2016-08-17 15:21:57 |
Franciraldo Cavalcante |
bug |
|
|
added bug |
2016-08-17 15:25:25 |
Franciraldo Cavalcante |
description |
We're trying to create a new domain, for heat for our OpenStack deployment. Currently only using default/Default (id/name).
I've made the addition to create the domain and it's manager user, through puppet. I could test the new functionality through a puppet agent update. When I build my Keystone node from scratch, though, puppet-keystone seems to change the default id to the heat domain:
[-- message on keystone creation --]
==> dev01-keystone-001: Warning: Puppet::Type::Keystone_user::ProviderOpenstack: Support for a resource without the domain set is deprecated in Liberty cycle. It will be dropped in the M-cycle. Currently using 'Default' as default domain name while the default domain id is 'e3f9107d5bea4feaac91e486a5db64b5'.
[-- two domains created --]
[DEV] root@dev01-build-001:/etc/puppet# openstack domain list
+----------------------------------+---------+---------+--------------------+
| ID | Name | Enabled | Description |
+----------------------------------+---------+---------+--------------------+
| default | Default | True | The default domain |
| e3f9107d5bea4feaac91e486a5db64b5 | heat | True | |
+----------------------------------+---------+---------+--------------------+
[-- Authentication Error --]
Even if I set the identity/default_domain_id to default, the mistake persists.
Please let know if there's a way around this problem. |
We're trying to create a new domain, for heat for our OpenStack deployment. Currently only using default/Default (id/name).
I've made the addition to create the domain and it's manager user, through puppet. I could test the new functionality through a puppet agent update. When I build my Keystone node from scratch, though, puppet-keystone seems to change the default id to the heat domain:
[-- message on keystone creation --]
==> dev01-keystone-001: Warning: Puppet::Type::Keystone_user::ProviderOpenstack: Support for a resource without the domain set is deprecated in Liberty cycle. It will be dropped in the M-cycle. Currently using 'Default' as default domain name while the default domain id is 'e3f9107d5bea4feaac91e486a5db64b5'.
[-- two domains created --]
[DEV] root@dev01-build-001:/etc/puppet# openstack domain list
+----------------------------------+---------+---------+--------------------+
| ID | Name | Enabled | Description |
+----------------------------------+---------+---------+--------------------+
| default | Default | True | The default domain |
| e3f9107d5bea4feaac91e486a5db64b5 | heat | True | |
+----------------------------------+---------+---------+--------------------+
[-- Authentication Error --]
[DEV] root@dev01-build-001:~/heat-test# openstack stack create -f yaml -t short.yaml short --wait
2016-08-16 22:38:01 [short]: CREATE_FAILED Authorization failed.
Stack short CREATE_FAILED
Even if I set the identity/default_domain_id to default, the mistake persists.
Please let know if there's a way around this problem. |
|
2016-08-17 15:28:11 |
Franciraldo Cavalcante |
description |
We're trying to create a new domain, for heat for our OpenStack deployment. Currently only using default/Default (id/name).
I've made the addition to create the domain and it's manager user, through puppet. I could test the new functionality through a puppet agent update. When I build my Keystone node from scratch, though, puppet-keystone seems to change the default id to the heat domain:
[-- message on keystone creation --]
==> dev01-keystone-001: Warning: Puppet::Type::Keystone_user::ProviderOpenstack: Support for a resource without the domain set is deprecated in Liberty cycle. It will be dropped in the M-cycle. Currently using 'Default' as default domain name while the default domain id is 'e3f9107d5bea4feaac91e486a5db64b5'.
[-- two domains created --]
[DEV] root@dev01-build-001:/etc/puppet# openstack domain list
+----------------------------------+---------+---------+--------------------+
| ID | Name | Enabled | Description |
+----------------------------------+---------+---------+--------------------+
| default | Default | True | The default domain |
| e3f9107d5bea4feaac91e486a5db64b5 | heat | True | |
+----------------------------------+---------+---------+--------------------+
[-- Authentication Error --]
[DEV] root@dev01-build-001:~/heat-test# openstack stack create -f yaml -t short.yaml short --wait
2016-08-16 22:38:01 [short]: CREATE_FAILED Authorization failed.
