I want to add deployed openstack-base to juju ,but fail

Hi,everyone!

I want to add deployed openstack-base-73 to juju fellow OpenStack ,but fail.

juju add-model k8s openstack-cloud ERROR failed to open environ: authentication failed.: authentication failed caused by: requesting token failed caused by: failed executing the request https://10.0.0.188:5000/v3/tokens caused by: Post “https://10.0.0.188:5000/v3/tokens”: x509: certificate signed by unknown authority

This is the paste here.

What may cause it happen? Thank you!

What does does the output of juju show-credentials --show-secrets openstack-cloud openstack-juju-cre look like - please xxxx the private pieces. I’m interested in which keys are set.

Which env var are set in your novarc/openstackrc files?

Hi,@ hmlaniganHeather LaniganJuju Developer,thank you for your response.

novarc is a copy of openrc from bundle openstack-base-73 and paste here.

The credential openstack-juju-cre was created in this page ,

keys is set as this:

Thank you again.

It’s not clear to me whether you even have a controller created. I see evidence of juju add-cloud, juju add-credential, and juju add-model but not juju bootstrap.

Hi@ pmatulis! Thank you for your response.

I read and fellow the document OpenStack again, and change the date of credential , it is still fail,but now beacuase :

ERROR juju.cmd.juju.commands bootstrap.go:883 failed to bootstrap model: cannot start bootstrap instance: no metadata for “focal” images in RegionOne with arches [amd64]

The paste is here

Thank you again.

I found by using the glance simple streams sync charm on the Openstack model it made that particular problem go away.

When simple streams downloads from cloud-images.ubuntu.com it adds some helpful meta data to each image.

The juju bootstrap process looks for that extra metadata so that it knows which image is bionic vs focal.

Hi @ dvnt.,@ pmatulis, hmlanigan,Thank you.

I have deployen matedata manually ,and add a new instance in openstack constraints "“mem=3584M”,now the error is:

ERROR juju.cmd.juju.commands bootstrap.go:883 failed to bootstrap model: cannot start bootstrap instance: cannot set up groups: failed to create a security group with name: juju-2d62d080-c9ce-4172-8c3f-3189afa2443a-f25b5951-d203-4921-8a50-da61108d3916

The log is pasted here.

Thank you again!

Appears this bug still exists.

In another post, the user was able to juju add-credential using a yaml instead of interactively.

The solution was to remove the ‘domain-name’ field is set in credentials.yaml

I’ve seen this before, I thought this bug had been squashed

Hi @ dvnt. Thank you.

I remove domain-name as your said.

but now there is a new error:

DEBUG goose logger.go:44 TRACE: MakeServiceURL: https://10.0.0.195:8774/v2.1/servers/detail
07:30:07 DEBUG goose logger.go:44 TRACE: MakeServiceURL: https://10.0.0.195:8774/v2.1/servers/5f291cbd-fb24-4919-8274-09e54987ee8a
07:30:07 DEBUG goose logger.go:44 TRACE: MakeServiceURL: https://10.0.0.195:8774/v2.1/servers/detail
07:30:17 DEBUG goose logger.go:44 TRACE: MakeServiceURL: https://10.0.0.195:8774/v2.1/servers/5f291cbd-fb24-4919-8274-09e54987ee8a
07:30:17 DEBUG goose logger.go:44 TRACE: MakeServiceURL: https://10.0.0.195:8774/v2.1/servers/detail
07:30:27 DEBUG goose logger.go:44 TRACE: MakeServiceURL: https://10.0.0.195:8774/v2.1/servers/5f291cbd-fb24-4919-8274-09e54987ee8a
07:30:27 DEBUG goose logger.go:44 TRACE: MakeServiceURL: https://10.0.0.195:8774/v2.1/servers/detail
07:30:34 ERROR juju.cmd.juju.commands bootstrap.go:883 failed to bootstrap model: cancelled
07:30:34 DEBUG juju.cmd.juju.commands bootstrap.go:884 (error details: [{/build/snapcraft-juju-35d6cf/parts/juju/src/cmd/juju/commands/bootstrap.go:983: failed to bootstrap model} {/build/snapcraft-juju-35d6cf/parts/juju/src/environs/bootstrap/bootstrap.go:681: } {/build/snapcraft-juju-35d6cf/parts/juju/src/environs/bootstrap/bootstrap.go:646: } {/build/snapcraft-juju-35d6cf/parts/juju/src/environs/bootstrap/bootstrap.go:59: cancelled}])

The paste is here. thank you again.

