In order to troubleshoot why the charm was not discovering Octavia, I added some print() to the charm:
diff --git a/lib/charms/layer/openstack.py b/lib/charms/layer/openstack.py
index 4752426..e0a267c 100644
--- a/lib/charms/layer/openstack.py
+++ b/lib/charms/layer/openstack.py
@@ -67,6 +67,7 @@ def get_credentials():
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
_creds_data = yaml.safe_load(result.stdout.decode('utf8'))
+ print(_creds_data)
_merge_if_set(creds_data, _normalize_creds(_creds_data))
except FileNotFoundError:
pass # juju trust not available
@@ -92,6 +93,7 @@ def get_credentials():
status.blocked(str(e))
return False
+ print(creds_data)
if all(creds_data[k] for k in required_fields):
_save_creds(creds_data)
return True
We can then see in the debug-log that the charm is stripping all new lines and spaces:
unit-openstack-integrator-0: 08:09:59 DEBUG unit.openstack-integrator/0.upgrade-charm {'type': 'openstack', 'name': 'openstack_cloud', 'region': 'Area51', 'endpoint': 'https
://keystone.customer:5000/v3', 'identityendpoint': '', 'storageendpoint': '', 'credential': {'authtype': 'userpass', 'attributes': {'domain-name': '
', 'password': 'Meh', 'project-domain-name': 'admin_domain', 'tenant-name': 'admin', 'user-domain-name': 'admin_domain', 'username': 'admin'}, 'redacted': []},
'cacertificates': ['-----BEGIN CERTIFICATE-----\nMIIDITCCAgmgAwIBAgIUeQxHSsZt6auk1oW+SRFXC4T6nNcwDQYJKoZIhvcNAQEL\nBQAwIDELMAkGA1UEBhMCVUsxETAPBgNVBAoMCElubWFyc2F0MB4XDTE5MT
EwNDE1\nMTQzOFoXDTI5MTEwMTE1MTQzOFowIDELMAkGA1UEBhMCVUsxETAPBgNVBAoMCElu\nbWFyc2F0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA09qCmv8jF+N1\ndl/ae3VQV95FG7WFrjS6fbZ1TpXkO9VsP
KhA9lRUBxs58noKIkMIUeXYy4wvSu28\nX67NqB2bv3iyns/mEzPYE1GxtFXIPhkKO22vqVLZ0CFAuV47AhqDOXtyqwwfxoBT\nKxMi430UCb+3cPaev/mZMlvf6iJfdihyPfMEwtIanS/QKgEvykhP1kAZ36ActFmK\nWnJtjBBF
UKQIBQzguMTqUXX7wvwRegK8lgXiZ6iZiOza0C7hSdBVylcKeaqoLnP5\nW93m3YZTXc08A30PieTJQFD6Bm+41Kv2FxQAXjRnCzvIJL44zJXjLmnUdZbSzdl8\nPpu3wJu9cQIDAQABo1MwUTAdBgNVHQ4EFgQUwQsYIyqud2WQk
AlcDwIuu7nAvnYw\nHwYDVR0jBBgwFoAUwQsYIyqud2WQkAlcDwIuu7nAvnYwDwYDVR0TAQH/BAUwAwEB\n/zANBgkqhkiG9w0BAQsFAAOCAQEAn5oQYeyaxcqOjzUxbkEy4pOJMg/nTKkt+8yh\nFSqUv1Vc3HGg65uGq08eJDq9
AP7PrfvSQJWQpFBS80bNN8idCmhMutpA8X6+Z0wv\n0p5dzQFAUdSLLN0so4iXKtPk5wp0r84W0xbqWPRWRSw+lCe1WrMK+ARDpPv+AxOW\nf7JFQkqzEsWu6RCjy0KobOy7PPq17wXEhXynNcMAXjQe9DkTBb34K6PYku1Ftxfr\
n3IRWaSrDB9BJTje6/tmz7IcO8ss+Y3gUZeaqTLdZz8RJUlJqNqfdTQif2hKLYjro\nBwZYRQo8TkDmSlz00LwQSo1xLX27nGHB621pgNCZbJMKvZOrQg==\n-----END CERTIFICATE-----\n']}
unit-openstack-integrator-0: 08:09:59 DEBUG unit.openstack-integrator/0.upgrade-charm {'auth_url': 'https://keystone.customer:5000/v3', 'region': 'A
rea51', 'username': 'admin', 'password': 'Meh', 'user_domain_name': 'admin_domain', 'project_domain_name': 'admin_domain', 'project_name': 'admin', 'endpoint_tl
s_ca': 'BEGINCERTIFICATEMIIDITCCAgmgAwIBAgIUeQxHSsZt6auk1oW+SRFXC4T6nNcwDQYJKoZIhvcNAQELBQAwIDELMAkGA1UEBhMCVUsxETAPBgNVBAoMCElubWFyc2F0MB4XDTE5MTEwNDE1MTQzOFoXDTI5MTEwMTE1M
