-] 127.0.0.1 - - [05/Jan/2016
            16:28:38] "GET /v3/projects HTTP/1.1" 200 884 0.011000</p>
          <p>2016-01-05 16:28:39.144 10596 DEBUG
            keystone.middleware.core [-] RBAC: auth_context: {}
            process_request
            /usr/lib/python2.7/site-packages/keystone/middleware/core.py:239</p>
          <p>2016-01-05 16:28:39.147 10596 INFO
            keystone.common.wsgi [-] GET /domains?</p>
          <p>2016-01-05 16:28:39.148 10596 WARNING
            keystone.common.controller [-] RBAC: Bypassing authorization</p>
          <p>2016-01-05 16:28:39.152 10596 INFO
            eventlet.wsgi.server [-] 127.0.0.1 - - [05/Jan/2016
            16:28:39] "GET /v3/domains HTTP/1.1" 200 702 0.009214</p>
          <p>2016-01-05 16:28:39.929 10596 DEBUG
            keystone.middleware.core [-] RBAC: auth_context: {}
            process_request
            /usr/lib/python2.7/site-packages/keystone/middleware/core.py:239</p>
          <p>2016-01-05 16:28:39.932 10596 INFO
            keystone.common.wsgi [-] GET /roles?</p>
          <p>2016-01-05 16:28:39.933 10596 WARNING
            keystone.common.controller [-] RBAC: Bypassing authorization</p>
          <p>2016-01-05 16:28:39.938 10596 INFO
            eventlet.wsgi.server [-] 127.0.0.1 - - [05/Jan/2016
            16:28:39] "GET /v3/roles HTTP/1.1" 200 615 0.009210</p>
          <p>2016-01-05 16:28:40.712 10596 DEBUG
            keystone.middleware.core [-] RBAC: auth_context: {}
            process_request
            /usr/lib/python2.7/site-packages/keystone/middleware/core.py:239</p>
          <p>2016-01-05 16:28:40.716 10596 INFO
            keystone.common.wsgi [-] GET /users?</p>
          <p>2016-01-05 16:28:40.716 10596 WARNING
            keystone.common.controller [-] RBAC: Bypassing authorization</p>
          <p>2016-01-05 16:28:40.721 10596 INFO
            eventlet.wsgi.server [-] 127.0.0.1 - - [05/Jan/2016
            16:28:40] "GET /v3/users HTTP/1.1" 200 820 0.008919</p>
          <p>2016-01-05 16:28:41.562 10596 DEBUG
            keystone.middleware.core [-] RBAC: auth_context: {}
            process_request
            /usr/lib/python2.7/site-packages/keystone/middleware/core.py:239</p>
          <p>2016-01-05 16:28:41.565 10596 INFO
            keystone.common.wsgi [-] GET /domains?</p>
          <p>2016-01-05 16:28:41.566 10596 WARNING
            keystone.common.controller [-] RBAC: Bypassing authorization</p>
          <p>2016-01-05 16:28:41.571 10596 INFO
            eventlet.wsgi.server [-] 127.0.0.1 - - [05/Jan/2016
            16:28:41] "GET /v3/domains HTTP/1.1" 200 702 0.009300</p>
          <p>2016-01-05 16:28:42.331 10596 DEBUG
            keystone.middleware.core [-] RBAC: auth_context: {}
            process_request
            /usr/lib/python2.7/site-packages/keystone/middleware/core.py:239</p>
          <p>2016-01-05 16:28:42.335 10596 INFO
            keystone.common.wsgi [-] GET
            /users/5ec5abf83d164d439b603d72606b99fd?</p>
          <p>2016-01-05 16:28:42.335 10596 WARNING
            keystone.common.controller [-] RBAC: Bypassing authorization</p>
          <p>2016-01-05 16:28:42.340 10596 INFO
            eventlet.wsgi.server [-] 127.0.0.1 - - [05/Jan/2016
            16:28:42] "GET /v3/users/5ec5abf83d164d439b603d72606b99fd
            HTTP/1.1" 200 472 0.009393</p>
          <p>2016-01-05 16:28:42.353 10596 DEBUG
            keystone.middleware.core [-] RBAC: auth_context: {}
            process_request
            /usr/lib/python2.7/site-packages/keystone/middleware/core.py:239</p>
          <p>2016-01-05 16:28:42.356 10596 INFO
            keystone.common.wsgi [-] GET
            /users/5ec5abf83d164d439b603d72606b99fd/projects?</p>
          <p>2016-01-05 16:28:42.357 10596 WARNING
            keystone.common.controller [-] RBAC: Bypassing authorization</p>
          <p>2016-01-05 16:28:42.370 10596 INFO
            eventlet.wsgi.server [-] 127.0.0.1 - - [05/Jan/2016
            16:28:42] "GET
            /v3/users/5ec5abf83d164d439b603d72606b99fd/projects
            HTTP/1.1" 200 632 0.016973</p>
          <p>2016-01-05 16:28:43.217 10599 DEBUG
