Bootstrap juju controller to openstack/base connected openstack cloud fails with address not found error

In order to use the openstack/base environment I obtained through following this tutorial on a maas cloud to deploy charmed-kubernetes, I am trying to set up another cloud with juju using as endpoint the keystone ip :
type: openstack
auth-types: [access-key,userpass]
endpoint: https://keystone_ip:5000/v3

I created a userpass credential and provide this to the juju bootstrap command. However, when I try to bootstrap this second controller, I get error:

ERROR authentication failed.: authentication failed
caused by: requesting token failed
caused by: Resource at https://keystone_ip:5000/v3/tokens not found

There are indeed no tokens under above address, but under https://keystone_ip:5000/v3/auth/tokens.

If I use https://keystone_ip:5000/v3/auth/tokens as endpoint in the cloud definition yaml file, I get error:

ERROR cannot set config: cannot create a client: version part of identity url https://keystone_ip:5000/v3/auth/ not valid

Is there a more standard way to do this ?

Try setting the auth type to userpass only.

I don’t see the domain included in your credential. I believe this is required for V3 keystone

Unfortunately, using userpass alone does not work either. As for the credential, I have not put it up. If you mean the cloud definition in the yaml-snippet listed above, that is inspired from the microstack deployment I have used before, following guidance on this site. Obviously, it is http in that example, but I figured it should work similarly here.

@paulrusu, I’ve found reference to this happening to someone before and it was a config issue. However from the notes, it’s not clear which part of the config caused the problem.

Do your credentials have “domain-name” in them? If so, can you try to bootstrap again with that data removed?

If that does not work, the juju yaml for your credentials would be useful. Not the actual values, but to see what is defined.

I also suggest you use juju add-cloud interactively to create the cloud definition. The way it’s setup right now, will not allow you to bootstrap other regions if that is your wish in the future.

Thanks for the reply. I have tried both. Actually, the other address with /auth attached works, but entails the other error I posted where it mentions a version problem in the identity url. Nonetheless, here is my credential yaml:

auth-type: userpass
username: admin
password: a_very_interesting_one

@paulrusu, can you try sourcing your novarc file, then running juju autoload-credentials? It looks like some data usually used is missing, like project etc. (though we still list tenant in the juju yaml file. :frowning: )

Having done all what you proposed, I still get

ERROR cannot set config: cannot create a client: version part of identity url https://keystone_ip:5000/v3/auth not valid

@paulrusu, what does the credentials.yaml look like now?

Not to toot my own horn, but have you checked out this post

@hmlanigan I followed your advice and used the interactive methods, so the credential has been obtained by

juju autoload-credentials

@dvnt: Thanks for your remarks. In your video, you bootstrap the controller to a http keystone address, which ends with /v3, so apparently, you did not deploy the openstack/base bundle. A couple of weeks ago, I installed openstack through microstack and had no problems bootstrapping the controller with the keystone ip as endpoint. So this seems to be a charmed openstack specific problem.

Not sure what you mean, but my environment is indeed a charmed Openstack cloud built from the Openstack base bundle.

Like you I struggled with bootstrapping to Openstack for months. I think the biggest hurdle is the credential itself. Download this example credentials file and try add the juju credential that way.
Note that domain-name on line 6 is intentionally an empty value. Make sure your domain name is provided as part of project-domain-name and user-domain-name (lines 8 and 11)

juju add-credential openstackcloudname -f credentials.yml

What I meant was that in your video the keystone ip is not accessed through https and it also does not have the /auth after the version number. In my version, not putting the /auth leads to a “site not found” error. Maybe I just got a strange version ? Have you deployed yours on focal ?

I have now tried everything you two proposed, but nothing worked, still same error. Any other ideas ?

Was this solved @paulrusu? I have the same problem. I have installed and setup microstack from snap. When I try to bootstrap openstack I get Resource at http://x.x.x.x:5000/v3/tokens not found.

1 Like

I struggled a little too when adding Openstack as a cloud provider for Juju, before that, I created an Openstack project called “kube-test” to deploy a Kubernetes cluster inside this Openstack project.

Here is what I had to do, be cautious about the “domain” part which are empty/filled, this is very important otherwise it won’t work :

$ juju add-credential openstack-cloud

This operation can be applied to both a copy on this client and to the one on a controller.
Do you want to add a credential to:
1. client only (–client)
2. controller “maas-controller” only (–controller maas-controller)
3. both (–client --controller maas-controller)
Enter your choice, or type Q|q to quit: 1

Enter credential name: admin-kube-test
Select region [any region, credential is not region specific]:

Using auth-type “userpass”.
Enter username: admin
Enter password: < ADMIN PASSWORD >
Enter tenant-name (optional): kube-test
Enter tenant-id (optional): < PROJECT ID >
Enter version (optional): 3
Enter domain-name (optional):
Enter project-domain-name (optional): admin_domain
Enter user-domain-name (optional): admin_domain
Credential “admin-kube-test” added locally for cloud “openstack-cloud”.


Thanks for fast reply! Thanks to the “domain” part the URL is now correct.

However, I can’t pass the authentication now…

ERROR authentication failed.: authentication failed
caused by: requesting token: Unauthorised URL http://localhost:5000/v3/auth/tokens
caused by: request (http://localhost:5000/v3/auth/tokens) returned unexpected status: 401; error info: Failed: 401 error: The request you have made requires authentication.

I tried your example. Setting up a new project called kube-test and use the admin to bootstrap it.
Any ideas?

I can get token successfully with curl:

curl -i \
  -H "Content-Type: application/json" \
  -d '
{ "auth": {
    "identity": {
      "methods": ["password"],
      "password": {
        "user": {
          "name": "admin",
          "domain": { "id": "default" },
          "password": "xxxxxxxxx"
}' \
  "http://localhost:5000/v3/auth/tokens" ; echo

I edited my post, I didn’t see that trhe editor just blanked my < xxx > lines.
I think you need the project ID.

I have tried setting project ID as tenant-id with same result…

So you’re using MicroStack and want to back Juju with it right? Lemme try this and I’ll report back.