Bootstrap juju controller to openstack/base connected openstack cloud fails with address not found error

@paulrusu, I’ve found reference to this happening to someone before and it was a config issue. However from the notes, it’s not clear which part of the config caused the problem.

Do your credentials have “domain-name” in them? If so, can you try to bootstrap again with that data removed?

If that does not work, the juju yaml for your credentials would be useful. Not the actual values, but to see what is defined.

I also suggest you use juju add-cloud interactively to create the cloud definition. The way it’s setup right now, will not allow you to bootstrap other regions if that is your wish in the future.

Thanks for the reply. I have tried both. Actually, the other address with /auth attached works, but entails the other error I posted where it mentions a version problem in the identity url. Nonetheless, here is my credential yaml:

credentials:
openstack:
cred:
auth-type: userpass
username: admin
password: a_very_interesting_one

@paulrusu, can you try sourcing your novarc file, then running juju autoload-credentials? It looks like some data usually used is missing, like project etc. (though we still list tenant in the juju yaml file. :frowning: )

Having done all what you proposed, I still get

ERROR cannot set config: cannot create a client: version part of identity url https://keystone_ip:5000/v3/auth not valid

@paulrusu, what does the credentials.yaml look like now?

Not to toot my own horn, but have you checked out this post

@hmlanigan I followed your advice and used the interactive methods, so the credential has been obtained by

juju autoload-credentials

@dvnt: Thanks for your remarks. In your video, you bootstrap the controller to a http keystone address, which ends with /v3, so apparently, you did not deploy the openstack/base bundle. A couple of weeks ago, I installed openstack through microstack and had no problems bootstrapping the controller with the keystone ip as endpoint. So this seems to be a charmed openstack specific problem.

Not sure what you mean, but my environment is indeed a charmed Openstack cloud built from the Openstack base bundle.

Like you I struggled with bootstrapping to Openstack for months. I think the biggest hurdle is the credential itself. Download this example credentials file and try add the juju credential that way.
Note that domain-name on line 6 is intentionally an empty value. Make sure your domain name is provided as part of project-domain-name and user-domain-name (lines 8 and 11)

juju add-credential openstackcloudname -f credentials.yml

What I meant was that in your video the keystone ip is not accessed through https and it also does not have the /auth after the version number. In my version, not putting the /auth leads to a “site not found” error. Maybe I just got a strange version ? Have you deployed yours on focal ?

I have now tried everything you two proposed, but nothing worked, still same error. Any other ideas ?

Was this solved @paulrusu? I have the same problem. I have installed and setup microstack from snap. When I try to bootstrap openstack I get Resource at http://x.x.x.x:5000/v3/tokens not found.

1 Like

I struggled a little too when adding Openstack as a cloud provider for Juju, before that, I created an Openstack project called “kube-test” to deploy a Kubernetes cluster inside this Openstack project.

Here is what I had to do, be cautious about the “domain” part which are empty/filled, this is very important otherwise it won’t work :

$ juju add-credential openstack-cloud

This operation can be applied to both a copy on this client and to the one on a controller.
Do you want to add a credential to:
1. client only (–client)
2. controller “maas-controller” only (–controller maas-controller)
3. both (–client --controller maas-controller)
Enter your choice, or type Q|q to quit: 1

Enter credential name: admin-kube-test
Regions
RegionOne
Select region [any region, credential is not region specific]:

Using auth-type “userpass”.
Enter username: admin
Enter password: < ADMIN PASSWORD >
Enter tenant-name (optional): kube-test
Enter tenant-id (optional): < PROJECT ID >
Enter version (optional): 3
Enter domain-name (optional):
Enter project-domain-name (optional): admin_domain
Enter user-domain-name (optional): admin_domain
Credential “admin-kube-test” added locally for cloud “openstack-cloud”.

2 Likes

Thanks for fast reply! Thanks to the “domain” part the URL is now correct.

However, I can’t pass the authentication now…

ERROR authentication failed.: authentication failed
caused by: requesting token: Unauthorised URL http://localhost:5000/v3/auth/tokens
caused by: request (http://localhost:5000/v3/auth/tokens) returned unexpected status: 401; error info: Failed: 401 error: The request you have made requires authentication.

