Bootstrap juju controller to openstack/base connected openstack cloud fails with address not found error

hmlanigan · 1 June 2020 19:17

@paulrusu, I’ve found reference to this happening to someone before and it was a config issue. However from the notes, it’s not clear which part of the config caused the problem.

Do your credentials have “domain-name” in them? If so, can you try to bootstrap again with that data removed?

If that does not work, the juju yaml for your credentials would be useful. Not the actual values, but to see what is defined.

I also suggest you use juju add-cloud interactively to create the cloud definition. The way it’s setup right now, will not allow you to bootstrap other regions if that is your wish in the future.

paulrusu · 1 June 2020 19:27

Thanks for the reply. I have tried both. Actually, the other address with /auth attached works, but entails the other error I posted where it mentions a version problem in the identity url. Nonetheless, here is my credential yaml:

credentials:
openstack:
cred:
auth-type: userpass
username: admin
password: a_very_interesting_one

hmlanigan · 1 June 2020 19:36

@paulrusu, can you try sourcing your novarc file, then running juju autoload-credentials? It looks like some data usually used is missing, like project etc. (though we still list tenant in the juju yaml file. )

paulrusu · 1 June 2020 19:52

Having done all what you proposed, I still get

ERROR cannot set config: cannot create a client: version part of identity url https://keystone_ip:5000/v3/auth not valid

hmlanigan · 1 June 2020 20:37

@paulrusu, what does the credentials.yaml look like now?

dvnt · 2 June 2020 00:59

Not to toot my own horn, but have you checked out this post

paulrusu · 2 June 2020 08:43

@hmlanigan I followed your advice and used the interactive methods, so the credential has been obtained by

juju autoload-credentials

paulrusu · 2 June 2020 09:19

@dvnt: Thanks for your remarks. In your video, you bootstrap the controller to a http keystone address, which ends with /v3, so apparently, you did not deploy the openstack/base bundle. A couple of weeks ago, I installed openstack through microstack and had no problems bootstrapping the controller with the keystone ip as endpoint. So this seems to be a charmed openstack specific problem.

dvnt · 2 June 2020 10:47

Not sure what you mean, but my environment is indeed a charmed Openstack cloud built from the Openstack base bundle.

Like you I struggled with bootstrapping to Openstack for months. I think the biggest hurdle is the credential itself. Download this example credentials file and try add the juju credential that way.
Note that domain-name on line 6 is intentionally an empty value. Make sure your domain name is provided as part of project-domain-name and user-domain-name (lines 8 and 11)

juju add-credential openstackcloudname -f credentials.yml

paulrusu · 2 June 2020 16:25

What I meant was that in your video the keystone ip is not accessed through https and it also does not have the /auth after the version number. In my version, not putting the /auth leads to a “site not found” error. Maybe I just got a strange version ? Have you deployed yours on focal ?

paulrusu · 2 June 2020 18:01

I have now tried everything you two proposed, but nothing worked, still same error. Any other ideas ?

joakimnyman · 23 March 2021 21:08

Was this solved @paulrusu? I have the same problem. I have installed and setup microstack from snap. When I try to bootstrap openstack I get Resource at http://x.x.x.x:5000/v3/tokens not found.

Hybrid512 · 24 March 2021 07:58

I struggled a little too when adding Openstack as a cloud provider for Juju, before that, I created an Openstack project called “kube-test” to deploy a Kubernetes cluster inside this Openstack project.

Here is what I had to do, be cautious about the “domain” part which are empty/filled, this is very important otherwise it won’t work :

$ juju add-credential openstack-cloud

This operation can be applied to both a copy on this client and to the one on a controller.
Do you want to add a credential to:
1. client only (–client)
2. controller “maas-controller” only (–controller maas-controller)
3. both (–client --controller maas-controller)
Enter your choice, or type Q|q to quit: 1

Enter credential name: admin-kube-test
Regions
RegionOne
Select region [any region, credential is not region specific]:

Using auth-type “userpass”.
Enter username: admin
Enter password: < ADMIN PASSWORD >
Enter tenant-name (optional): kube-test
Enter tenant-id (optional): < PROJECT ID >
Enter version (optional): 3
Enter domain-name (optional):
Enter project-domain-name (optional): admin_domain
Enter user-domain-name (optional): admin_domain
Credential “admin-kube-test” added locally for cloud “openstack-cloud”.

joakimnyman · 24 March 2021 19:46

Thanks for fast reply! Thanks to the “domain” part the URL is now correct.

