Can't validate keystone endpoint when I trying to define an OpenStack cloud for juju

sofrone7 · 8 June 2022 11:26

I am trying to define an OpenStack cloud for juju. To do this, I have first deployed Devstack using the following configuration in the local.conf file:

$ cat local.conf | grep -v "#" | grep -v "^$"
[[local|localrc]]
ADMIN_PASSWORD=admin
DATABASE_PASSWORD=$ADMIN_PASSWORD
RABBIT_PASSWORD=$ADMIN_PASSWORD
SERVICE_PASSWORD=$ADMIN_PASSWORD
HOST_IP=172.29.21.181
FLOATING_RANGE=172.29.20.1/22
Q_FLOATING_ALLOCATION_POOL=start=172.29.21.182,end=172.29.21.184
PUBLIC_NETWORK_GATEWAY=172.29.21.181
ENABLED_SERVICES+=,tls-proxy
ENABLED_SERVICES+=,g-api,g-reg
LOGFILE=$DEST/logs/stack.sh.log
LOGDAYS=2
SWIFT_HASH=66a3d6b56c1f479c8b4e70ab5c2000f5
SWIFT_REPLICAS=1
SWIFT_DATA_DIR=$DEST/data

After a successful deployment, these are the endpoints:

$ openstack endpoint list
+----------------------------------+-----------+--------------+----------------+---------+-----------+-------------------------------------------------+
| ID                               | Region    | Service Name | Service Type   | Enabled | Interface | URL                                             |
+----------------------------------+-----------+--------------+----------------+---------+-----------+-------------------------------------------------+
| 0b489b8a683d4be489448230437e39ca | RegionOne | cinder       | block-storage  | True    | public    | https://172.29.21.181/volume/v3/$(project_id)s  |
| 0b9e96cfe0b440b781171ac0b082de3a | RegionOne | keystone     | identity       | True    | admin     | https://172.29.21.181/identity                  |
| 29ce5b2061dd474492f3aebda164acd0 | RegionOne | cinderv2     | volumev2       | True    | public    | https://172.29.21.181/volume/v2/$(project_id)s  |
| 45e10e75eb6848f5a934674373962e11 | RegionOne | glance       | image          | True    | public    | https://172.29.21.181/image                     |
| 8c35460b8c0d4c21ac9b7dd27bc92c48 | RegionOne | keystone     | identity       | True    | public    | https://172.29.21.181/identity                  |
| af451150c3094497936fd6877380d877 | RegionOne | placement    | placement      | True    | public    | https://172.29.21.181/placement                 |
| b3907f627f684ada8526b89c2c9683f9 | RegionOne | neutron      | network        | True    | public    | https://172.29.21.181:9696/                     |
| c642b07700b54be39e1dd537e8c0f8be | RegionOne | nova         | compute        | True    | public    | https://172.29.21.181/compute/v2.1              |
| dbb94215bc89457383a390a0490a89f6 | RegionOne | nova_legacy  | compute_legacy | True    | public    | https://172.29.21.181/compute/v2/$(project_id)s |
| e1037ed336d541b080e365caa0020e78 | RegionOne | cinderv3     | volumev3       | True    | public    | https://172.29.21.181/volume/v3/$(project_id)s  |
+----------------------------------+-----------+--------------+----------------+---------+-----------+-------------------------------------------------+

But when I try to add the cloud to juju using the “juju add-cloud” command (I am following the indications of this link: https://juju.is/docs/olm/openstack) I get the following error:

$ juju add-cloud openstack
This operation can be applied to both a copy on this client and to the one on a controller.
No current controller was detected and there are no registered controllers on this client: either bootstrap one or register one.
Cloud Types
  lxd
  maas
  manual
  openstack
  vsphere

Select cloud type: openstack

Enter the API endpoint url for the cloud [https://172.29.21.181/identity]: https://172.29.21.181/identity
Can't validate endpoint: No Openstack server running at https://172.29.21.181/identity

Enter the API endpoint url for the cloud [https://172.29.21.181/identity]: https://172.29.21.181/identity/v3
Can't validate endpoint: No Openstack server running at https://172.29.21.181/identity/v3

Enter the API endpoint url for the cloud [https://172.29.21.181/identity]: http://172.29.21.181/identity
Can't validate endpoint: No Openstack server running at http://172.29.21.181/identity

Enter the API endpoint url for the cloud [https://172.29.21.181/identity]: https://172.29.21.181:5000/v3
Can't validate endpoint: No Openstack server running at https://172.29.21.181:5000/v3

I can curl the url:

$ curl https://172.29.21.181/identity
{"versions": {"values": [{"id": "v3.14", "status": "stable", "updated": "2020-04-07T00:00:00Z", "links": [{"rel": "self", "href": "https://172.29.21.181/identity/v3/"}], "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}]}]}}

And I can connect to the port where Keystone is listening:

$ nc -vz 172.29.21.181 5000
Connection to 172.29.21.181 5000 port [tcp/*] succeeded!