TQzOFowIDELMAkGA1UEBhMCVUsxETAPBgNVBAoMCElubWFyc2F0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA09qCmv8jF+N1dl/ae3VQV95FG7WFrjS6fbZ1TpXkO9VsPKhA9lRUBxs58noKIkMIUeXYy4wvSu28X6
7NqB2bv3iyns/mEzPYE1GxtFXIPhkKO22vqVLZ0CFAuV47AhqDOXtyqwwfxoBTKxMi430UCb+3cPaev/mZMlvf6iJfdihyPfMEwtIanS/QKgEvykhP1kAZ36ActFmKWnJtjBBFUKQIBQzguMTqUXX7wvwRegK8lgXiZ6iZiOza0C7
hSdBVylcKeaqoLnP5W93m3YZTXc08A30PieTJQFD6Bm+41Kv2FxQAXjRnCzvIJL44zJXjLmnUdZbSzdl8Ppu3wJu9cQIDAQABo1MwUTAdBgNVHQ4EFgQUwQsYIyqud2WQkAlcDwIuu7nAvnYwHwYDVR0jBBgwFoAUwQsYIyqud2WQ
kAlcDwIuu7nAvnYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAn5oQYeyaxcqOjzUxbkEy4pOJMg/nTKkt+8yhFSqUv1Vc3HGg65uGq08eJDq9AP7PrfvSQJWQpFBS80bNN8idCmhMutpA8X6+Z0wv0p5dzQFAU
dSLLN0so4iXKtPk5wp0r84W0xbqWPRWRSw+lCe1WrMK+ARDpPv+AxOWf7JFQkqzEsWu6RCjy0KobOy7PPq17wXEhXynNcMAXjQe9DkTBb34K6PYku1Ftxfr3IRWaSrDB9BJTje6/tmz7IcO8ss+Y3gUZeaqTLdZz8RJUlJqNqfdTQ
if2hKLYjroBwZYRQo8TkDmSlz00LwQSo1xLX27nGHB621pgNCZbJMKvZOrQg==', 'version': '3'}
We can see, in the unit that this malformed certificate is written to disk:
ubuntu@juju-2f1f32-kubernetes-15:~$ cat /etc/openstack-integrator/ca.crt
BEGINCERTIFICATEMIIDITCCAgmgAwIBAgIUeQxHSsZt6auk1oW+SRFXC4T6nNcwDQYJKoZIhvcNAQELBQAwIDELMAkGA1UEBhMCVUsxETAPBgNVBAoMCElubWFyc2F0MB4XDTE5MTEwNDE1MTQzOFoXDTI5MTEwMTE1MTQzOFowIDELMAkGA1UEBhMCVUsxETAPBgNVBAoMCElubWFyc2F0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA09qCmv8jF+N1dl/ae3VQV95FG7WFrjS6fbZ1TpXkO9VsPKhA9lRUBxs58noKIkMIUeXYy4wvSu28X67NqB2bv3iyns/mEzPYE1GxtFXIPhkKO22vqVLZ0CFAuV47AhqDOXtyqwwfxoBTKxMi430UCb+3cPaev/mZMlvf6iJfdihyPfMEwtIanS/QKgEvykhP1kAZ36ActFmKWnJtjBBFUKQIBQzguMTqUXX7wvwRegK8lgXiZ6iZiOza0C7hSdBVylcKeaqoLnP5W93m3YZTXc08A30PieTJQFD6Bm+41Kv2FxQAXjRnCzvIJL44zJXjLmnUdZbSzdl8Ppu3wJu9cQIDAQABo1MwUTAdBgNVHQ4EFgQUwQsYIyqud2WQkAlcDwIuu7nAvnYwHwYDVR0jBBgwFoAUwQsYIyqud2WQkAlcDwIuu7nAvnYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAn5oQYeyaxcqOjzUxbkEy4pOJMg/nTKkt+8yhFSqUv1Vc3HGg65uGq08eJDq9AP7PrfvSQJWQpFBS80bNN8idCmhMutpA8X6+Z0wv0p5dzQFAUdSLLN0so4iXKtPk5wp0r84W0xbqWPRWRSw+lCe1WrMK+ARDpPv+AxOWf7JFQkqzEsWu6RCjy0KobOy7PPq17wXEhXynNcMAXjQe9DkTBb34K6PYku1Ftxfr3IRWaSrDB9BJTje6/tmz7IcO8ss+Y3gUZeaqTLdZz8RJUlJqNqfdTQif2hKLYjroBwZYRQo8TkDmSlz00LwQSo1xLX27nGHB621pgNCZbJMKvZOrQg==
We can also see, in the openstack-cloud-controller-manager logs that the certificate is not OK:
kubectl logs openstack-cloud-controller-manager-bbtsb -n kube-system
...
F1118 08:14:50.385121 1 controllermanager.go:121] Cloud provider could not be initialized: could not init cloud provider "openstack": error reading /etc/config/endpoint-ca.cert: data does not contain any valid RSA or ECDSA certificates
The issue seems to be that without checking if the certificate that we receive is really base64 encoded, we try to decode it: https:/ /github. com/juju- solutions/ charm-openstack -integrator/ blob/master/ lib/charms/ layer/openstack .py#L208- L211
Trying that in a python interpreter: /pastebin. ubuntu. com/p/gkv3ZYVSG 5/
https:/
We can see that we lost all spaces and new lines and that the last output is not even a base64 encoded file...