Ansible openstack deploy fails with mysql error
1,219 views
Skip to first unread message
Michael Aldridge
Jul 16, 2013, 12:18:34 PM7/16/13
to ansible...@googlegroups.com
I have been trying to install with the scripts from the webinar a few days ago. Consistently the install fails on the following step:
TASK: [create the external network] *******************************************
fatal: [cloud-controller] => failed to parse: /root/.ansible/tmp/ansible-1373991065.17-51641315664934/quantum_network:120: DeprecationWarning: BaseException.message has been deprecated as of Python 2.6
module.fail_json(msg = "Error authenticating to the keystone: %s" %e.message)
{"msg": "Error authenticating to the keystone: Authorization Failed: Unable to communicate with identity service: {\"error\": {\"message\": \"An unexpected error prevented the server from fulfilling your request. (OperationalError) (1045, \\\"Access denied for user 'keystone'@'localhost' (using password: NO)\\\") None None\", \"code\": 500, \"title\": \"Internal Server Error\"}}. (HTTP 500)", "failed": true}
FATAL: all hosts have already failed -- aborting
PLAY RECAP ********************************************************************
to retry, use: --limit @/var/tmp/ansible/site.retry
cloud-compute : ok=15 changed=3 unreachable=0 failed=0
cloud-controller : ok=48 changed=8 unreachable=1 failed=0
I am running as root on centos 6.4 installed on bare metal. Any ideas?
TASK: [create the external network] *******************************************
fatal: [cloud-controller] => failed to parse: /root/.ansible/tmp/ansible-1373991065.17-51641315664934/quantum_network:120: DeprecationWarning: BaseException.message has been deprecated as of Python 2.6
module.fail_json(msg = "Error authenticating to the keystone: %s" %e.message)
{"msg": "Error authenticating to the keystone: Authorization Failed: Unable to communicate with identity service: {\"error\": {\"message\": \"An unexpected error prevented the server from fulfilling your request. (OperationalError) (1045, \\\"Access denied for user 'keystone'@'localhost' (using password: NO)\\\") None None\", \"code\": 500, \"title\": \"Internal Server Error\"}}. (HTTP 500)", "failed": true}
FATAL: all hosts have already failed -- aborting
PLAY RECAP ********************************************************************
to retry, use: --limit @/var/tmp/ansible/site.retry
cloud-compute : ok=15 changed=3 unreachable=0 failed=0
cloud-controller : ok=48 changed=8 unreachable=1 failed=0
I am running as root on centos 6.4 installed on bare metal. Any ideas?
Darragh O'Reilly
Jul 17, 2013, 6:27:32 AM7/17/13
to ansible...@googlegroups.com
can you do this without getting an exception?
[vagrant@controller ~]$ python
Python 2.6.6 (r266:84292, Feb 22 2013, 00:00:18)
[GCC 4.4.7 20120313 (Red Hat 4.4.7-3)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from keystoneclient.v2_0 import client as ksclient
>>> kc = ksclient.Client(username='admin', password='secret', tenant_name='admin', auth_url='http://127.0.0.1:35357/v2.0/')
>>>
If not, then check /var/log/keystone/keystone.log. Those credientials all the defaults from group_vars/all.
Darragh O'Reilly
Jul 17, 2013, 7:10:39 AM7/17/13
to ansible...@googlegroups.com
sorry, I missed the mysql bit. Check to see if the DB was setup right by running 'mysql' as root:
select user, host from mysql.user;
use keystone;
show tables;
benno joy
Jul 18, 2013, 10:45:52 AM7/18/13
to ansible...@googlegroups.com
Hi Michael,
could you also check if you have the following line in your keystone config.
[signing]token_format = UUIDRegards,Benno
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
kesten broughton
Jul 29, 2013, 5:50:58 PM7/29/13
to ansible...@googlegroups.com
I've hit the same error - same step. I just grabbed the latest 1.3 from git (july 29).
$ cat /etc/keystone/keystone.conf
...
[signing]
token_format = UUID
...
My sql db looks bad though. Duplicates.
mysql> select user, host from mysql.user; use keystone; show tables;
+----------+-----------+
| user | host |
+----------+-----------+
| cinder | % |
| glance | % |
| keystone | % |
| nova | % |
| quantum | % |
| root | 127.0.0.1 |
| | hubertus |
| root | hubertus |
| | localhost |
| cinder | localhost |
| glance | localhost |
| keystone | localhost |
| nova | localhost |
| quantum | localhost |
| root | localhost |
+----------+-----------+
15 rows in set (0.39 sec)
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
+------------------------+
| Tables_in_keystone |
+------------------------+
| credential |
| domain |
| ec2_credential |
| endpoint |
| group |
| group_domain_metadata |
| group_project_metadata |
| migrate_version |
| policy |
| project |
| role |
| service |
| token |
| trust |
| trust_role |
| user |
| user_domain_metadata |
| user_group_membership |
| user_project_metadata |
+------------------------+
19 rows in set (0.03 sec)
mysql>
root:ansible-redhat-openstack$ cat /var/log/keystone/keystone.log
2013-07-29 16:56:41 WARNING [keystone.common.wsgi] Authorization failed. The request you have made requires authentication. from 127.0.0.1
$ cat /etc/keystone/keystone.conf
...
[signing]
token_format = UUID
...