Stack short CREATE_FAILED
Even if I set the identity/default_domain_id to default, the mistake persists.
Please let know if there's a way around this problem. |
We're trying to create a new domain, for Heat, for our OpenStack deployment. Currently only using default/Default (id/name).
I've made the addition to create the domain and it's manager user, through puppet. I could test the new functionality through a puppet agent update. When I build my Keystone node from scratch, though, puppet-keystone seems to change the default id to the heat domain:
[-- message on keystone creation --]
==> dev01-keystone-001: Warning: Puppet::Type::Keystone_user::ProviderOpenstack: Support for a resource without the domain set is deprecated in Liberty cycle. It will be dropped in the M-cycle. Currently using 'Default' as default domain name while the default domain id is 'e3f9107d5bea4feaac91e486a5db64b5'.
[-- two domains created --]
[DEV] root@dev01-build-001:/etc/puppet# openstack domain list
+----------------------------------+---------+---------+--------------------+
| ID | Name | Enabled | Description |
+----------------------------------+---------+---------+--------------------+
| default | Default | True | The default domain |
| e3f9107d5bea4feaac91e486a5db64b5 | heat | True | |
+----------------------------------+---------+---------+--------------------+
[-- Authentication Error --]
[DEV] root@dev01-build-001:~/heat-test# openstack stack create -f yaml -t short.yaml short --wait
2016-08-16 22:38:01 [short]: CREATE_FAILED Authorization failed.
Stack short CREATE_FAILED
Even if I set the identity/default_domain_id to default, the mistake persists.
Please let know if there's a way around this problem. |
|
2016-08-17 20:35:38 |
Franciraldo Cavalcante |
description |
We're trying to create a new domain, for Heat, for our OpenStack deployment. Currently only using default/Default (id/name).
I've made the addition to create the domain and it's manager user, through puppet. I could test the new functionality through a puppet agent update. When I build my Keystone node from scratch, though, puppet-keystone seems to change the default id to the heat domain:
[-- message on keystone creation --]
==> dev01-keystone-001: Warning: Puppet::Type::Keystone_user::ProviderOpenstack: Support for a resource without the domain set is deprecated in Liberty cycle. It will be dropped in the M-cycle. Currently using 'Default' as default domain name while the default domain id is 'e3f9107d5bea4feaac91e486a5db64b5'.
[-- two domains created --]
[DEV] root@dev01-build-001:/etc/puppet# openstack domain list
+----------------------------------+---------+---------+--------------------+
| ID | Name | Enabled | Description |
+----------------------------------+---------+---------+--------------------+
| default | Default | True | The default domain |
| e3f9107d5bea4feaac91e486a5db64b5 | heat | True | |
+----------------------------------+---------+---------+--------------------+
[-- Authentication Error --]
[DEV] root@dev01-build-001:~/heat-test# openstack stack create -f yaml -t short.yaml short --wait
2016-08-16 22:38:01 [short]: CREATE_FAILED Authorization failed.
Stack short CREATE_FAILED
Even if I set the identity/default_domain_id to default, the mistake persists.
Please let know if there's a way around this problem. |
We're trying to create a new domain, for Heat, for our OpenStack deployment. Currently only using default/Default (id/name).
I've made the addition to create the domain and it's manager user, through puppet. I could test the new functionality through a puppet agent update. When I build my Keystone node from scratch, though, puppet-keystone seems to change the default id to the heat domain:
[-- message on keystone creation --]
==> dev01-keystone-001: Warning: Puppet::Type::Keystone_user::ProviderOpenstack: Support for a resource without the domain set is deprecated in Liberty cycle. It will be dropped in the M-cycle. Currently using 'Default' as default domain name while the default domain id is 'e3f9107d5bea4feaac91e486a5db64b5'.