I set no_proxy=127.0.0.1,localhost,172.29.21.181 and NO_PROXY=127.0.0.1,localhost,172.29.21.181 as environment variables, because searching for solutions on the Internet I understood that maybe it could solve my problem. But it didn’t work. Apart from this cloud I have another one deployed through Openstack-Ansible. In this cloud I have not encountered this error, the only difference I see is that the url is https://{HOST_IP}:5000/v3. If anyone has any ideas it would be very helpful, thank you.

hmlanigan · 8 June 2022 14:41

Try sourcing your novarc file, then run add-cloud. It will pick up suggested values from your local environment.

sofrone7 · 8 June 2022 15:16

Thanks for your response! I already did that before running the “juju add-cloud” command. As you can see, juju identifies a default value for the endpoint. If I use all the suggested values, I get a similar error when I run the “juju bootstrap” command:

$ juju add-cloud openstack
This operation can be applied to both a copy on this client and to the one on a controller.
No current controller was detected and there are no registered controllers on this client: either bootstrap one or register one.
Cloud Types
  lxd
  maas
  manual
  openstack
  vsphere

Select cloud type: openstack

Enter the API endpoint url for the cloud [https://172.29.21.181/identity]:

Enter a path to the CA certificate for your cloud if one is required to access it. (optional) [/opt/stack/data/CA/int-ca/ca-chain.pem]:

Auth Types
  access-key
  userpass

Select one or more auth types separated by commas: userpass

Enter region [RegionOne]:

Enter the API endpoint url for the region [use cloud api url]:

Enter another region? (y/N): n

Successfully read CA Certificate from /opt/stack/data/CA/int-ca/ca-chain.pem
Cloud "openstack" successfully added to your local client.
You will need to add a credential for this cloud (`juju add-credential openstack`)
before you can use it to bootstrap a controller (`juju bootstrap openstack`) or
to create a model (`juju add-model <your model name> openstack`).

juju bootstrap error:

$ juju bootstrap openstack
ERROR cannot set config: cannot create a client: version part of identity url https://172.29.21.181/identity not valid

hmlanigan · 8 June 2022 16:10

hmmm… which release of openstack is being used here? looks like we’re having issues with openstack endpoint parsing with a different openstack setup than we expect.

please file a bug

sofrone7 · 8 June 2022 16:36

I am supposed to have deployed the latest version as I have used the master branch of the devstack repository. If I run the command “nova-manage --version” I get as result version 22.4.1

How can I file a bug? (Sorry, I’m new to this)

sofrone7 · 8 June 2022 16:46

Okay, my mistake. I’m sure it’s Victoria, because of the error I’ve been deploying other versions and I wasn’t sure which one was this one.

sofrone7 · 9 June 2022 10:37

I have found a way to bypass this error, but I don’t know exactly why. I have modified the OS_AUTH_URL environment variable to end in “/v3”:

$ unset OS_AUTH_URL
$ export OS_AUTH_URL=https://172.29.21.181/identity/v3

Now, after using it as suggested value when running “juju add-cloud”, I don’t get the error when running “juju bootstrap”. I guess when you enter the url manually, juju checks the validity of it and fails for some code reason maybe. Having skipped that check, I guess the “juju bootstrap” command will directly use the url ending in “/v3” which is correct and works.

Now I get the following error:

$ juju bootstrap openstack --verbose
Adding contents of "/opt/stack/.local/share/juju/ssh/juju_id_rsa.pub" to authorized-keys
Creating Juju controller "openstack-regionone" on openstack/RegionOne
Loading image metadata
ERROR failed to bootstrap model: no image metadata found

But I guess I just have to add Swift to my deployment and follow the instructions in this link: Juju | How to configure your OpenStack cloud image metadata

hmlanigan · 9 June 2022 13:15

There is also a way to keep the image data local - you don’t strictly need swift. It’s described in the link you’ve listed.

After that you can do juju metadata add-image as well.

Check out juju show-cloud openstack --include-config output as well. It’ll have a list of openstack specific config values you may need to bootstrap. Especially look at the network ones if you have more than one internal and external network defined for the project.

juju bugs are here: Bugs : juju, there is a link to report a bug on the right side.