Canonical Juju

juju bootstrap returns authentication failed on openstack while py client works fine

Bug #1786909 reported by Pedro Guimarães on 2018-08-14

This bug report is a duplicate of: Bug #1772649: autoload-credentials not importing domain properly. Edit Remove

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Canonical Juju	Incomplete	Undecided	Unassigned

Bug Description

Environment:
Juju version: 2.4.2 (from Snap stable channel)
OpenStack version: bionic-queens

Getting authentication failed during Juju bootstrap over OpenStack. However, python-openstackclient works fine with same set of credentials.

This cloud has a custom CA certificate. The CA was added to: /etc/ssl/certs/ca-certificates.crt

Credentials were set using interactive juju add-credential mode.
Bootstrap returns:
pguimaraes@mymachine:~$ juju bootstrap mycloud
ERROR authentication failed.

Please ensure the credentials are correct. A common mistake is
to specify the wrong tenant. Use the OpenStack "project" name
for tenant-name in your model configuration.

Same bootstrap scenario was tried on Juju version 2.5-beta1 (compiled from GitHub repo)
This newer version allows to define CA certificate path during juju add-cloud process.
Certificate was added and confirmed using juju show-cloud.

Still, juju bootstrap returns:

pguimaraes@mymachine:~$ ./juju bootstrap mycloud
ERROR authentication failed.

Please ensure the credentials are correct. A common mistake is
to specify the wrong tenant. Use the OpenStack "project" name
for tenant-name in your model configuration.

Tags:

Alexander Litvinov (alitvinov) on 2018-08-14

tags:

added: cpe-onsite

Revision history for this message

Richard Harding (rharding) wrote on 2018-08-14:

Can you please attempt the bootstrap with the --debug flag enabled for more output and can you attempt to also use the autoload-credentials with your .novarc sourced and see if the autoload pulls the exact same values as the manual add-credential steps did in case of typo or other mis-format?

Changed in juju:
status:	New → Incomplete

Heather Lanigan (hmlanigan) on 2018-08-14

tags:

added: openstack-provider

Revision history for this message

Pedro Guimarães (pguimaraes) wrote on 2018-08-14:

Following instructions on:
https://bugs.launchpad.net/juju/+bug/1772649

I rolled back my snap package to 2.3/stable (which is version 2.3.8)
Than, executed juju autoload-credential and manually added the following field to ~/.local/share/juju/credentials.yaml:
project-domain-name: "PROJECT DOMAIN NAME"

With this update, Im still getting another error but it seems that keystone authentication is working now. Here is a complete log with --debug flag set:
https://pastebin.canonical.com/p/TbHXHjQn77/

Same fix worked with Juju version 2.4.1.

However, if I define domain-name, I get authentication failed errors, although this domain is defined correctly on OpenStack: https://pastebin.canonical.com/p/kGzQNK69ZM/

So, the right solution was to leave "domain-name" field empty while setting up "user-project-domain-name" and "project-domain-name" accordingly.

On my novarc file, however, I have "OS_PROJECT_ID" and "OS_PROJECT_DOMAIN_ID" defined, which are not accepted fields on credentials.yaml; and neither "OS_DOMAIN_NAME" nor "OS_PROJECT_DOMAIN_NAME" are defined.

Revision history for this message

Richard Harding (rharding) wrote on 2018-08-14:

If this unblocks you please mark this bug a dupe of the https://bugs.launchpad.net/juju/+bug/1772649 and we'll work to get that addressed.

Revision history for this message

Heather Lanigan (hmlanigan) wrote on 2018-08-14:

bootstrap, per https://pastebin.canonical.com/p/TbHXHjQn77/, is failing because images have not been setup for juju to use:

DEBUG juju.cmd.juju.commands bootstrap.go:529 (error details: [{github.com/juju/juju/cmd/juju/commands/bootstrap.go:620: failed to bootstrap model} {github.com/juju/juju/environs/bootstrap/bootstrap.go:241: } {github.com/juju/juju/environs/bootstrap/bootstrap.go:626: no image metadata found}])

Revision history for this message

Heather Lanigan (hmlanigan) wrote on 2018-08-20:

marking as a dup of 1772649

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1772649 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.