            keystone.middleware.core [-] Auth token not in the request
            header. Will not build auth context. process_request
            /usr/lib/python2.7/site-packages/keystone/middleware/core.py:229</p>
          <p>2016-01-05 16:28:43.220 10599 INFO
            eventlet.wsgi.server [-] 10.29.103.19 - - [05/Jan/2016
            16:28:43] "POST /v2.0/auth/tokens HTTP/1.1" 404 318 0.002948</p>
          <p>2016-01-05 16:28:43.318 10599 DEBUG
            keystone.middleware.core [-] Auth token not in the request
            header. Will not build auth context. process_request
            /usr/lib/python2.7/site-packages/keystone/middleware/core.py:229</p>
          <p>2016-01-05 16:28:43.321 10599 INFO
            eventlet.wsgi.server [-] 10.29.103.19 - - [05/Jan/2016
            16:28:43] "POST /v2.0/auth/tokens HTTP/1.1" 404 318 0.002887</p>
        </div>
      </div>
    </blockquote>
    <br></div></div>
    This is strange.  /v2.0/auth/tokens does not exist.  It is
    /v2.0/tokens for v2, and /v3/auth/tokens for v3.  This would
    indicate that perhaps your openrc setting with the "/v2.0" suffix is
    polluting the puppet run?<div><div><br>
    <br>
    <blockquote type="cite">
      <div dir="ltr">
        <div>
          <p>2016-01-05 16:28:44.076 10596 DEBUG
            keystone.middleware.core [-] RBAC: auth_context: {}
            process_request
            /usr/lib/python2.7/site-packages/keystone/middleware/core.py:239</p>
          <p>2016-01-05 16:28:44.079 10596 INFO
            keystone.common.wsgi [-] GET /services?</p>
          <p>2016-01-05 16:28:44.079 10596 WARNING
            keystone.common.controller [-] RBAC: Bypassing authorization</p>
          <p>2016-01-05 16:28:44.084 10596 INFO
            eventlet.wsgi.server [-] 127.0.0.1 - - [05/Jan/2016
            16:28:44] "GET /v3/services HTTP/1.1" 200 558 0.008541</p>
          <p>2016-01-05 16:28:44.871 10596 DEBUG
            keystone.middleware.core [-] RBAC: auth_context: {}
            process_request
            /usr/lib/python2.7/site-packages/keystone/middleware/core.py:239</p>
          <p>2016-01-05 16:28:44.873 10596 INFO
            keystone.common.wsgi [-] GET /endpoints?</p>
          <p>2016-01-05 16:28:44.878 10596 INFO
            eventlet.wsgi.server [-] 127.0.0.1 - - [05/Jan/2016
            16:28:44] "GET /v2.0/endpoints HTTP/1.1" 200 764 0.006931</p>
          <p>2016-01-05 16:28:44.891 10596 DEBUG
            keystone.middleware.core [-] RBAC: auth_context: {}
            process_request
            /usr/lib/python2.7/site-packages/keystone/middleware/core.py:239</p>
          <p>2016-01-05 16:28:44.892 10596 INFO
            keystone.common.wsgi [-] GET
            /OS-KSADM/services/07622af16010436aadb463adffff4099?</p>
          <p>2016-01-05 16:28:44.896 10596 INFO
            eventlet.wsgi.server [-] 127.0.0.1 - - [05/Jan/2016
            16:28:44] "GET
            /v2.0/OS-KSADM/services/07622af16010436aadb463adffff4099
            HTTP/1.1" 200 385 0.005287</p>
          <p>2016-01-05 16:28:44.899 10596 DEBUG
            keystone.middleware.core [-] RBAC: auth_context: {}
            process_request
            /usr/lib/python2.7/site-packages/keystone/middleware/core.py:239</p>
          <p>2016-01-05 16:28:44.900 10596 INFO
            keystone.common.wsgi [-] GET
            /OS-KSADM/services/07622af16010436aadb463adffff4099?</p>
          <p>2016-01-05 16:28:44.904 10596 INFO
            eventlet.wsgi.server [-] 127.0.0.1 - - [05/Jan/2016
            16:28:44] "GET
            /v2.0/OS-KSADM/services/07622af16010436aadb463adffff4099
            HTTP/1.1" 200 385 0.005030</p>
        </div>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Mon, Jan 4, 2016 at 3:22 PM, Rich
          Megginson <span dir="ltr"><<a href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
            <div text="#000000" bgcolor="#FFFFFF">
              <div>
                <div>
                  <div>On 01/04/2016 03:07 PM, Russell Cecala wrote:<br>
                  </div>
                  <blockquote type="cite">
