Bootstrap juju controller to openstack/base connected openstack cloud fails with address not found error

paulrusu · 31 May 2020 17:29

In order to use the openstack/base environment I obtained through following this tutorial on a maas cloud to deploy charmed-kubernetes, I am trying to set up another cloud with juju using as endpoint the keystone ip :
clouds:
openstack:
type: openstack
auth-types: [access-key,userpass]
regions:
openstack:
endpoint: https://keystone_ip:5000/v3

I created a userpass credential and provide this to the juju bootstrap command. However, when I try to bootstrap this second controller, I get error:

ERROR authentication failed.: authentication failed
caused by: requesting token failed
caused by: Resource at https://keystone_ip:5000/v3/tokens not found

There are indeed no tokens under above address, but under https://keystone_ip:5000/v3/auth/tokens.

If I use https://keystone_ip:5000/v3/auth/tokens as endpoint in the cloud definition yaml file, I get error:

ERROR cannot set config: cannot create a client: version part of identity url https://keystone_ip:5000/v3/auth/ not valid

Is there a more standard way to do this ?

dvnt · 31 May 2020 22:40

Try setting the auth type to userpass only.

I don’t see the domain included in your credential. I believe this is required for V3 keystone

paulrusu · 1 June 2020 10:16

Unfortunately, using userpass alone does not work either. As for the credential, I have not put it up. If you mean the cloud definition in the yaml-snippet listed above, that is inspired from the microstack deployment I have used before, following guidance on this site. Obviously, it is http in that example, but I figured it should work similarly here.

hmlanigan · 1 June 2020 19:17

@paulrusu, I’ve found reference to this happening to someone before and it was a config issue. However from the notes, it’s not clear which part of the config caused the problem.

Do your credentials have “domain-name” in them? If so, can you try to bootstrap again with that data removed?

If that does not work, the juju yaml for your credentials would be useful. Not the actual values, but to see what is defined.

I also suggest you use juju add-cloud interactively to create the cloud definition. The way it’s setup right now, will not allow you to bootstrap other regions if that is your wish in the future.

paulrusu · 1 June 2020 19:27

Thanks for the reply. I have tried both. Actually, the other address with /auth attached works, but entails the other error I posted where it mentions a version problem in the identity url. Nonetheless, here is my credential yaml:

credentials:
openstack:
cred:
auth-type: userpass
username: admin
password: a_very_interesting_one

hmlanigan · 1 June 2020 19:36

@paulrusu, can you try sourcing your novarc file, then running juju autoload-credentials? It looks like some data usually used is missing, like project etc. (though we still list tenant in the juju yaml file. )

paulrusu · 1 June 2020 19:52

Having done all what you proposed, I still get

ERROR cannot set config: cannot create a client: version part of identity url https://keystone_ip:5000/v3/auth not valid

hmlanigan · 1 June 2020 20:37

@paulrusu, what does the credentials.yaml look like now?

dvnt · 2 June 2020 00:59

Not to toot my own horn, but have you checked out this post

paulrusu · 2 June 2020 08:43

@hmlanigan I followed your advice and used the interactive methods, so the credential has been obtained by

juju autoload-credentials

paulrusu · 2 June 2020 09:19

@dvnt: Thanks for your remarks. In your video, you bootstrap the controller to a http keystone address, which ends with /v3, so apparently, you did not deploy the openstack/base bundle. A couple of weeks ago, I installed openstack through microstack and had no problems bootstrapping the controller with the keystone ip as endpoint. So this seems to be a charmed openstack specific problem.

dvnt · 2 June 2020 10:47

Not sure what you mean, but my environment is indeed a charmed Openstack cloud built from the Openstack base bundle.

Like you I struggled with bootstrapping to Openstack for months. I think the biggest hurdle is the credential itself. Download this example credentials file and try add the juju credential that way.
Note that domain-name on line 6 is intentionally an empty value. Make sure your domain name is provided as part of project-domain-name and user-domain-name (lines 8 and 11)

juju add-credential openstackcloudname -f credentials.yml

paulrusu · 2 June 2020 16:25

What I meant was that in your video the keystone ip is not accessed through https and it also does not have the /auth after the version number. In my version, not putting the /auth leads to a “site not found” error. Maybe I just got a strange version ? Have you deployed yours on focal ?

paulrusu · 2 June 2020 18:01

I have now tried everything you two proposed, but nothing worked, still same error. Any other ideas ?

joakimnyman · 23 March 2021 21:08

Was this solved @paulrusu? I have the same problem. I have installed and setup microstack from snap. When I try to bootstrap openstack I get Resource at http://x.x.x.x:5000/v3/tokens not found.

Hybrid512 · 24 March 2021 07:58

I struggled a little too when adding Openstack as a cloud provider for Juju, before that, I created an Openstack project called “kube-test” to deploy a Kubernetes cluster inside this Openstack project.

Here is what I had to do, be cautious about the “domain” part which are empty/filled, this is very important otherwise it won’t work :

$ juju add-credential openstack-cloud

This operation can be applied to both a copy on this client and to the one on a controller.
Do you want to add a credential to:
1. client only (–client)
2. controller “maas-controller” only (–controller maas-controller)
3. both (–client --controller maas-controller)
Enter your choice, or type Q|q to quit: 1

Enter credential name: admin-kube-test
Regions
RegionOne
Select region [any region, credential is not region specific]:

Using auth-type “userpass”.
Enter username: admin
Enter password: < ADMIN PASSWORD >
Enter tenant-name (optional): kube-test
Enter tenant-id (optional): < PROJECT ID >
Enter version (optional): 3
Enter domain-name (optional):
Enter project-domain-name (optional): admin_domain
Enter user-domain-name (optional): admin_domain
Credential “admin-kube-test” added locally for cloud “openstack-cloud”.

joakimnyman · 24 March 2021 19:46

Thanks for fast reply! Thanks to the “domain” part the URL is now correct.

However, I can’t pass the authentication now…

ERROR authentication failed.: authentication failed
caused by: requesting token: Unauthorised URL http://localhost:5000/v3/auth/tokens
caused by: request (http://localhost:5000/v3/auth/tokens) returned unexpected status: 401; error info: Failed: 401 error: The request you have made requires authentication.

I tried your example. Setting up a new project called kube-test and use the admin to bootstrap it.
Any ideas?

UPDATE:
I can get token successfully with curl:

curl -i \
  -H "Content-Type: application/json" \
  -d '
{ "auth": {
    "identity": {
      "methods": ["password"],
      "password": {
        "user": {
          "name": "admin",
          "domain": { "id": "default" },
          "password": "xxxxxxxxx"
        }
      }
    }
  }
}' \
  "http://localhost:5000/v3/auth/tokens" ; echo

Hybrid512 · 25 March 2021 08:53

I edited my post, I didn’t see that trhe editor just blanked my < xxx > lines.
I think you need the project ID.

joakimnyman · 25 March 2021 14:14

I have tried setting project ID as tenant-id with same result…

pmatulis · 25 March 2021 14:49

So you’re using MicroStack and want to back Juju with it right? Lemme try this and I’ll report back.