However, I can’t pass the authentication now…

ERROR authentication failed.: authentication failed
caused by: requesting token: Unauthorised URL http://localhost:5000/v3/auth/tokens
caused by: request (http://localhost:5000/v3/auth/tokens) returned unexpected status: 401; error info: Failed: 401 error: The request you have made requires authentication.

I tried your example. Setting up a new project called kube-test and use the admin to bootstrap it.
Any ideas?

UPDATE:
I can get token successfully with curl:

curl -i \
  -H "Content-Type: application/json" \
  -d '
{ "auth": {
    "identity": {
      "methods": ["password"],
      "password": {
        "user": {
          "name": "admin",
          "domain": { "id": "default" },
          "password": "xxxxxxxxx"
        }
      }
    }
  }
}' \
  "http://localhost:5000/v3/auth/tokens" ; echo

Hybrid512 · 25 March 2021 08:53

I edited my post, I didn’t see that trhe editor just blanked my < xxx > lines.
I think you need the project ID.

joakimnyman · 25 March 2021 14:14

I have tried setting project ID as tenant-id with same result…

pmatulis · 25 March 2021 14:49

So you’re using MicroStack and want to back Juju with it right? Lemme try this and I’ll report back.

pmatulis · 25 March 2021 16:19

So for the MicroStack use case I confirmed this bug.

joakimnyman · 26 March 2021 14:17

Yes, correct.

iurii-golikov · 18 July 2021 13:39

@paulrusu
@joakimnyman

Solved, TL;DR: use region name “microstack”.

I faced the same problem and was able to solve it.
At least to the point where I could start provisioning the juju controller, it’s still running, so I can’t confirm that it creates a working controller yet, but at least it didn’t fail at auth stage.

If you’ve used microstack snap to install openstack (like me) and now you want to use juju to bootstrap something (I want to bootstrap kubernetes for example), then you should use region “microstack”.
If you try to use any other region name for juju cloud config, credential config, simplestreams metadata, etc. - it won’t work.
I figured it out by running openstack endpoint list and note the region column.

Here’s what worked for me.

Create juju controller flavour, 4GB, 4 vCPUs:

openstack flavor create juju-controller --ram 4096 --disk 20 --vcpus 4

Download and import Ubuntu Focal Fossa image to Glance:

wget https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img
openstack image create Ubuntu-Focal-Fossa \
  --public \
  --disk-format=qcow2 \
  --container-format=bare \
  --property os_distro='ubuntu' \
  --file=focal-server-cloudimg-amd64.img

export IMAGE=$(openstack image list -f value -c ID --name Ubuntu-Focal-Fossa)

Initialize juju local openstack cloud.
Note the region name below is “microstack”, that’s the key to solution:

source /var/snap/microstack/common/etc/microstack.rc

tee openstack-cloud.yaml > /dev/null << EOL
clouds:
  openstack:
    type: openstack
    auth-types: [userpass]
    regions:
      microstack:
        endpoint: '${OS_AUTH_URL}/v3'
EOL

juju add-cloud --client openstack openstack-cloud.yaml

Add juju credentials to local openstack cloud.
Note once again that the region name below is microstack:

tee openstack-credentials.yaml > /dev/null << EOL
credentials:
  openstack:
    default-region: microstack
    admin:
      auth-type: userpass
      domain-name: ""
      project-domain-name: default
      tenant-id: ""
      tenant-name: admin
      user-domain-name: default
      username: admin
      password: ${OS_PASSWORD}
      version: "3"
EOL

juju add-credential --client openstack -f openstack-credentials.yaml
juju set-default-credential openstack admin

Configure simplestreams and generate juju image metadata files.
And here once again, the region parameter (-r) should be microstack:

mkdir simplestreams
juju metadata generate-image -d ~/simplestreams -i $IMAGE -s focal -r microstack -u ${OS_AUTH_URL}/v3

Initialize the juju controller.
Important note here is to define use-floating-ip=true, otherwise juju won’t be able to connect to your VM in private network.

juju bootstrap --debug \
    --config network=private \
    --config external-network=public \
    --config use-floating-ip=true \
    --config use-default-secgroup=true \
    --bootstrap-series=focal \
    --bootstrap-constraints instance-type=juju-controller \
    --metadata-source $HOME/simplestreams/ \
    openstack openstack

I hope that helps!

By the way I’m creating a fully automatic single script solution for home lab single node kubernetes cluster on ubuntu microstack: https://gist.github.com/meetmatt/da9e7364dec04a43465e20c430fb58df
Will publish part 2 with the actual juju k8s provisioning soon, stay tuned.

Best regards,
Iurii