                    <div dir="ltr">Thank you for the reply Rich,
                      <div><br>
                      </div>
                      <div>Here are the versions of my puppet modules:</div>
                      <div><br>
                      </div>
                      <div>
                        <p>[root@ost-puppet-centos-001 keystone]# puppet
                          module list </p>
                        <p>/etc/puppetlabs/puppet/environments/production/modules</p>
                        <p>├── nanliu-staging (<span>v1.0.3</span>)</p>
                        <p>├── openstack-keystone (<span>v6.1.0</span>)</p>
                        <p>├── openstack-openstacklib (<span>v6.1.0</span>)</p>
                        <p>├── puppetlabs-apache (<span>v1.7.0</span>)</p>
                        <p>├── puppetlabs-apt (<span>v1.8.0</span>)</p>
                        <p>├── puppetlabs-concat (<span>v1.2.4</span>)</p>
                        <p>├── puppetlabs-firewall (<span>v1.7.1</span>)</p>
                        <p>├── puppetlabs-inifile (<span>v1.4.2</span>)</p>
                        <p>├── puppetlabs-mysql (<span>v3.6.1</span>)</p>
                        <p>├── puppetlabs-postgresql (<span>v3.4.2</span>)</p>
                        <p>├── puppetlabs-rabbitmq (<span>v5.3.1</span>)</p>
                        <p>└── puppetlabs-stdlib (<span>v4.9.0</span>)</p>
                        <p>/etc/puppetlabs/puppet/modules</p>
                        <p>├── cisco-gis-openstack (<span>???</span>)</p>
                        <p>├── haproxy (<span>???</span>)</p>
                        <p>├── keepalived (<span>???</span>)</p>
                        <p>├── mikduart-unnamed (<span>v0.1.0</span>)</p>
                        <p>├── mikduart-unnamed (<span>v0.1.0</span>)</p>
                        <p>├── mikduart-unnamed (<span>v0.1.0</span>)</p>
                        <p>├── puppetlabs-mongodb (<span>v0.10.0</span>)</p>
                        <p>├── saz-memcached (<span>v2.4.0</span>)</p>
                        <p>├── setup_mariadb_script (<span>???</span>)</p>
                        <p>├── sysctl (<span>???</span>)</p>
                        <p>└── wrapmongodb (<span>???</span>)</p>
                        <p>/opt/puppet/share/puppet/modules</p>
                        <p>├── puppetlabs-pe_accounts (<span>v2.0.2-8-g8acc04e</span>)</p>
                        <p>├── puppetlabs-pe_concat (<span>v1.1.2-4-g2b7bba2</span>)</p>
                        <p>├── puppetlabs-pe_console_prune (<span>v0.1.1-4-g293f45b</span>)</p>
                        <p>├── puppetlabs-pe_inifile (<span>v1.1.4-16-gcb39966</span>)</p>
                        <p>├── puppetlabs-pe_java_ks (<span>v1.2.4-35-g44fbb26</span>)</p>
                        <p>├── puppetlabs-pe_postgresql (<span>v3.4.4-15-g32e56ed</span>)</p>
                        <p>├── puppetlabs-pe_razor (<span>v0.2.1-9-g8d78ec2</span>)</p>
                        <p>├── puppetlabs-pe_repo (<span>v0.7.7-59-g4514315</span>)</p>
                        <p>├── puppetlabs-pe_staging (<span>v0.3.3-6-gbd9db2b</span>)</p>
                        <p>└── puppetlabs-puppet_enterprise (<span>v3.7.1-117-g9c48e73</span>)</p>
                        <p><br>
                        </p>
                        <p>I am not sure I have the right values in my
                          openrc but I have been using:</p>
                        <p><br>
                        </p>
                        <p># cat openrc.localhost </p>
                        <p>export OS_AUTH_URL=<a href="http://127.0.0.1:5000/v2.0" target="_blank">http://127.0.0.1:5000/v2.0</a></p>
                        <p>export OS_PASSWORD=xxxxxxxxxxxxxxxx</p>
                        <p>export OS_TENANT_NAME=admin</p>
                        <p> </p>
                        <p>export OS_USERNAME=admin</p>
                      </div>
                    </div>
                  </blockquote>
                  <br>
                </div>
              </div>
              Is this sourced into the environment where puppet is
              running?  It should not be.
