[Openstack-operators] OpenStack Puppet module Keystone Juno
Russell Cecala
red.cricket.blog at gmail.com
Mon Jan 4 22:07:07 UTC 2016
Thank you for the reply Rich,
Here are the versions of my puppet modules:
[root at ost-puppet-centos-001 keystone]# puppet module list
/etc/puppetlabs/puppet/environments/production/modules
├── nanliu-staging (v1.0.3)
├── openstack-keystone (v6.1.0)
├── openstack-openstacklib (v6.1.0)
├── puppetlabs-apache (v1.7.0)
├── puppetlabs-apt (v1.8.0)
├── puppetlabs-concat (v1.2.4)
├── puppetlabs-firewall (v1.7.1)
├── puppetlabs-inifile (v1.4.2)
├── puppetlabs-mysql (v3.6.1)
├── puppetlabs-postgresql (v3.4.2)
├── puppetlabs-rabbitmq (v5.3.1)
└── puppetlabs-stdlib (v4.9.0)
/etc/puppetlabs/puppet/modules
├── cisco-gis-openstack (???)
├── haproxy (???)
├── keepalived (???)
├── mikduart-unnamed (v0.1.0)
├── mikduart-unnamed (v0.1.0)
├── mikduart-unnamed (v0.1.0)
├── puppetlabs-mongodb (v0.10.0)
├── saz-memcached (v2.4.0)
├── setup_mariadb_script (???)
├── sysctl (???)
└── wrapmongodb (???)
/opt/puppet/share/puppet/modules
├── puppetlabs-pe_accounts (v2.0.2-8-g8acc04e)
├── puppetlabs-pe_concat (v1.1.2-4-g2b7bba2)
├── puppetlabs-pe_console_prune (v0.1.1-4-g293f45b)
├── puppetlabs-pe_inifile (v1.1.4-16-gcb39966)
├── puppetlabs-pe_java_ks (v1.2.4-35-g44fbb26)
├── puppetlabs-pe_postgresql (v3.4.4-15-g32e56ed)
├── puppetlabs-pe_razor (v0.2.1-9-g8d78ec2)
├── puppetlabs-pe_repo (v0.7.7-59-g4514315)
├── puppetlabs-pe_staging (v0.3.3-6-gbd9db2b)
└── puppetlabs-puppet_enterprise (v3.7.1-117-g9c48e73)
I am not sure I have the right values in my openrc but I have been using:
# cat openrc.localhost
export OS_AUTH_URL=http://127.0.0.1:5000/v2.0
export OS_PASSWORD=xxxxxxxxxxxxxxxx
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
I believe this is the openstackclient version I am using:
[root at ost-mgmt-centos-001 ~]# rpm -qa | grep openstackclient
python-*openstackclient*-1.0.3-2.el7.noarch
On Mon, Jan 4, 2016 at 1:19 PM, Rich Megginson <rmeggins at redhat.com> wrote:
> On 01/04/2016 02:06 PM, Russell Cecala wrote:
>
> Hi Emilien,
>
>
> I am trying to use https://github.com/openstack/puppet-keystone to set up
> a Kilo keystone node.
>
>
> I'm assuming you're using the kilo branch there?
>
> I was hoping to could help me out so I can get my team to adopt puppet for
> setting up OpenStack.
>
> On my keystone node I am running centos7 with selinux disabled ...
>
>
> What version of openstackclient are you using?
>
> Do you have a $HOME/openrc or /root/openrc, or are you otherwise defining
> OS_* environment variables in the environment before running puppet?
>
>
> [root at svl-ost-mgmt-centos-001 ~]# sestatus
>
> SELinux status: disabled
>
> ... and I have flushed my iptables ...
>
>
> [root at svl-ost-mgmt-centos-001 ~]# iptables -L
>
> Chain INPUT (policy ACCEPT)
>
> target prot opt source destination
>
>
> Chain FORWARD (policy ACCEPT)
>
> target prot opt source destination
>
>
> Chain OUTPUT (policy ACCEPT)
>
> target prot opt source destination
>
>
> Yet when I run "puppet agent -t" I get these errors:
>
>
> [root at ost-mgmt-centos-001 ~]# puppet agent -t
>
> Info: Retrieving pluginfacts
>
> Info: Retrieving plugin
>
> Info: Loading facts
>
> Error: NetworkManager is not running.