[-- two domains created --]
[DEV] root@dev01-build-001:/etc/puppet# openstack domain list
+----------------------------------+---------+---------+--------------------+
| ID | Name | Enabled | Description |
+----------------------------------+---------+---------+--------------------+
| default | Default | True | The default domain |
| e3f9107d5bea4feaac91e486a5db64b5 | heat | True | |
+----------------------------------+---------+---------+--------------------+
[-- Authentication Error --]
[DEV] root@dev01-build-001:~/heat-test# openstack stack create -f yaml -t short.yaml short --wait
2016-08-16 22:38:01 [short]: CREATE_FAILED Authorization failed.
Stack short CREATE_FAILED
Even if I set the identity/default_domain_id to default, the mistake persists.
Please let know if there's a way around this problem.
[-- manifests/profile/keystone.pp --]
...
$heat_api_cfn_enabled = hiera('heat_api_cfn_enabled', false),
$heat_domain_enabled = hiera('heat_domain_enabled', false),
$heat_domain_name = 'heat',
$heat_domain_admin = 'heat_admin',
$heat_domain_admin_email = 'heat_admin@localhost',
$heat_domain_password = hiera('heat_domain_password', undef),
...
if $heat_domain_enabled {
include ::heat::deps
include ::heat::params
ensure_resource('keystone_domain', $heat_domain_name, {
'ensure' => 'present',
'enabled' => true,
})
ensure_resource('keystone_user', "${heat_domain_admin}::${heat_domain_name}", {
'ensure' => 'present',
'enabled' => true,
'email' => $heat_domain_admin_email,
'password' => $heat_domain_password,
})
ensure_resource('keystone_user_role', "${heat_domain_admin}::${heat_domain_name}@::${heat_domain_name}", {
'roles' => ['admin'],
})
} |
|
2016-08-17 20:47:28 |
Emilien Macchi |
puppet-keystone: status |
New |
Incomplete |
|
2016-08-17 20:52:02 |
Matt Fischer |
summary |
Need to create heat domain without changing the default_domain_id |
creating a keystone_domain can make it the default even though is_default is false |
|
2016-08-17 20:58:24 |
Matt Fischer |
description |
We're trying to create a new domain, for Heat, for our OpenStack deployment. Currently only using default/Default (id/name).
I've made the addition to create the domain and it's manager user, through puppet. I could test the new functionality through a puppet agent update. When I build my Keystone node from scratch, though, puppet-keystone seems to change the default id to the heat domain:
[-- message on keystone creation --]
==> dev01-keystone-001: Warning: Puppet::Type::Keystone_user::ProviderOpenstack: Support for a resource without the domain set is deprecated in Liberty cycle. It will be dropped in the M-cycle. Currently using 'Default' as default domain name while the default domain id is 'e3f9107d5bea4feaac91e486a5db64b5'.
[-- two domains created --]
[DEV] root@dev01-build-001:/etc/puppet# openstack domain list
+----------------------------------+---------+---------+--------------------+
| ID | Name | Enabled | Description |
+----------------------------------+---------+---------+--------------------+
| default | Default | True | The default domain |
| e3f9107d5bea4feaac91e486a5db64b5 | heat | True | |
+----------------------------------+---------+---------+--------------------+
[-- Authentication Error --]
[DEV] root@dev01-build-001:~/heat-test# openstack stack create -f yaml -t short.yaml short --wait
2016-08-16 22:38:01 [short]: CREATE_FAILED Authorization failed.
Stack short CREATE_FAILED
Even if I set the identity/default_domain_id to default, the mistake persists.
Please let know if there's a way around this problem.
[-- manifests/profile/keystone.pp --]
...