              <div>
                <div><br>
                  <br>
                  <blockquote type="cite">
                    <div dir="ltr">
                      <div>
                        <p><br>
                        </p>
                        <p>I believe this is the openstackclient version
                          I am using:</p>
                        <p><br>
                        </p>
                        <p>[root@ost-mgmt-centos-001 ~]# rpm -qa | grep
                          openstackclient</p>
                        <p> </p>
                        <p>python-<span><b>openstackclient</b></span>-1.0.3-2.el7.noarch</p>
                      </div>
                    </div>
                    <div class="gmail_extra"><br>
                      <div class="gmail_quote">On Mon, Jan 4, 2016 at
                        1:19 PM, Rich Megginson <span dir="ltr"><<a href="mailto:rmeggins@redhat.com" target="_blank"></a><a href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>></span>
                        wrote:<br>
                        <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
                          <div text="#000000" bgcolor="#FFFFFF"><span>
                              <div>On 01/04/2016 02:06 PM, Russell
                                Cecala wrote:<br>
                              </div>
                              <blockquote type="cite">
                                <div dir="ltr">Hi Emilien,
                                  <div><br>
                                  </div>
                                  <div><br>
                                  </div>
                                  <div>I am trying to use <a href="https://github.com/openstack/puppet-keystone" target="_blank"></a><a href="https://github.com/openstack/puppet-keystone" target="_blank">https://github.com/openstack/puppet-keystone</a>
                                    to set up a Kilo keystone node.</div>
                                </div>
                              </blockquote>
                              <br>
                            </span> I'm assuming you're using the kilo
                            branch there?<span><br>
                              <br>
                              <blockquote type="cite">
                                <div dir="ltr">
                                  <div>I was hoping to could help me out
                                    so I can get my team to adopt puppet
                                    for setting up OpenStack.</div>
                                  <div><br>
                                  </div>
                                  <div>On my keystone node I am running
                                    centos7 with selinux disabled ...</div>
                                </div>
                              </blockquote>
                              <br>
                            </span> What version of openstackclient are
                            you using?<br>
                            <br>
                            Do you have a $HOME/openrc or /root/openrc,
                            or are you otherwise defining OS_*
                            environment variables in the environment
                            before running puppet?<br>
                            <br>
                            <blockquote type="cite">
                              <div>
                                <div>
                                  <div dir="ltr">
                                    <div><br>
                                    </div>
                                    <div>
                                      <p>[root@svl-ost-mgmt-centos-001
                                        ~]# sestatus </p>
                                      <p>SELinux status:                
                                        disabled</p>
                                      <p>... and I have flushed my
                                        iptables ...</p>
                                      <p><br>
                                      </p>
                                      <p>[root@svl-ost-mgmt-centos-001
                                        ~]# iptables -L</p>
                                      <p>Chain INPUT (policy ACCEPT)</p>
                                      <p>target     prot opt source    
                                                  destination         </p>
                                      <p><br>
                                      </p>
                                      <p>Chain FORWARD (policy ACCEPT)</p>
                                      <p>target     prot opt source    
                                                  destination         </p>
                                      <p><br>
                                      </p>
                                      <p>Chain OUTPUT (policy ACCEPT)</p>
                                      <p> </p>
                                      <p>target     prot opt source    
                                                  destination         </p>
                                      <p><br>
                                      </p>
                                      <p>Yet when I run "puppet agent
                                        -t"  I get these errors:</p>
                                      <p><br>
                                      </p>
                                      <p>[root@ost-mgmt-centos-001 ~]#
                                        puppet agent -t</p>
                                      <p>Info: Retrieving pluginfacts</p>
                                      <p>Info: Retrieving plugin</p>
                                      <p>Info: Loading facts</p>
                                      <p>Error: NetworkManager is not
                                        running.</p>
                                      <p>Info: Caching catalog for <a href="http://ost-mgmt-centos-001.example.com" target="_blank">ost-mgmt-centos-001.example.com</a></p>
                                      <p><b>Warning: The tenant
                                          parameter is deprecated and
                                          will be removed in the future.