>
> Info: Caching catalog for ost-mgmt-centos-001.example.com
>
> *Warning: The tenant parameter is deprecated and will be removed in the
> future. Please use keystone_user_role to assign a user to a project.*
>
> *Warning: The ignore_default_tenant parameter is deprecated and will be
> removed in the future.*
>
> Info: Applying configuration version '1451940682'
>
> *Error: /Stage[main]/Keystone::Roles::Admin/Keystone_user[admin]: Could
> not evaluate: Execution of '/usr/bin/openstack token issue --format value'
> returned 1: ERROR: openstack The resource could not be found. (HTTP 404)
> (Request-ID: req-ca2a6dd1-fdb6-48f4-94fe-8f736fcc01dd)*
>
> Notice:
> /Stage[main]/Keystone::Roles::Admin/Keystone_user_role[admin at openstack]:
> Dependency Keystone_user[admin] has failures: true
>
> *Warning:
> /Stage[main]/Keystone::Roles::Admin/Keystone_user_role[admin at openstack]:
> Skipping because of failed dependencies*
>
> Notice: Finished catalog run in 12.38 seconds
>
> Here's code I am using on my puppet master ...
>
> class wrapcontroller(
>
> ... big list of parameters I am not using until I can get keystone going
> ...
>
> ) {
>
>
> exec { '/bin/yum -y install
> <http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm>
> http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
> ': unless => '/bin/rpm -q epel-release', }
>
> exec { '/bin/yum -y install
> <http://rdo.fedorapeople.org/openstack-kilo/rdo-release-kilo.rpm>
> http://rdo.fedorapeople.org/openstack-kilo/rdo-release-kilo.rpm': unless
> => '/bin/rpm -q rdo-release', }
>
>
> package { 'mariadb': ensure => present, }
>
> exec { 'keystone_database_init':
>
> command => '/usr/bin/keystone-manage db_sync',
>
> onlyif => [
>
> "/usr/bin/mysql -u$keystone_db_user -p$keystone_db_pass -h
> $db_host -P$db_port $keystone_db_name -e 'show tables'",
>
> "/usr/bin/test -z \"`/usr/bin/mysql -u$keystone_db_user -p
> $keystone_db_pass -h$db_host -P$db_port $keystone_db_name -e 'show
> tables'`\""
>
> ],
>
> require => Package['mariadb'],
>
> }
>
>
> class {'::keystone':
>
> admin_token => $keystone_auth_token,
>
> database_connection => "mysql://${keystone_db_user}:
> ${keystone_db_pass}@${db_host}:${db_port}/${keystone_db_name}",
>
> debug => $debug,
>
> enabled => true,
>
> enable_ssl => false,
>
> service_name => 'httpd', # this is a kilo thing
>
> verbose => $debug,
>
> }
>
>
> include ::apache
>
> class { '::keystone::wsgi::apache': ssl => false, }
>
> class { '::keystone::roles::admin':
>
> email => $keystone_admin_email,
>
> password => $keystone_admin_password,
>
> }
>
> class { '::keystone::endpoint':
>
> public_url => "http://127.0.0.1:5000",
>
> admin_url => "http://127.0.0.1:35357",
>
> default_domain => 'admin',
>
> }
>
> }
> Thanks! And Happy New Year to you :)
> Red
>
>
>
> On Tue, Nov 24, 2015 at 2:38 PM, Emilien Macchi <emilien at redhat.com>
> wrote:
>
>>
>>
>> On 11/24/2015 11:21 PM, Russell Cecala wrote:
>> > I am trying to use the OpenStack community puppet modules. Here's the
>> > keystone module I am using:
>> <https://github.com/openstack/puppet-keystone>
>> https://github.com/openstack/puppet-keystone
>> > I am using the stable juno branch. I have in my puppet manifest for my
>> > controller nodes this resource definition:
>> >
>> > class { '::keystone::roles::admin':
>> > admin => $keystone_admin_user,
>> > email => $keystone_admin_email,
>> > password => $keystone_admin_password,
>> > } ->
>> >
>> > And when puppet runs that code I get this error:
>> >
>> > Error:
>> >
>> /Stage[main]/Keystone::Roles::Admin/Keystone_user_role[keystone_admin_user at openstack
>> ]:
>> > Could not evaluate: Execution of '/usr/bin/openstack domain show
>> > --format shell' returned 2: usage: openstack domain show [-h] [-f
>> > {shell,table,value}] [-c COLUMN]
>> > [--max-width <integer>] [--prefix
>> PREFIX]
>> > <domain>
>> > openstack domain show: error: too few arguments
>>
>> Sounds like an issue with your version of openstackclient, can you
>> provide it?
>>
>> >
>> > Can anyone help me? Are these Puppet modules still being supported?
>>
>> Yes :-)
>>
>> > Does anyone use them? Thanks!
>>
>> Double yes.
>> --
>> Emilien Macchi
>>
>>
>
>
> _______________________________________________
> OpenStack-operators mailing listOpenStack-operators at lists.openstack.orghttp://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20160104/0b01229b/attachment.html>
More information about the OpenStack-operators
mailing list