[Openstack-operators] OpenStack Puppet module Keystone Juno

Russell Cecala red.cricket.blog at gmail.com
Mon Jan 4 22:07:07 UTC 2016


Thank you for the reply Rich,

Here are the versions of my puppet modules:

[root at ost-puppet-centos-001 keystone]# puppet module list

/etc/puppetlabs/puppet/environments/production/modules

├── nanliu-staging (v1.0.3)

├── openstack-keystone (v6.1.0)

├── openstack-openstacklib (v6.1.0)

├── puppetlabs-apache (v1.7.0)

├── puppetlabs-apt (v1.8.0)

├── puppetlabs-concat (v1.2.4)

├── puppetlabs-firewall (v1.7.1)

├── puppetlabs-inifile (v1.4.2)

├── puppetlabs-mysql (v3.6.1)

├── puppetlabs-postgresql (v3.4.2)

├── puppetlabs-rabbitmq (v5.3.1)

└── puppetlabs-stdlib (v4.9.0)

/etc/puppetlabs/puppet/modules

├── cisco-gis-openstack (???)

├── haproxy (???)

├── keepalived (???)

├── mikduart-unnamed (v0.1.0)

├── mikduart-unnamed (v0.1.0)

├── mikduart-unnamed (v0.1.0)

├── puppetlabs-mongodb (v0.10.0)

├── saz-memcached (v2.4.0)

├── setup_mariadb_script (???)

├── sysctl (???)

└── wrapmongodb (???)

/opt/puppet/share/puppet/modules

├── puppetlabs-pe_accounts (v2.0.2-8-g8acc04e)

├── puppetlabs-pe_concat (v1.1.2-4-g2b7bba2)

├── puppetlabs-pe_console_prune (v0.1.1-4-g293f45b)

├── puppetlabs-pe_inifile (v1.1.4-16-gcb39966)

├── puppetlabs-pe_java_ks (v1.2.4-35-g44fbb26)

├── puppetlabs-pe_postgresql (v3.4.4-15-g32e56ed)

├── puppetlabs-pe_razor (v0.2.1-9-g8d78ec2)

├── puppetlabs-pe_repo (v0.7.7-59-g4514315)

├── puppetlabs-pe_staging (v0.3.3-6-gbd9db2b)

└── puppetlabs-puppet_enterprise (v3.7.1-117-g9c48e73)


I am not sure I have the right values in my openrc but I have been using:


# cat openrc.localhost

export OS_AUTH_URL=http://127.0.0.1:5000/v2.0

export OS_PASSWORD=xxxxxxxxxxxxxxxx

export OS_TENANT_NAME=admin

export OS_USERNAME=admin


I believe this is the openstackclient version I am using:


[root at ost-mgmt-centos-001 ~]# rpm -qa | grep openstackclient

python-*openstackclient*-1.0.3-2.el7.noarch

On Mon, Jan 4, 2016 at 1:19 PM, Rich Megginson <rmeggins at redhat.com> wrote:

