[Openstack-operators] OpenStack Puppet module Keystone Juno

Russell Cecala red.cricket.blog at gmail.com
Mon Jan 4 21:06:08 UTC 2016 

Hi Emilien,


I am trying to use https://github.com/openstack/puppet-keystone to set up a
Kilo keystone node.  I was hoping to could help me out so I can get my team
to adopt puppet for setting up OpenStack.

On my keystone node I am running centos7 with selinux disabled ...

[root at svl-ost-mgmt-centos-001 ~]# sestatus

SELinux status:                 disabled

... and I have flushed my iptables ...


[root at svl-ost-mgmt-centos-001 ~]# iptables -L

Chain INPUT (policy ACCEPT)

target     prot opt source               destination


Chain FORWARD (policy ACCEPT)

target     prot opt source               destination


Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination


Yet when I run "puppet agent -t"  I get these errors:


[root at ost-mgmt-centos-001 ~]# puppet agent -t

Info: Retrieving pluginfacts

Info: Retrieving plugin

Info: Loading facts

Error: NetworkManager is not running.

Info: Caching catalog for ost-mgmt-centos-001.example.com

*Warning: The tenant parameter is deprecated and will be removed in the
future. Please use keystone_user_role to assign a user to a project.*

*Warning: The ignore_default_tenant parameter is deprecated and will be
removed in the future.*

Info: Applying configuration version '1451940682'

*Error: /Stage[main]/Keystone::Roles::Admin/Keystone_user[admin]: Could not
evaluate: Execution of '/usr/bin/openstack token issue --format value'
returned 1: ERROR: openstack The resource could not be found. (HTTP 404)
(Request-ID: req-ca2a6dd1-fdb6-48f4-94fe-8f736fcc01dd)*

Notice:
/Stage[main]/Keystone::Roles::Admin/Keystone_user_role[admin at openstack]:
Dependency Keystone_user[admin] has failures: true

*Warning:
/Stage[main]/Keystone::Roles::Admin/Keystone_user_role[admin at openstack]:
Skipping because of failed dependencies*

Notice: Finished catalog run in 12.38 seconds

Here's code I am using on my puppet master ...

class wrapcontroller(

... big list of parameters I am not using until I can get keystone going ...

) {


    exec { '/bin/yum -y install
http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm':
unless => '/bin/rpm -q epel-release', }

    exec { '/bin/yum -y install
http://rdo.fedorapeople.org/openstack-kilo/rdo-release-kilo.rpm':
unless => '/bin/rpm
-q rdo-release', }


    package { 'mariadb': ensure => present, }

    exec { 'keystone_database_init':

        command => '/usr/bin/keystone-manage db_sync',

        onlyif => [

            "/usr/bin/mysql -u$keystone_db_user -p$keystone_db_pass -h
$db_host -P$db_port $keystone_db_name -e 'show tables'",

            "/usr/bin/test -z \"`/usr/bin/mysql -u$keystone_db_user -p
$keystone_db_pass -h$db_host -P$db_port $keystone_db_name -e 'show
tables'`\""

        ],

        require => Package['mariadb'],

    }


    class {'::keystone':

        admin_token                => $keystone_auth_token,

        database_connection        => "mysql://${keystone_db_user}:
${keystone_db_pass}@${db_host}:${db_port}/${keystone_db_name}",

        debug                      => $debug,

        enabled                    => true,

        enable_ssl                 => false,

        service_name               => 'httpd', # this is a kilo thing

        verbose                    => $debug,

    }


    include ::apache

    class { '::keystone::wsgi::apache': ssl => false, }

    class { '::keystone::roles::admin':

       email        => $keystone_admin_email,

       password     => $keystone_admin_password,

    }

    class { '::keystone::endpoint':

       public_url     => "http://127.0.0.1:5000",

       admin_url      => "http://127.0.0.1:35357",

       default_domain => 'admin',

    }

}
Thanks! And Happy New Year to you :)
Red



On Tue, Nov 24, 2015 at 2:38 PM, Emilien Macchi <emilien at redhat.com> wrote:

>
>
> On 11/24/2015 11:21 PM, Russell Cecala wrote:
> > I am trying to use the OpenStack community puppet modules.  Here's the
> > keystone module I am using:
> https://github.com/openstack/puppet-keystone
> > I am using the stable juno branch.  I have in my puppet manifest for my
> > controller nodes this resource definition:
> >
> >     class { '::keystone::roles::admin':
> >         admin        => $keystone_admin_user,
> >         email        => $keystone_admin_email,
> >         password     => $keystone_admin_password,
> >     } ->
> >
> > And when puppet runs that code I get this error:
> >
> >     Error:
> >
> /Stage[main]/Keystone::Roles::Admin/Keystone_user_role[keystone_admin_user at openstack
> ]:
> > Could not evaluate: Execution of '/usr/bin/openstack domain show
> > --format shell' returned 2: usage: openstack domain show [-h] [-f
> > {shell,table,value}] [-c COLUMN]
> >                                  [--max-width <integer>] [--prefix
> PREFIX]
> >                                  <domain>
> >     openstack domain show: error: too few arguments
>
> Sounds like an issue with your version of openstackclient, can you
> provide it?
>
> >
> > Can anyone help me?  Are these Puppet modules still being supported?
>
> Yes :-)
>
> > Does anyone use them?  Thanks!
>
> Double yes.
> --
> Emilien Macchi
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20160104/4e7537f9/attachment.html>

More information about the OpenStack-operators mailing list