On 01/04/2016 03:07 PM, Russell Cecala wrote:
Thank you for the reply Rich,
Here are the versions of my puppet modules:
[root@ost-puppet-centos-001 keystone]# puppet module list
/etc/puppetlabs/puppet/environments/production/modules
├── nanliu-staging (v1.0.3)
├── openstack-keystone (v6.1.0)
├── openstack-openstacklib (v6.1.0)
├── puppetlabs-apache (v1.7.0)
├── puppetlabs-apt (v1.8.0)
├── puppetlabs-concat (v1.2.4)
├── puppetlabs-firewall (v1.7.1)
├── puppetlabs-inifile (v1.4.2)
├── puppetlabs-mysql (v3.6.1)
├── puppetlabs-postgresql (v3.4.2)
├── puppetlabs-rabbitmq (v5.3.1)
└── puppetlabs-stdlib (v4.9.0)
/etc/puppetlabs/puppet/modules
├── cisco-gis-openstack (???)
├── haproxy (???)
├── keepalived (???)
├── mikduart-unnamed (v0.1.0)
├── mikduart-unnamed (v0.1.0)
├── mikduart-unnamed (v0.1.0)
├── puppetlabs-mongodb (v0.10.0)
├── saz-memcached (v2.4.0)
├── setup_mariadb_script (???)
├── sysctl (???)
└── wrapmongodb (???)
/opt/puppet/share/puppet/modules
├── puppetlabs-pe_accounts (v2.0.2-8-g8acc04e)
├── puppetlabs-pe_concat (v1.1.2-4-g2b7bba2)
├── puppetlabs-pe_console_prune (v0.1.1-4-g293f45b)
├── puppetlabs-pe_inifile (v1.1.4-16-gcb39966)
├── puppetlabs-pe_java_ks (v1.2.4-35-g44fbb26)
├── puppetlabs-pe_postgresql (v3.4.4-15-g32e56ed)
├── puppetlabs-pe_razor (v0.2.1-9-g8d78ec2)
├── puppetlabs-pe_repo (v0.7.7-59-g4514315)
├── puppetlabs-pe_staging (v0.3.3-6-gbd9db2b)
└── puppetlabs-puppet_enterprise (v3.7.1-117-g9c48e73)
I am not sure I have the right values in my openrc but I have been using:
# cat openrc.localhost
export OS_AUTH_URL=http://127.0.0.1:5000/v2.0
export OS_PASSWORD=xxxxxxxxxxxxxxxx
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
Is this sourced into the environment where puppet is running? It should
not be.
I believe this is the openstackclient version I am using:
[root@ost-mgmt-centos-001 ~]# rpm -qa | grep openstackclient
python-*openstackclient*-1.0.3-2.el7.noarch
On Mon, Jan 4, 2016 at 1:19 PM, Rich Megginson <rmegg...@redhat.com
<mailto:rmegg...@redhat.com>> wrote:
On 01/04/2016 02:06 PM, Russell Cecala wrote:
Hi Emilien,
I am trying to use https://github.com/openstack/puppet-keystone
to set up a Kilo keystone node.
I'm assuming you're using the kilo branch there?
I was hoping to could help me out so I can get my team to adopt
puppet for setting up OpenStack.
On my keystone node I am running centos7 with selinux disabled ...
What version of openstackclient are you using?
Do you have a $HOME/openrc or /root/openrc, or are you otherwise
defining OS_* environment variables in the environment before
running puppet?
[root@svl-ost-mgmt-centos-001 ~]# sestatus
SELinux status: disabled
... and I have flushed my iptables ...
[root@svl-ost-mgmt-centos-001 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Yet when I run "puppet agent -t" I get these errors:
[root@ost-mgmt-centos-001 ~]# puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Error: NetworkManager is not running.
Info: Caching catalog for ost-mgmt-centos-001.example.com
<http://ost-mgmt-centos-001.example.com>
*Warning: The tenant parameter is deprecated and will be removed
in the future. Please use keystone_user_role to assign a user to
a project.*
*Warning: The ignore_default_tenant parameter is deprecated and
will be removed in the future.*
Info: Applying configuration version '1451940682'
*Error: /Stage[main]/Keystone::Roles::Admin/Keystone_user[admin]:
Could not evaluate: Execution of '/usr/bin/openstack token issue
--format value' returned 1: ERROR: openstack The resource could
not be found. (HTTP 404) (Request-ID:
req-ca2a6dd1-fdb6-48f4-94fe-8f736fcc01dd)*
*This usually indicates that it is trying to ensure that the user
"admin" exists but the password is incorrect. That is, the class {
'::keystone::roles::admin': password =>
$keystone_admin_password is not correct.
If you are sure it is correct, then it could be a mismatch between the
identity api version used by the puppet module and the one specified in
the environment. Check the keystone access logs to see what URL this is
trying to access - something with /token or /tokens, or something with
/auth/token or /auth/tokens
*
Notice:
/Stage[main]/Keystone::Roles::Admin/Keystone_user_role[admin@openstack]:
Dependency Keystone_user[admin] has failures: true
*Warning:
/Stage[main]/Keystone::Roles::Admin/Keystone_user_role[admin@openstack]:
Skipping because of failed dependencies*
Notice: Finished catalog run in 12.38 seconds
Here's code I am using on my puppet master ...
classwrapcontroller(
... big list of parameters I am not using until I can get
keystone going ...
) {
exec{ '/bin/yum -y install
http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm':
unless=> '/bin/rpm -q epel-release', }
exec{ '/bin/yum -y install
http://rdo.fedorapeople.org/openstack-kilo/rdo-release-kilo.rpm':
unless=> '/bin/rpm -q rdo-release', }
package { 'mariadb': ensure => present, }
exec{ 'keystone_database_init':
command=> '/usr/bin/keystone-manage db_sync',
onlyif => [
"/usr/bin/mysql
-u$keystone_db_user-p$keystone_db_pass-h$db_host-P$db_port$keystone_db_name-e
'show tables'",
"/usr/bin/test -z \"`/usr/bin/mysql -u$keystone_db_user
-p$keystone_db_pass -h$db_host -P$db_port $keystone_db_name -e
'show tables'`\""
],
require => Package['mariadb'],
}
class{'::keystone':
admin_token => $keystone_auth_token,
database_connection =>
"mysql://${keystone_db_user}:${keystone_db_pass}@${db_host}:${db_port}/${keystone_db_name}",
debug => $debug,
enabled => true,
enable_ssl => false,
service_name => 'httpd',# this is a kilo thing
verbose => $debug,
}
include ::apache
class{ '::keystone::wsgi::apache': ssl=> false, }
class{ '::keystone::roles::admin':
email => $keystone_admin_email,
password => $keystone_admin_password,
}
class{ '::keystone::endpoint':
public_url => "http://127.0.0.1:5000";,
admin_url => "http://127.0.0.1:35357";,
default_domain=> 'admin',
}
}
Thanks! And Happy New Year to you :)
Red
On Tue, Nov 24, 2015 at 2:38 PM, Emilien Macchi
<emil...@redhat.com <mailto:emil...@redhat.com>> wrote:
On 11/24/2015 11:21 PM, Russell Cecala wrote:
> I am trying to use the OpenStack community puppet modules.
Here's the
> keystone module I am using:
https://github.com/openstack/puppet-keystone
> I am using the stable juno branch. I have in my puppet
manifest for my
> controller nodes this resource definition:
>
> class { '::keystone::roles::admin':
> admin => $keystone_admin_user,
> email => $keystone_admin_email,
> password => $keystone_admin_password,
> } ->
>
> And when puppet runs that code I get this error:
>
> Error:
>
/Stage[main]/Keystone::Roles::Admin/Keystone_user_role[keystone_admin_user@openstack]:
> Could not evaluate: Execution of '/usr/bin/openstack domain
show
> --format shell' returned 2: usage: openstack domain show
[-h] [-f
> {shell,table,value}] [-c COLUMN]
> [--max-width <integer>] [--prefix PREFIX]
> <domain>
> openstack domain show: error: too few arguments
Sounds like an issue with your version of openstackclient,
can you
provide it?
>
> Can anyone help me? Are these Puppet modules still being
supported?
Yes :-)
> Does anyone use them? Thanks!
Double yes.
--
Emilien Macchi
_______________________________________________
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
<mailto:OpenStack-operators@lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
_______________________________________________
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
<mailto:OpenStack-operators@lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
_______________________________________________
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