> On 01/04/2016 02:06 PM, Russell Cecala wrote:
>
> Hi Emilien,
>
>
> I am trying to use https://github.com/openstack/puppet-keystone to set up
> a Kilo keystone node.
>
>
> I'm assuming you're using the kilo branch there?
>
> I was hoping to could help me out so I can get my team to adopt puppet for
> setting up OpenStack.
>
> On my keystone node I am running centos7 with selinux disabled ...
>
>
> What version of openstackclient are you using?
>
> Do you have a $HOME/openrc or /root/openrc, or are you otherwise defining
> OS_* environment variables in the environment before running puppet?
>
>
> [root at svl-ost-mgmt-centos-001 ~]# sestatus
>
> SELinux status:                 disabled
>
> ... and I have flushed my iptables ...
>
>
> [root at svl-ost-mgmt-centos-001 ~]# iptables -L
>
> Chain INPUT (policy ACCEPT)
>
> target     prot opt source               destination
>
>
> Chain FORWARD (policy ACCEPT)
>
> target     prot opt source               destination
>
>
> Chain OUTPUT (policy ACCEPT)
>
> target     prot opt source               destination
>
>
> Yet when I run "puppet agent -t"  I get these errors:
>
>
> [root at ost-mgmt-centos-001 ~]# puppet agent -t
>
> Info: Retrieving pluginfacts
>
> Info: Retrieving plugin
>
> Info: Loading facts
>
> Error: NetworkManager is not running.
>
> Info: Caching catalog for ost-mgmt-centos-001.example.com
>
> *Warning: The tenant parameter is deprecated and will be removed in the
> future. Please use keystone_user_role to assign a user to a project.*
>
> *Warning: The ignore_default_tenant parameter is deprecated and will be
> removed in the future.*
>
> Info: Applying configuration version '1451940682'
>
> *Error: /Stage[main]/Keystone::Roles::Admin/Keystone_user[admin]: Could
> not evaluate: Execution of '/usr/bin/openstack token issue --format value'
> returned 1: ERROR: openstack The resource could not be found. (HTTP 404)
> (Request-ID: req-ca2a6dd1-fdb6-48f4-94fe-8f736fcc01dd)*
>
> Notice:
> /Stage[main]/Keystone::Roles::Admin/Keystone_user_role[admin at openstack]:
> Dependency Keystone_user[admin] has failures: true
>
> *Warning:
> /Stage[main]/Keystone::Roles::Admin/Keystone_user_role[admin at openstack]:
> Skipping because of failed dependencies*
>
> Notice: Finished catalog run in 12.38 seconds
>
> Here's code I am using on my puppet master ...
>
> class wrapcontroller(
>
> ... big list of parameters I am not using until I can get keystone going
> ...
>
> ) {
>
>
>     exec { '/bin/yum -y install
> <http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm>
> http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
> ': unless => '/bin/rpm -q epel-release', }
>
>     exec { '/bin/yum -y install
> <http://rdo.fedorapeople.org/openstack-kilo/rdo-release-kilo.rpm>
> http://rdo.fedorapeople.org/openstack-kilo/rdo-release-kilo.rpm': unless
> => '/bin/rpm -q rdo-release', }
>
>
>     package { 'mariadb': ensure => present, }
>
>     exec { 'keystone_database_init':
>
>         command => '/usr/bin/keystone-manage db_sync',
>
>         onlyif => [
>
>             "/usr/bin/mysql -u$keystone_db_user -p$keystone_db_pass -h
> $db_host -P$db_port $keystone_db_name -e 'show tables'",
>
>             "/usr/bin/test -z \"`/usr/bin/mysql -u$keystone_db_user -p
> $keystone_db_pass -h$db_host -P$db_port $keystone_db_name -e 'show
> tables'`\""
>
>         ],
>
>         require => Package['mariadb'],
>
>     }
>
>
>     class {'::keystone':
>
>         admin_token                => $keystone_auth_token,
>
>         database_connection        => "mysql://${keystone_db_user}:
> ${keystone_db_pass}@${db_host}:${db_port}/${keystone_db_name}",
>
>         debug                      => $debug,
>
>         enabled                    => true,
>
>         enable_ssl                 => false,
>
>         service_name               => 'httpd', # this is a kilo thing
>
>         verbose                    => $debug,
>
>     }
>
>
>     include ::apache
>
>     class { '::keystone::wsgi::apache': ssl => false, }
>
>     class { '::keystone::roles::admin':
>
>        email        => $keystone_admin_email,
>
>        password     => $keystone_admin_password,
>
>     }
>
>     class { '::keystone::endpoint':
>
>        public_url     => "http://127.0.0.1:5000",
>
>        admin_url      => "http://127.0.0.1:35357",
>
>        default_domain => 'admin',
>
>     }
>
> }
> Thanks! And Happy New Year to you :)
> Red
>
>
>
> On Tue, Nov 24, 2015 at 2:38 PM, Emilien Macchi <emilien at redhat.com>
> wrote:
>
>>
>>
>> On 11/24/2015 11:21 PM, Russell Cecala wrote:
>> > I am trying to use the OpenStack community puppet modules.  Here's the
>> > keystone module I am using:
>> <https://github.com/openstack/puppet-keystone>
>> https://github.com/openstack/puppet-keystone
>> > I am using the stable juno branch.  I have in my puppet manifest for my
>> > controller nodes this resource definition:
>> >
>> >     class { '::keystone::roles::admin':
>> >         admin        => $keystone_admin_user,
>> >         email        => $keystone_admin_email,
>> >         password     => $keystone_admin_password,
>> >     } ->
>> >
>> > And when puppet runs that code I get this error:
>> >
>> >     Error:
>> >
>> /Stage[main]/Keystone::Roles::Admin/Keystone_user_role[keystone_admin_user at openstack
>> ]:
>> > Could not evaluate: Execution of '/usr/bin/openstack domain show
>> > --format shell' returned 2: usage: openstack domain show [-h] [-f
>> > {shell,table,value}] [-c COLUMN]
>> >                                  [--max-width <integer>] [--prefix
>> PREFIX]
>> >                                  <domain>
>> >     openstack domain show: error: too few arguments
>>
>> Sounds like an issue with your version of openstackclient, can you
>> provide it?
>>
>> >
>> > Can anyone help me?  Are these Puppet modules still being supported?
>>
>> Yes :-)
>>
>> > Does anyone use them?  Thanks!
>>
>> Double yes.
>> --
>> Emilien Macchi
>>
>>
>
>
> _______________________________________________
> OpenStack-operators mailing listOpenStack-operators at lists.openstack.orghttp://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20160104/0b01229b/attachment.html>


More information about the OpenStack-operators mailing list