My sql db looks bad though. Duplicates.
mysql> select user, host from mysql.user; use keystone; show tables;
+----------+-----------+
| user | host |
+----------+-----------+
| cinder | % |
| glance | % |
| keystone | % |
| nova | % |
| quantum | % |
| root | 127.0.0.1 |
| | hubertus |
| root | hubertus |
| | localhost |
| cinder | localhost |
| glance | localhost |
| keystone | localhost |
| nova | localhost |
| quantum | localhost |
| root | localhost |
+----------+-----------+
15 rows in set (0.39 sec)
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
+------------------------+
| Tables_in_keystone |
+------------------------+
| credential |
| domain |
| ec2_credential |
| endpoint |
| group |
| group_domain_metadata |
| group_project_metadata |
| migrate_version |
| policy |
| project |
| role |
| service |
| token |
| trust |
| trust_role |
| user |
| user_domain_metadata |
| user_group_membership |
| user_project_metadata |
+------------------------+
19 rows in set (0.03 sec)
mysql>
root:ansible-redhat-openstack$ cat /var/log/keystone/keystone.log
2013-07-29 16:56:41 WARNING [keystone.common.wsgi] Authorization failed. The request you have made requires authentication. from 127.0.0.1
kesten broughton
Jul 29, 2013, 5:54:47 PM7/29/13
to ansible...@googlegroups.com
from keystoneclient.v2_0 import client as ksclient
fails with the same "Error authenticating keystone" for me.>>> kc = ksclient.Client(username='admin', password='secret', tenant_name='admin', auth_url='http://127.0.0.1:35357/v2.0/')
On Tuesday, July 16, 2013 11:18:34 AM UTC-5, Michael Aldridge wrote:
Darragh O'Reilly
Jul 30, 2013, 3:54:59 PM7/30/13
to ansible...@googlegroups.com
Your mysql.user tables looks ok. What does your connection string in /etc/keystone/keystone.conf look like? Here is mine:
[sql]
connection = mysql://keystone:keystone@localhost/keystone
The password was taken from keystone_db_pass in group_vars/all when the template for keystone.conf in keystone.yml was run.
And I can do this ok:
$mysql -u keystone -pkeystone keystone
But without the password I get:
$ mysql -u keystone keystone
ERROR 1045 (28000): Access denied for user 'keystone'@'localhost' (using password: NO)
Which I think is the error you are getting?
kesten broughton
Jul 31, 2013, 5:22:01 PM7/31/13
to ansible...@googlegroups.com
my [sql] connection is the same.
546 root:~$ mysql -u keystone -pkeystone keystone
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 113
Server version: 5.1.69 Source distribution
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> exit
Bye
547 root:~$ mysql -u keystone keystone
ERROR 1045 (28000): Access denied for user 'keystone'@'localhost' (using password: NO)
548 root:~$
<<<<<<<
I should have been more clear - running the ansible openstack playbook was failing for me at exactly the same task
TASK: [create the external network] *******************************************
but with a different error:
<10.0.9.170> ESTABLISH CONNECTION FOR USER: root
<10.0.9.170> EXEC ['ssh', '-tt', '-q', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/tmp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PasswordAuthentication=no', '-o', 'User=root', '-o', 'ConnectTimeout=10', '10.0.9.170', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-1375287449.19-5095015559057 && echo $HOME/.ansible/tmp/ansible-1375287449.19-5095015559057'"]
<10.0.9.170> REMOTE_MODULE quantum_network state=present login_username=admin login_password=secret provider_network_type=local login_tenant_name=admin name=external_network router_external=true
<10.0.9.170> PUT /var/folders/t2/h22337c12hn279xwd4s9fk7s8_088c/T/tmpzgjqhi TO /root/.ansible/tmp/ansible-1375287449.19-5095015559057/quantum_network
<10.0.9.170> EXEC ['ssh', '-tt', '-q', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/tmp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PasswordAuthentication=no', '-o', 'User=root', '-o', 'ConnectTimeout=10', '10.0.9.170', "/bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-1375287449.19-5095015559057/quantum_network; rm -rf /root/.ansible/tmp/ansible-1375287449.19-5095015559057/ >/dev/null 2>&1'"]
failed: [Linux-OpenStack-Admin] => {"failed": true, "item": ""}
msg: Error in listing quantum networks: [Errno 111] Connection refused
I believe it is a problem with the quantum_network module and i'm trying to set up debugging right now so i can investigate further.
The error above could come from any of the following:
kbroughton:cloud$ grep -RH "Error in listing quantum networks" .
./quantum_floating_ip: module.fail_json("Error in listing quantum networks: %s" % e.message)
./quantum_network: module.fail_json(msg = "Error in listing quantum networks: %s" % e.message)
./quantum_router_gateway: module.fail_json("Error in listing quantum networks: %s" % e.message)
./quantum_subnet: module.fail_json("Error in listing quantum networks: %s" % e.message)
--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/dq5Kn047sEY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.
Phuc Nguyen
Apr 15, 2015, 9:18:58 AM4/15/15
to ansible...@googlegroups.com
i have prplem, when i login openstck dashboad , i have errror on keystone.log : WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authentication. from 127.0.0.1 .
Vào 04:50:58 UTC+7 Thứ Ba, ngày 30 tháng 7 năm 2013, kesten broughton đã viết:
can you help me fix error.
Vào 04:50:58 UTC+7 Thứ Ba, ngày 30 tháng 7 năm 2013, kesten broughton đã viết:
Reply all
Reply to author
Forward
0 new messages