keystone_user questions

234 views
Skip to first unread message

Kesten Broughton

unread,
Mar 17, 2014, 2:30:36 PM3/17/14
to ansible...@googlegroups.com
I am able to connect to my openstack private cloud directly using pyrax.
I have ~/.pyrax.cfg and ~/.pyrax.creds to accomplish this.

Now i'm trying to get it working via ansible.  In the docs, it's not clear how the example tenant creation is authenticated.

# Create a tenant 
- keystone_user: tenant=demo tenant_description="Default Tenant" 


From the openstack controller it works

root@node-8:~# keystone --os-token **mytoken** tenant-delete --name lynx-dev3

WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).

+-------------+----------------------------------+

|   Property  |              Value               |

+-------------+----------------------------------+

| description |                                  |

|   enabled   |               True               |

|      id     | 7663d799b78644cc9e15a2c6e4b4160a |

|     name    |            lynx-dev3             |

+-------------+----------------------------------+


But from ansible (using the redhat-openstack-ansible tenant.yml) it fails

   - name: Create Tenant

     keystone_user: token={{ keystone_admin_token }} tenant={{ tenant_name }} 

                    description="{{tenant_description}}" 

     register: tenant

TASK: [Create Tenant] ********************************************************* 

fatal: [node-8] => failed to parse: Traceback (most recent call last):

  File "/root/.ansible/tmp/ansible-tmp-1395080004.53-1005279474045/keystone_user", line 1913, in <module>

    main()

  File "/root/.ansible/tmp/ansible-tmp-1395080004.53-1005279474045/keystone_user", line 320, in main

    keystone = get_keystone_client(module)

  File "/root/.ansible/tmp/ansible-tmp-1395080004.53-1005279474045/keystone_user", line 1558, in get_keystone_client

    keystone = keystoneclient.v2_0.client.Client(**kwargs)

  File "/usr/lib/python2.7/dist-packages/keystoneclient/v2_0/client.py", line 134, in __init__

    self.authenticate()

  File "/usr/lib/python2.7/dist-packages/keystoneclient/client.py", line 205, in authenticate

    token)

  File "/usr/lib/python2.7/dist-packages/keystoneclient/v2_0/client.py", line 180, in get_raw_token_from_identity_service

    "%s" % e)

keystoneclient.exceptions.AuthorizationFailure: Authorization Failed: [Errno 111] Connection refused



FATAL: all hosts have already failed -- aborting


PLAY RECAP ******************************************************************** 

           to retry, use: --limit @/Users/kbroughton/tenant_play.retry


fuel2                      : ok=0    changed=0    unreachable=1    failed=0   

node-8                     : ok=2    changed=0    unreachable=1    failed=0 


Also, i feel that the docs aren't clear on what login_password refers to if we are creating a tenant.  It seems to pair with login_tenant_name but is that the new tenant i am creating (doesn't have a password yet) or the default "admin" tenant that controls all tenant projects?

The tenant field comment also doesn't specify which password

"The token to be uses in case the password is not specified" and there are two "password" type fields.


thanks


kesten

 

Kesten Broughton
512 701 4209

Kesten Broughton

unread,
Mar 17, 2014, 5:36:21 PM3/17/14
to ansible...@googlegroups.com
My apologies, I had previously used the tenant.yml playbook without modification.
On my new openstack cloud, i had to change the endpoint from the default 
http://127.0.0.1:35357/v2.0/

to the value in my openrc

I also switched from token to login_user and login_password authentication for the admin user of the admin tenant.

I then see the following error:

TASK: [Create Tenant] ********************************************************* 

failed: [node-8] => {"failed": true, "item": ""}

msg: Current authorization does not have a known management url

FATAL: all hosts have already failed -- aborting


-----------------------------
I then tried using the service endpoint instead of auth_url also defined in openrc

SERVICE_ENDPOINT "http://10.x.y.z:5000/v2.0/"

TASK: [Create Tenant] ********************************************************* 

failed: [node-8] => {"failed": true, "item": ""}

msg: Unable to communicate with identity service: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Not Authorized"}}.

FATAL: all hosts have already failed -- aborting

Switching back to token authorization but now with either endpoint i see

keystoneclient.exceptions.Unauthorized: Unable to communicate with identity service: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Not Authorized"}}. (HTTP 401)

Any ideas what i'm missing?
Reply all
Reply to author
Forward
0 new messages