                                          Please use keystone_user_role
                                          to assign a user to a project.</b></p>
                                      <p><b>Warning: The
                                          ignore_default_tenant
                                          parameter is deprecated and
                                          will be removed in the future.</b></p>
                                      <p>Info: Applying configuration
                                        version '1451940682'</p>
                                      <p><b>Error:
                                          /Stage[main]/Keystone::Roles::Admin/Keystone_user[admin]:
                                          Could not evaluate: Execution
                                          of '/usr/bin/openstack token
                                          issue --format value' returned
                                          1: ERROR: openstack The
                                          resource could not be found.
                                          (HTTP 404) (Request-ID:
                                          req-ca2a6dd1-fdb6-48f4-94fe-8f736fcc01dd)</b></p>
                                    </div>
                                  </div>
                                </div>
                              </div>
                            </blockquote>
                          </div>
                        </blockquote>
                      </div>
                    </div>
                  </blockquote>
                  <br>
                </div>
              </div>
              <b>This usually indicates that it is trying to ensure that
                the user "admin" exists but the password is incorrect. 
                That is, the class { '::keystone::roles::admin':       
                password     => $keystone_admin_password is not
                correct.<br>
                <br>
                If you are sure it is correct, then it could be a
                mismatch between the identity api version used by the
                puppet module and the one specified in the environment. 
                Check the keystone access logs to see what URL this is
                trying to access - something with /token or /tokens, or
                something with /auth/token or /auth/tokens<br>
                <br>
              </b>
              <div>
                <div>
                  <blockquote type="cite">
                    <div class="gmail_extra">
                      <div class="gmail_quote">
                        <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
                          <div text="#000000" bgcolor="#FFFFFF">
                            <blockquote type="cite">
                              <div>
                                <div>
                                  <div dir="ltr">
                                    <div>
                                      <p>Notice:
                                        /Stage[main]/Keystone::Roles::Admin/Keystone_user_role[admin@openstack]:
                                        Dependency Keystone_user[admin]
                                        has failures: true</p>
                                      <p><b>Warning:
                                          /Stage[main]/Keystone::Roles::Admin/Keystone_user_role[admin@openstack]:
                                          Skipping because of failed
                                          dependencies</b></p>
                                      <p> </p>
                                      <p>Notice: Finished catalog run in
                                        12.38 seconds</p>
                                      <p>Here's code I am using on my
                                        puppet master ...</p>
                                      <p><span>class</span><span> </span>wrapcontroller<span>(</span></p>
                                      <p> </p>
                                      <p>... big list of parameters I am
                                        not using until I can get
                                        keystone going ...</p>
                                      <p>) {</p>
                                      <p><br>
                                      </p>
                                      <p><span>    </span><span>exec</span><span>
                                          { </span>'/bin/yum -y install
                                        <a href="http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm" target="_blank">http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm</a>'<span>:
                                        </span><span>unless</span><span>
                                          => </span>'/bin/rpm -q
                                        epel-release'<span>, }</span></p>
                                      <p><span>    </span><span>exec</span><span>
                                          { </span>'/bin/yum -y install
                                        <a href="http://rdo.fedorapeople.org/openstack-kilo/rdo-release-kilo.rpm" target="_blank">http://rdo.fedorapeople.org/openstack-kilo/rdo-release-kilo.rpm</a>'<span>:
                                        </span><span>unless</span><span>
                                          => </span>'/bin/rpm -q
                                        rdo-release'<span>, }</span></p>
                                      <p><br>
                                      </p>
                                      <p>    <span>package</span> { <span>'mariadb'</span>:
                                        <span>ensure</span> => <span>present</span>,
                                        }</p>
                                      <p><span>    </span><span>exec</span><span>
                                          { </span>'keystone_database_init'<span>:</span></p>
                                      <p><span>        </span><span>command</span><span>
                                          => </span>'/usr/bin/keystone-manage

                                        db_sync'<span>,</span></p>
