After deploying OpenStack using OSA 20.0.0 on Ubuntu 18.04 with
https://review.opendev.org/#/c/700749/
cherry picked. And applied workarounds for:
https://bugs.launchpad.net/openstack-ansible/+bug/1858687
https://bugs.launchpad.net/openstack-ansible/+bug/1858685
During the creation of a cluster the following error is logged:
Jan 07 17:52:00 controller0-magnum-container-7ed1f22f magnum-conductor[2802]: 2020-01-07 17:52:00.572 2802 ERROR magnum.drivers.heat.driver [req-6826c5e4-b705-494d-a510-6c6276888b65 - - - - -] Nodegroup error, stack status: CREATE_FAILED, stack_id: 14b0d77e-3e30-4d05-821e-5694e0661e5d, reason: Resource CREATE failed: AuthorizationFailure: resources.kube_masters.resources[0].resources.kube-master: Authorization failed.
in addition the following warnings are logged, but I have no idea if they relate to the problem:
Jan 07 17:52:00 controller0-magnum-container-7ed1f22f magnum-conductor[2802]: 2020-01-07 17:52:00.527 2802 WARNING magnum.drivers.heat.template_def [req-6826c5e4-b705-494d-a510-6c6276888b65 - - - - -] stack does not have output_key api_address
Jan 07 17:52:00 controller0-magnum-container-7ed1f22f magnum-conductor[2802]: 2020-01-07 17:52:00.528 2802 WARNING magnum.drivers.heat.template_def [req-6826c5e4-b705-494d-a510-6c6276888b65 - - - - -] stack does not have output_key kube_minions
Jan 07 17:52:00 controller0-magnum-container-7ed1f22f magnum-conductor[2802]: 2020-01-07 17:52:00.553 2802 WARNING magnum.drivers.heat.template_def [req-6826c5e4-b705-494d-a510-6c6276888b65 - - - - -] stack does not have output_key api_address
Jan 07 17:52:00 controller0-magnum-container-7ed1f22f magnum-conductor[2802]: 2020-01-07 17:52:00.555 2802 WARNING magnum.drivers.heat.template_def [req-6826c5e4-b705-494d-a510-6c6276888b65 - - - - -] stack does not have output_key kube_minions
I also had the same issue. Had to assign roles manually to different users.
openstack role add --project service --user magnum admin domain_ admin admin
openstack role add --project service --user heat admin
openstack role add --domain heat --user trustee_
openstack role add --domain heat --user heat_domain_admin admin
I gave admin roles to different users to fix this.