openstack catalog list is not working because running source openrc does not get the credentials
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Bundles |
Triaged
|
Medium
|
Unassigned | ||
Bug Description
The current charm version of openstack-base have a problem trying to get the credentials from keystone issuing the command source openrc.
Line 9 of the file openrc is supposed to copy the ca.crt generated with vault to /tmp/root-ca.crt
# juju run $_juju_model_arg --unit vault/leader 'leader-get root-ca' > /tmp/root-ca.crt 2>/dev/null
Instead, /tmp/root-ca.crt is generated as empty which tries to get the credentials out of keystone using http. This new charm use vault which seems to enable https by default while talking to keysstone.
I also noticed that vault doesn't generate the ca.crt with this new charm and it needs to be generated manually with the following command after unsealing vault:
juju run-action --wait vault/leader generate-root-ca
To go around this, I commented line 9 on the openrc file, printed only the certificate authority or:
juju run --unit vault/leader 'leader-get root-ca'
And copied it to /tmp/root-ca.crt
Having Line 9 commented (to make sure that it doesn't delete the content of root-ca.crt), source openrc works and users can continue going through the charm's readme by looking that the following command:
openstack catalog list
Print the list of services
| tags: | added: focal ussuri |
| Alireza Nasri (sysnasri) wrote | #1 |
| Changed in openstack-bundles: | |
| status: | New → Triaged |
| importance: | Undecided → Medium |
| Siddhit Renake (siddhit) wrote | #2 |
I have the exact problem but when I run juju run --unit vault/leader 'leader-get root-ca'
it does not show any output.