Bootstrap juju controller to openstack/base connected openstack cloud fails with address not found error

In order to use the openstack/base environment I obtained through following this tutorial on a maas cloud to deploy charmed-kubernetes, I am trying to set up another cloud with juju using as endpoint the keystone ip :
type: openstack
auth-types: [access-key,userpass]
endpoint: https://keystone_ip:5000/v3

I created a userpass credential and provide this to the juju bootstrap command. However, when I try to bootstrap this second controller, I get error:

ERROR authentication failed.: authentication failed
caused by: requesting token failed
caused by: Resource at https://keystone_ip:5000/v3/tokens not found

There are indeed no tokens under above address, but under https://keystone_ip:5000/v3/auth/tokens.

If I use https://keystone_ip:5000/v3/auth/tokens as endpoint in the cloud definition yaml file, I get error:

ERROR cannot set config: cannot create a client: version part of identity url https://keystone_ip:5000/v3/auth/ not valid

Is there a more standard way to do this ?

Try setting the auth type to userpass only.

I don’t see the domain included in your credential. I believe this is required for V3 keystone

Unfortunately, using userpass alone does not work either. As for the credential, I have not put it up. If you mean the cloud definition in the yaml-snippet listed above, that is inspired from the microstack deployment I have used before, following guidance on this site. Obviously, it is http in that example, but I figured it should work similarly here.

@paulrusu, I’ve found reference to this happening to someone before and it was a config issue. However from the notes, it’s not clear which part of the config caused the problem.

Do your credentials have “domain-name” in them? If so, can you try to bootstrap again with that data removed?

If that does not work, the juju yaml for your credentials would be useful. Not the actual values, but to see what is defined.

I also suggest you use juju add-cloud interactively to create the cloud definition. The way it’s setup right now, will not allow you to bootstrap other regions if that is your wish in the future.

Thanks for the reply. I have tried both. Actually, the other address with /auth attached works, but entails the other error I posted where it mentions a version problem in the identity url. Nonetheless, here is my credential yaml:

auth-type: userpass
username: admin
password: a_very_interesting_one

@paulrusu, can you try sourcing your novarc file, then running juju autoload-credentials? It looks like some data usually used is missing, like project etc. (though we still list tenant in the juju yaml file. :frowning: )

Having done all what you proposed, I still get

ERROR cannot set config: cannot create a client: version part of identity url https://keystone_ip:5000/v3/auth not valid

@paulrusu, what does the credentials.yaml look like now?

Not to toot my own horn, but have you checked out this post

@hmlanigan I followed your advice and used the interactive methods, so the credential has been obtained by

juju autoload-credentials

@dvnt: Thanks for your remarks. In your video, you bootstrap the controller to a http keystone address, which ends with /v3, so apparently, you did not deploy the openstack/base bundle. A couple of weeks ago, I installed openstack through microstack and had no problems bootstrapping the controller with the keystone ip as endpoint. So this seems to be a charmed openstack specific problem.

Not sure what you mean, but my environment is indeed a charmed Openstack cloud built from the Openstack base bundle.

Like you I struggled with bootstrapping to Openstack for months. I think the biggest hurdle is the credential itself. Download this example credentials file and try add the juju credential that way.
Note that domain-name on line 6 is intentionally an empty value. Make sure your domain name is provided as part of project-domain-name and user-domain-name (lines 8 and 11)

juju add-credential openstackcloudname -f credentials.yml

What I meant was that in your video the keystone ip is not accessed through https and it also does not have the /auth after the version number. In my version, not putting the /auth leads to a “site not found” error. Maybe I just got a strange version ? Have you deployed yours on focal ?

I have now tried everything you two proposed, but nothing worked, still same error. Any other ideas ?