$heat_api_cfn_enabled = hiera('heat_api_cfn_enabled', false),
$heat_domain_enabled = hiera('heat_domain_enabled', false),
$heat_domain_name = 'heat',
$heat_domain_admin = 'heat_admin',
$heat_domain_admin_email = 'heat_admin@localhost',
$heat_domain_password = hiera('heat_domain_password', undef),
...
if $heat_domain_enabled {
include ::heat::deps
include ::heat::params
ensure_resource('keystone_domain', $heat_domain_name, {
'ensure' => 'present',
'enabled' => true,
})
ensure_resource('keystone_user', "${heat_domain_admin}::${heat_domain_name}", {
'ensure' => 'present',
'enabled' => true,
'email' => $heat_domain_admin_email,
'password' => $heat_domain_password,
})
ensure_resource('keystone_user_role', "${heat_domain_admin}::${heat_domain_name}@::${heat_domain_name}", {
'roles' => ['admin'],
})
} |
We're trying to create a new domain, for Heat, for our OpenStack deployment. In this catalog we are not defining the default_domain variable in keystone's init.pp. That seems to be relevant but is perhaps not.
Here is our manifest:
...
$heat_api_cfn_enabled = hiera('heat_api_cfn_enabled', false),
$heat_domain_enabled = hiera('heat_domain_enabled', false),
$heat_domain_name = 'heat',
$heat_domain_admin = 'heat_admin',
$heat_domain_admin_email = 'heat_admin@localhost',
$heat_domain_password = hiera('heat_domain_password', undef),
...
ensure_resource('keystone_domain', $heat_domain_name, {
'ensure' => 'present',
'enabled' => true,
})
ensure_resource('keystone_user', "${heat_domain_admin}::${heat_domain_name}", {
'ensure' => 'present',
'enabled' => true,
'email' => $heat_domain_admin_email,
'password' => $heat_domain_password,
})
ensure_resource('keystone_user_role', "${heat_domain_admin}::${heat_domain_name}@::${heat_domain_name}", {
'roles' => ['admin'],
})
Here is the output, note the last line warning and note how what puppet thinks the default_domain_id is:
DEBUG[default_domain_id/in]:
DEBUG[default_domain_from_ini_file]: default
DEBUG[default_domain_id/out]: default
Debug: Executing '/usr/bin/openstack project list --quiet --format csv --long'
Debug: Executing '/usr/bin/openstack domain list --quiet --format csv'
Debug: Prefetching openstack resources for keystone_role
Debug: Executing '/usr/bin/openstack role list --quiet --format csv'
Debug: Prefetching openstack resources for keystone_domain
Debug: Executing '/usr/bin/openstack domain list --quiet --format csv'
DEBUG[default_domain_id/in]: default
DEBUG[default_domain_id/out]: default
Debug: Executing '/usr/bin/openstack domain create --format shell heat --enable'
DEBUG[default_domain_id/in]: default
DEBUG[default_domain_id/out]: default
Notice: /Stage[main]/Cirrus::Profile::Keystone/Keystone_domain[heat]/ensure: created
Debug: /Stage[main]/Cirrus::Profile::Keystone/Keystone_domain[heat]: The container Class[Cirrus::Profile::Keystone] will propagate my refresh event
Debug: Prefetching openstack resources for keystone_user
DEBUG[default_domain_id/in]: 637c781d30714a2aa5eefbf437ce738e
DEBUG[default_domain_id/out]: 637c781d30714a2aa5eefbf437ce738e
DEBUG[./lib/puppet/provider/keystone_user/openstack.rb]
DEBUG[default_domain_id/in]: 637c781d30714a2aa5eefbf437ce738e
DEBUG[default_domain_id/out]: 637c781d30714a2aa5eefbf437ce738e
Warning: Puppet::Type::Keystone_user::ProviderOpenstack: Support for a resource without the domain set is deprecated in Liberty cycle. It will be dropped in the M-cycle. Currently using 'Default' as default domain name while the default domain id is '637c781d30714a2aa5eefbf437ce738e'. |
|
2016-08-17 21:02:47 |
Emilien Macchi |
puppet-keystone: status |
Incomplete |
New |
|
2016-08-17 21:02:51 |
Emilien Macchi |
puppet-keystone: status |
New |
Triaged |
|