feature: Juju should be able to add OpenStack cloud without typing all information already in openrc.sh

Bug #1722580 reported by Nobuto Murata on 2017-10-10
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
juju
High
Unassigned

Bug Description

> At this moment, Juju can import clouds.yaml and credentials.yaml separately as follows:
>
> $ juju add-cloud <cloud-name> -f clouds.yaml
>
> $ juju add-credential <cloud-name> -f credentials.yaml
>
> Juju should be able to import those 2 info with one command using just one concatenated file or tar ball containing those 2 files. So that OpenStack dashboard can offer a button "Download Juju Environment File" for Juju 2 as previously worked for Juju 1.x environments.yaml.

I originally thought the above was how to solve my issue. However, I realized that we could solve the issue in a more generic way since the above would be only effective to Ubuntu-package based OpenStack dashboard deployment.

As Juju is a universal modeling tool, it should not be tied with an Ubuntu-specific patch. Instead, we could leverage openrc.sh[1] which is offered by the most of OpenStack deployments as the defacto API credential file.

We already uses it in `juju autoload-credentials`, so if we could do a similar thing to `juju add-cloud`(juju autoload-clouds?), that would work for any OpenStack, not only for Ubuntu OpenStack since openrc.sh has all information necessary for `add-cloud` including endpoint and region.

[1] https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/project/api_access/templates/api_access/openrc.sh.template

Ian Booth (wallyworld) wrote :

I think a good approach here is to have the add-cloud command be extended to look for an optional credentials stanza in the clouds.yaml file and import any credentials whose cloud matches the cloud that was added.

Changed in juju:
milestone: none → 2.3.0
importance: Undecided → High
status: New → Triaged
tags: added: papercut usability
Tim Penhey (thumper) on 2017-11-07
Changed in juju:
milestone: 2.3.0 → 2.3-rc1
Changed in juju:
assignee: nobody → Heather Lanigan (hmlanigan)
Nobuto Murata (nobuto) wrote :

> Juju should be able to import those 2 info with one command using just one concatenated file or tar ball containing those 2 files. So that OpenStack dashboard can offer a button "Download Juju Environment File" for Juju 2 as previously worked for Juju 1.x environments.yaml.

I originally thought the above was how to solve my issue. However, I realized that we could solve the issue in a more generic way since the above would be only effective to Ubuntu-package based OpenStack dashboard deployment.

As Juju is a universal modeling tool, it should not be tied with an Ubuntu-specific patch. Instead, we could leverage openrc.sh[1] which is offered by the most of OpenStack deployments as the defacto API credential file.

We already uses it in `juju autoload-credentials`, so if we could do a similar thing to `juju add-cloud`(juju autoload-clouds?), that would work for any OpenStack, not only for Ubuntu OpenStack since openrc.sh has all information necessary for `add-cloud` including endpoint and region.

[1] https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/project/api_access/templates/api_access/openrc.sh.template

summary: - feature: Juju should define and be able to import concatenated format of
- clouds.yaml and credentials.yaml
+ feature: Juju should be able to add OpenStack cloud without typing all
+ information already in openrc.sh
description: updated
Ian Booth (wallyworld) wrote :

We need to consider the best approach here. Moving to 2.3.1 milestone as any fix won't make the 2.3.0 release.

Changed in juju:
milestone: 2.3-rc1 → 2.3.1
assignee: Heather Lanigan (hmlanigan) → nobody
Changed in juju:
milestone: 2.3.1 → none
Tim Penhey (thumper) on 2017-12-10
Changed in juju:
milestone: none → 2.3.2
Andrew Wilkins (axwalk) wrote :

Nobuto, one thing you can already do is:

 - source the rc file
 - juju bootstrap openstack

(i.e. you don't need to have a cloud definition, Juju will use the environment variables if you use "openstack" as the cloud name.)

Does that satisfy your requirements?

John A Meinel (jameinel) on 2018-01-16
Changed in juju:
milestone: 2.3.2 → 2.3.3
Nobuto Murata (nobuto) wrote :
Download full text (4.2 KiB)

@Andrew,

Thanks for the input, I have tried that, but looks like some bits are missing. I can use the same credential to get authenticated, but not with juju bootstrap.

