Output from credential-get missing project-name

Bug #1911816 reported by Garrett Neugent
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Canonical Juju
Openstack Integrator Charm

Bug Description

When first deploying on openstack, I followed this page [1] and ran the following command:

juju deploy charmed-kubernetes --overlay ~/openstack-overlay.yaml --trust


The yaml file was curl'd (and not modified) from the link provided on [1]. After some time, I noticed that the openstack-integrator unit was blocked (from juju status):

openstack-integrator/0* blocked idle 10 REDACTED missing required credential: project_name

After viewing the current credentials:

$ juju run -u openstack-integrator/0 'credential-get'
type: openstack
name: serverstack
region: serverstack
endpoint: http://REDACTED:5000/v3
identityendpoint: ""
storageendpoint: ""
  authtype: userpass
    password: REDACTED
    project-domain-name: user
    user-domain-name: user
    username: REDACTED
    version: "3"
  redacted: []
cacertificates: []
skiptlsverify: false

I noticed that `auth_url` and `project_name` were not present. To fix it, I added the minimum requirements to to a file with:

$ cat credentials
$ juju config openstack-integrator credentials="$(base64 ~/credentials)"

After this, the unit picked up the credentials and continued deployment successfully.

[1] https://ubuntu.com/kubernetes/docs/install-manual

Revision history for this message
George Kraft (cynerva) wrote :

It looks like it's the project-name, specifically, that's missing from your credential-get output. The charm checks for either project-name or tenant-name[1] but neither is present.

The missing auth-url should be fine. The charm also checks for endpoint[2] and should use that if present.

[1]: https://github.com/juju-solutions/charm-openstack-integrator/blob/106fe0fa69bc75467e5c86f875c6568c7bac96cb/lib/charms/layer/openstack.py#L245
[2]: https://github.com/juju-solutions/charm-openstack-integrator/blob/106fe0fa69bc75467e5c86f875c6568c7bac96cb/lib/charms/layer/openstack.py#L201

Revision history for this message
Cory Johns (johnsca) wrote :

For reference, `auth_url` comes from the `endpoint` field when using `juju trust`. Because of the variety of sources and formats that the auth info can come from, and the need to standardize it when it's sent over the relation to CK, there's a _normalize_creds function [1] that standardizes the credentials structure, and then get_credentials combines [2] the values from the different sources in a particular order (individual config fields override the combined credentials config field which overrides `juju trust`).

[1]: https://github.com/juju-solutions/charm-openstack-integrator/blob/master/lib/charms/layer/openstack.py#L199-L248

[2]: https://github.com/juju-solutions/charm-openstack-integrator/blob/master/lib/charms/layer/openstack.py#L63-L106

Revision history for this message
Cory Johns (johnsca) wrote :

From discussion on Mattermost, it seems that the project-name is in the Juju client's local credentials.yaml file, so I'm not sure how it is not getting passed through, but it's definitely a required field.

summary: - required credentials were not imported at inital deployment
+ Output from credential-get missing project-name
Changed in charm-openstack-integrator:
status: New → Invalid
Revision history for this message
Garrett Neugent (thogarre) wrote :

here's my (redacted) credentials file and current juju version:

ubuntu@thogarre-bastion-2:$ cat ~/.local/share/juju/credentials.yaml
      auth-type: userpass
      password: REDACTED
      project-domain-name: user
      project-name: thogarre
      user-domain-name: user
      username: thogarre
      version: "3"
ubuntu@thogarre-bastion-2:~/.kube$ juju --version

John A Meinel (jameinel)
Changed in juju:
status: New → Triaged
importance: Undecided → High
tags: added: credentials openstack-provider
Revision history for this message
Amanda Hager Lopes de Andrade Katz (amandahla) wrote :

Thanks for sharing the solution. The same thing happened to me.

juju --version

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.