I tried your example. Setting up a new project called kube-test and use the admin to bootstrap it.
Any ideas?

UPDATE:
I can get token successfully with curl:

curl -i \
  -H "Content-Type: application/json" \
  -d '
{ "auth": {
    "identity": {
      "methods": ["password"],
      "password": {
        "user": {
          "name": "admin",
          "domain": { "id": "default" },
          "password": "xxxxxxxxx"
        }
      }
    }
  }
}' \
  "http://localhost:5000/v3/auth/tokens" ; echo

I edited my post, I didn’t see that trhe editor just blanked my < xxx > lines.
I think you need the project ID.

I have tried setting project ID as tenant-id with same result…

So you’re using MicroStack and want to back Juju with it right? Lemme try this and I’ll report back.

So for the MicroStack use case I confirmed this bug.

Yes, correct.

@paulrusu
@joakimnyman

Solved, TL;DR: use region name “microstack”.

I faced the same problem and was able to solve it.
At least to the point where I could start provisioning the juju controller, it’s still running, so I can’t confirm that it creates a working controller yet, but at least it didn’t fail at auth stage.

If you’ve used microstack snap to install openstack (like me) and now you want to use juju to bootstrap something (I want to bootstrap kubernetes for example), then you should use region “microstack”.
If you try to use any other region name for juju cloud config, credential config, simplestreams metadata, etc. - it won’t work.
I figured it out by running openstack endpoint list and note the region column.

Here’s what worked for me.

Create juju controller flavour, 4GB, 4 vCPUs:

openstack flavor create juju-controller --ram 4096 --disk 20 --vcpus 4

Download and import Ubuntu Focal Fossa image to Glance:

wget https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img
openstack image create Ubuntu-Focal-Fossa \
  --public \
  --disk-format=qcow2 \
  --container-format=bare \
  --property os_distro='ubuntu' \
  --file=focal-server-cloudimg-amd64.img

export IMAGE=$(openstack image list -f value -c ID --name Ubuntu-Focal-Fossa)

Initialize juju local openstack cloud.
Note the region name below is “microstack”, that’s the key to solution:

source /var/snap/microstack/common/etc/microstack.rc

tee openstack-cloud.yaml > /dev/null << EOL
clouds:
  openstack:
    type: openstack
    auth-types: [userpass]
    regions:
      microstack:
        endpoint: '${OS_AUTH_URL}/v3'
EOL

juju add-cloud --client openstack openstack-cloud.yaml

Add juju credentials to local openstack cloud.
Note once again that the region name below is microstack:

tee openstack-credentials.yaml > /dev/null << EOL
credentials:
  openstack:
    default-region: microstack
    admin:
      auth-type: userpass
      domain-name: ""
      project-domain-name: default
      tenant-id: ""
      tenant-name: admin
      user-domain-name: default
      username: admin
      password: ${OS_PASSWORD}
      version: "3"
EOL

juju add-credential --client openstack -f openstack-credentials.yaml
juju set-default-credential openstack admin

Configure simplestreams and generate juju image metadata files.
And here once again, the region parameter (-r) should be microstack:

mkdir simplestreams
juju metadata generate-image -d ~/simplestreams -i $IMAGE -s focal -r microstack -u ${OS_AUTH_URL}/v3

Initialize the juju controller.
Important note here is to define use-floating-ip=true, otherwise juju won’t be able to connect to your VM in private network.

juju bootstrap --debug \
    --config network=private \
    --config external-network=public \
    --config use-floating-ip=true \
    --config use-default-secgroup=true \
    --bootstrap-series=focal \
    --bootstrap-constraints instance-type=juju-controller \
    --metadata-source $HOME/simplestreams/ \
    openstack openstack

I hope that helps!

By the way I’m creating a fully automatic single script solution for home lab single node kubernetes cluster on ubuntu microstack: https://gist.github.com/meetmatt/da9e7364dec04a43465e20c430fb58df
Will publish part 2 with the actual juju k8s provisioning soon, stay tuned.

Best regards,
Iurii