                                      <p>        <span>onlyif</span>
                                        => [</p>
                                      <p><span>            </span><span>"/usr/bin/mysql


                                          -u</span>$keystone_db_user<span>
                                          -p</span>$keystone_db_pass<span>
                                          -h</span>$db_host<span> -P</span>$db_port<span>
                                        </span>$keystone_db_name<span>
                                          -e 'show tables'"</span><span>,</span></p>
                                      <p><span>            </span>"/usr/bin/test
                                        -z \"`/usr/bin/mysql -u<span>$keystone_db_user</span>
                                        -p<span>$keystone_db_pass</span>
                                        -h<span>$db_host</span> -P<span>$db_port</span>
                                        <span>$keystone_db_name</span>
                                        -e 'show tables'`\""</p>
                                      <p>        ],</p>
                                      <p>        <span>require</span>
                                        => <span>Package</span>[<span>'mariadb'</span>],</p>
                                      <p>    }</p>
                                      <p><br>
                                      </p>
                                      <p><span>    </span><span>class</span><span>
                                          {</span>'::keystone'<span>:</span></p>
                                      <p><span>        </span>admin_token<span> 
                                                        => </span>$keystone_auth_token<span>,</span></p>
                                      <p><span>        </span>database_connection<span> 
                                                => </span><span>"mysql://</span>${keystone_db_user}<span>:</span>${keystone_db_pass}<span>@</span>${db_host}<span>:</span>${db_port}<span>/</span>${keystone_db_name}<span>"</span><span>,</span></p>
                                      <p>        <span>debug</span>   
                                                          => <span>$debug</span>,</p>
                                      <p>        <span>enabled</span> 
                                                          => <span>true</span>,</p>
                                      <p>        <span>enable_ssl</span>
                                                        => <span>false</span>,</p>
                                      <p>        <span>service_name</span>
                                                      => <span>'httpd'</span>,<span>
                                          # this is a kilo thing</span></p>
                                      <p>        <span>verbose</span> 
                                                          => <span>$debug</span>,</p>
                                      <p>    }</p>
                                      <p><br>
                                      </p>
                                      <p>    <span>include</span>
                                        ::apache</p>
                                      <p><span>    </span><span>class</span><span>
                                          { </span>'::keystone::wsgi::apache'<span>:
                                        </span><span>ssl</span><span>
                                          => </span><span>false</span><span>,
                                          }</span></p>
                                      <p><span>    </span><span>class</span><span>
                                          { </span>'::keystone::roles::admin'<span>:</span></p>
                                      <p><span>       </span>email<span> 
                                                => </span>$keystone_admin_email<span>,</span></p>
                                      <p><span>       </span>password<span>
                                              => </span>$keystone_admin_password<span>,</span></p>
                                      <p>    }</p>
                                      <p><span>    </span><span>class</span><span>
                                          { </span>'::keystone::endpoint'<span>:</span></p>
                                      <p><span>       </span><span>public_url</span><span>
                                              => </span>"<a href="http://127.0.0.1:5000" target="_blank"></a><a href="http://127.0.0.1:5000" target="_blank">http://127.0.0.1:5000</a>"<span>,</span></p>
                                      <p><span>       </span><span>admin_url</span><span> 
                                              => </span>"<a href="http://127.0.0.1:35357" target="_blank"></a><a href="http://127.0.0.1:35357" target="_blank">http://127.0.0.1:35357</a>"<span>,</span></p>
                                      <p><span>       </span>default_domain<span>
                                          => </span><span>'admin'</span><span>,</span></p>
                                      <p>    }</p>
                                      <p> </p>
                                      <p>}</p>
                                    </div>
                                    <div>Thanks! And Happy New Year to
                                      you :)</div>
                                    <div>Red</div>
                                    <div><br>
                                    </div>
                                    <div><br>
                                    </div>
                                  </div>
                                  <div class="gmail_extra"><br>
                                    <div class="gmail_quote">On Tue, Nov
                                      24, 2015 at 2:38 PM, Emilien
                                      Macchi <span dir="ltr"><<a href="mailto:emilien@redhat.com" target="_blank"></a><a href="mailto:emilien@redhat.com" target="_blank">emilien@redhat.com</a>></span>
                                      wrote:<br>