07:29:45 DEBUG juju.provider.common bootstrap.go:628 connection attempt for 172.16.16.242 failed: ssh: connect to host 172.16.16.242 port 22: Connection timed out

I’m assuming 172.16.16.242 is the private IP address of the instance being spawned in Openstack

On your bootstrap command, try passing in a config flag of

--config use-floating-ip=true

It should end up looking like

juju bootstrap openstack-cloud --metadata-source /root/simplestreams --config use-floating-ip=true`
 --debug

Hi!@ dvnt ,Thank you!

As your said , I bootstrap :slight_smile:

juju bootstrap openstack-cloud --metadata-source /root/simplestreams --config use-floating-ip=true --debug

But now error is:

2021-11-03 01:55:02 DEBUG juju.cmd.jujud main.go:292 jujud complete, code 0, err <nil>
09:55:02 ERROR juju.cmd.juju.commands bootstrap.go:883 failed to bootstrap model: subprocess encountered error code 1
09:55:02 DEBUG juju.cmd.juju.commands bootstrap.go:884 (error details: [{/build/snapcraft-juju-35d6cf/parts/juju/src/cmd/juju/commands/bootstrap.go:983: failed to bootstrap model} {/build/snapcraft-juju-35d6cf/parts/juju/src/environs/bootstrap/bootstrap.go:681: } {/build/snapcraft-juju-35d6cf/parts/juju/src/environs/bootstrap/bootstrap.go:646: } {subprocess encountered error code 1}])
09:55:02 DEBUG juju.cmd.juju.commands bootstrap.go:1634 cleaning up after failed bootstrap
09:55:02 INFO  juju.provider.common destroy.go:21 destroying model "controller"
09:55:02 INFO  juju.provider.common destroy.go:32 destroying instances

This is the paste. Thank you a gain.

caused by: Post “https://10.0.0.194:5000/v3/auth/tokens”: dial tcp 10.0.0.194:5000: i/o timeout

It looks like the bootstrapped instance is trying to call back to the keystone API, but can’t.

Currently instances inside of Openstack with public IP addresses don’t have a valid route back the Openstack keystone API.

You may need to review the routing logic (or firewall policy ) of your external provider bridge network in Openstack.

May it is bootstraping instance without key pairs.

It should be okay. The bootstrap process injects the juju key (usually found at ~/.local/share/juju/ssh ) into the instance using the instance userdata

Once the controller is up you can always add more ssh keys with

juju add-ssh-key "*my-public-key-paterial*"

Maybe it is not work because I can’t ping vm.

The openstack compents and nodes are in 10.0.0.0/20; Vms now is in 10.0.9.0/20,

but they can’t ping each other.

They only ping external floating ip ecah other.

Hi@ dvnt.

It worked.

I changed the network into sigle ethernet interface machines ,and redeployed openstack-base-78.

And repeat the above steps ,and it worked:

12:39:04 INFO  cmd controller.go:104
Bootstrap complete, controller "openstack-cloud-regionone" is now available
Controller machines are in the "controller" model
12:39:04 INFO  cmd bootstrap.go:595 Initial model "default" added
12:39:04 INFO  cmd supercommand.go:544 command finished



root@vivodo-3:~/simplestreams#
root@vivodo-3:~/simplestreams# juju status
Model    Controller                 Cloud/Region               Version  SLA          Timestamp
default  openstack-cloud-regionone  openstack-cloud/RegionOne  2.9.18   unsupported  12:39:18+08:00

Model "admin/default" is empty.

Thank you again.