## sourced env

$ env | grep OS_
OS_PROJECT_ID=f2b17b339ce0482c9d01b6250005db53
OS_REGION_NAME=MY_Cloud
OS_USER_DOMAIN_NAME=admin_domain
OS_PROJECT_NAME=admin
OS_IDENTITY_API_VERSION=3
OS_PASSWORD=PASSWORD
OS_AUTH_URL=http://172.20.5.49:5000/v3
OS_USERNAME=admin
OS_INTERFACE=public

## verify the credentail

$ openstack token issue
+------------+----------------------------------+
| Field | Value |
+------------+----------------------------------+
| expires | 2018-01-25T15:53:35.000000Z |
| id | efa5f03c94a840629633702f2c426c9c |
| project_id | f2b17b339ce0482c9d01b6250005db53 |
| user_id | fa594f790d6142f38ac854c05251e268 |
+------------+----------------------------------+

## bootstrap

$ juju bootstrap openstack --debug
14:53:46 INFO juju.cmd supercommand.go:56 running juju [2.3.2 gc go1.8]
14:53:46 DEBUG juju.cmd supercommand.go:57 args: []string{"juju", "bootstrap", "openstack", "--debug"}
14:53:46 INFO cmd bootstrap.go:739 cloud "openstack" not found, trying as a provider name
14:53:46 INFO cmd cloudcredential.go:51 no credentials found, checking environment
14:53:46 DEBUG juju.cmd.juju.commands bootstrap.go:829 authenticating with region "MY_Cloud" and credential "admin" ()
14:53:46 DEBUG juju.cmd.juju.commands bootstrap.go:954 provider attrs: map[external-network: use-floating-ip:false use-default-secgroup:false network:]
14:53:46 INFO cmd authkeys.go:114 Adding contents of "/home/ubuntu/.local/share/juju/ssh/juju_id_rsa.pub" to authorized-keys
14:53:46 DEBUG juju.cmd.juju.commands bootstrap.go:1010 preparing controller with config: map[provisioner-harvest-mode:destroyed apt-http-proxy: firewall-mode:instance ssl-hostname-verification:true use-default-secgroup:false agent-stream:released enable-os-upgrade:true network: authorized-keys:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8ZZy6BE44yl3DyXOvmqoY2QYWCYxiVR6bkqK1H9Sf0xMx5P25J2vU7dv4J4yoxh8CYNfTI7SdMSHteAQtIlLOK2DP0kY3ssokFc0drs8L/FwL3tvPXnA3qo/YYNQOSbcRkPL8XBlTH9YEKnfkA+pZyluPcPjVorjDkBSe9/Yx8Zhdbex47vYjKMSQxDpJ0bEKdj8aLq3eX4tPA7GnPH8LZMoiBc4+lLq7Ibrq6ZdKjkMH0V7I49l/2Dj4JYHp1WZ7uNmhQLjHL2KDCJNo+jYg87tnI4qP9wAvx/L0W159l8f/Hfk8sqQ7CUVvylb3sWQdbHJ4YBCVfm/5KNbuiu+T juju-client-key
 resource-tags: max-status-history-age:336h disable-network-management:false image-metadata-url: ftp-proxy: no-proxy:127.0.0.1,localhost,::1 uuid:f160ec8d-a427-4692-82e8-c37272b10b94 type:openstack name:controller max-status-history-size:5G ignore-machine-addresses:false apt-https-proxy: logging-config: use-floating-ip:false logforward-enabled:false apt-mirror: external-network: development:false egress-subnets: http-proxy: update-status-hook-interval:5m proxy-ssh:false enable-os-refresh-update:true https-proxy: max-action-results-age:336h cloudinit-userdata: max-action-results-size:5G net-bond-reconfigure-delay:17 agent-metadata-url: image-stream:released fan-config: apt-no-proxy: automatically-retry-hooks:true apt-ftp-proxy: test-mode:false container-networking-method: default-series:xeni...

Read more...

Nobuto Murata (nobuto) wrote :

Hmm, looks like this one still https://bugs.launchpad.net/juju/+bug/1722551 I'm using 2.3.2-xenial-amd64, but affected.

Changed in juju:
milestone: 2.3.3 → none
Tim Penhey (thumper) on 2018-02-15
Changed in juju:
milestone: none → 2.3.4
Changed in juju:
milestone: 2.3.4 → 2.3.5
Changed in juju:
milestone: 2.3.5 → 2.3.6
Changed in juju:
milestone: 2.3.6 → 2.3.7
Changed in juju:
milestone: 2.3.7 → 2.3.8
Changed in juju:
milestone: 2.3.8 → 2.3.9
Heather Lanigan (hmlanigan) wrote :

This request is partially addressed by https://github.com/juju/juju/pull/9015

OS_AUTH_URL=https://xx.xx.xx.xx:5000/v3
OS_CACERT=/home/user/client.crt

$ juju add-cloud
Cloud Types
  lxd
  maas
  manual
  oci
  openstack
  oracle
  vsphere

Select cloud type: openstack

Enter a name for your openstack cloud: openstack

Enter the API endpoint url for the cloud [https://xx.xx.xx.xx:5000/v3]:

Enter the filename of the CA certificate to access OpenStack cloud (optional) [/home/user/client.crt]:

Changed in juju:
milestone: 2.3.9 → none
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers