juju 2.3.7 (via snap)
When attempting to add an Openstack Cloud (in this case Pike), running juju autoload-credentials after adding the cloud causes an incomplete set of credentials.
The cloud cust-dev was added using juju add-cloud and going through the "wizard", it generated the following ~/.local/share/juju/clouds.yaml
clouds:
cust-dev:
type: openstack
auth-types: [userpass]
endpoint: https://Ostk-keystone.hq.cust.com:5000/v3
regions:
cust-region:
endpoint: https://Ostk-keystone.hq.cust.com:5000/v3
Running juju autoload-credentials generates the following ~/.local/share/juju/credentials.yaml
credentials:
cust-dev:
default-region: cust-region
my-user:
auth-type: userpass
domain-name: ""
password: my-pass
project-domain-name: ""
tenant-name: Cust-Dev
user-domain-name: custhq
username: my-user
This is an incomplete file. When attempting to juju bootstrap, the following error occurrs:
DEBUG juju.provider.openstack provider.go:804 authentication failed: authentication failed
caused by: requesting token: Unauthorised URL https://Ostk-keystone.hq.cust.com:5000/v3/auth/tokens
caused by: request (https://Ostk-keystone.hq.cust.com:5000/v3/auth/tokens) returned unexpected status: 401; error info: Failed: 401 error: The request you have made requires authentication.
ERROR authentication failed.
Please ensure the credentials are correct. A common mistake is
to specify the wrong tenant. Use the OpenStack "project" name
for tenant-name in your model configuration.
12:28:18 DEBUG cmd supercommand.go:459 error stack:
github.com/juju/juju/provider/openstack/provider.go:805: authentication failed.
Please ensure the credentials are correct. A common mistake is
to specify the wrong tenant. Use the OpenStack "project" name
for tenant-name in your model configuration.
github.com/juju/juju/environs/bootstrap/prepare.go:163:
github.com/juju/juju/environs/bootstrap/prepare.go:99:
github.com/juju/juju/cmd/juju/commands/bootstrap.go:480:
Going in and editing ~/.local/share/juju/credentials.yaml and adding "custhq" to the project-domain-name line resolves this issue. In the end the correct credentials file looks like:
credentials:
cust-dev:
default-region: cust-region
my-user:
auth-type: userpass
domain-name: ""
password: my-pass
project-domain-name: "custhq"
tenant-name: Cust-Dev
user-domain-name: custhq
username: my-user
This is also repeatable from the admin_domain.
@Jeff, does your credential file (novarc or openrc) have actual OS_PROJECT_ DOMAIN_ NAME? Or does it have OS_PROJECT_ID instead?
I saw a bug in the past that juju does not carry OS_PROJECT_ID properly: /bugs.launchpad .net/juju/ +bug/1722551
https:/
(the library added OS_PROJECT_ID into the whitelist, but not sure the fix was carried to Juju).