                                      <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span><br>
                                          <br>
                                          On 11/24/2015 11:21 PM,
                                          Russell Cecala wrote:<br>
                                          > I am trying to use the
                                          OpenStack community puppet
                                          modules.  Here's the<br>
                                          > keystone module I am
                                          using:  <a href="https://github.com/openstack/puppet-keystone" target="_blank"></a><a href="https://github.com/openstack/puppet-keystone" target="_blank">https://github.com/openstack/puppet-keystone</a><br>
                                          > I am using the stable
                                          juno branch.  I have in my
                                          puppet manifest for my<br>
                                          > controller nodes this
                                          resource definition:<br>
                                          ><br>
                                          >     class {
                                          '::keystone::roles::admin':<br>
                                          >         admin       
                                          => $keystone_admin_user,<br>
                                          >         email       
                                          => $keystone_admin_email,<br>
                                          >         password   
                                           =>
                                          $keystone_admin_password,<br>
                                          >     } -><br>
                                          ><br>
                                          > And when puppet runs that
                                          code I get this error:<br>
                                          ><br>
                                          >     Error:<br>
                                          >
/Stage[main]/Keystone::Roles::Admin/Keystone_user_role[keystone_admin_user@openstack]:<br>
                                          > Could not evaluate:
                                          Execution of
                                          '/usr/bin/openstack domain
                                          show<br>
                                          > --format shell' returned
                                          2: usage: openstack domain
                                          show [-h] [-f<br>
                                          > {shell,table,value}] [-c
                                          COLUMN]<br>
                                          >                         
                                                  [--max-width
                                          <integer>] [--prefix
                                          PREFIX]<br>
                                          >                         
                                                  <domain><br>
                                          >     openstack domain
                                          show: error: too few arguments<br>
                                          <br>
                                        </span>Sounds like an issue with
                                        your version of openstackclient,
                                        can you<br>
                                        provide it?<br>
                                        <span><br>
                                          ><br>
                                          > Can anyone help me?  Are
                                          these Puppet modules still
                                          being supported?<br>
                                          <br>
                                        </span>Yes :-)<br>
                                        <span><br>
                                          > Does anyone use them? 
                                          Thanks!<br>
                                          <br>
                                        </span>Double yes.<br>
                                        <span><font color="#888888">--<br>
                                            Emilien Macchi<br>
                                            <br>
                                          </font></span></blockquote>
                                    </div>
                                    <br>
                                  </div>
                                  <br>
                                  <fieldset></fieldset>
                                  <br>
                                </div>
                              </div>
                              <span>
                                <pre>_______________________________________________
OpenStack-operators mailing list
<a href="mailto:OpenStack-operators@lists.openstack.org" target="_blank">OpenStack-operators@lists.openstack.org</a>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators</a>
</pre>
                              </span></blockquote>
                            <br>
                          </div>
                          <br>
_______________________________________________<br>
                          OpenStack-operators mailing list<br>
                          <a href="mailto:OpenStack-operators@lists.openstack.org" target="_blank">OpenStack-operators@lists.openstack.org</a><br>
                          <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators</a><br>
                          <br>
                        </blockquote>
                      </div>
                      <br>
                    </div>
                  </blockquote>
                  <br>
                </div>
              </div>
            </div>
          </blockquote>
        </div>
        <br>
      </div>
    </blockquote>
    <br>
  </div></div></div>

</blockquote></div><br></div></div></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>