v3 domains not properly addressed
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
puppet-keystone |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Hi,
when trying to deploy keystone (from examples/
class { '::keystone:
email => '<email address hidden>',
password => 'a_big_secret',
admin => 'admin', # username
admin_tenant => 'admin', # project name
admin_user_domain => 'admin', # domain for user
admin_
}
following problems are seen:
'admin_
Error: Invalid parameter: 'admin_
But when changing to correct 'admin_
Debug: Executing: '/bin/openstack project show --format shell admin --domain Default'
Error: /Stage[
From openstack cli commands called it looks that @admin_user_domain or @admin_
Debug: Executing: '/bin/openstack domain list --quiet --format csv'
Debug: Executing: '/bin/openstack domain create --format shell admin --enable'
Debug: Prefetching openstack resources for keystone_tenant
Debug: Executing: '/bin/openstack project list --quiet --format csv --long'
Debug: Executing: '/bin/openstack project create --format shell services --enable --description Tenant for the openstack services --domain Default'
Debug: Executing: '/bin/openstack project create --format shell admin --enable --description admin tenant --domain admin'
Debug: Prefetching openstack resources for keystone_role
Debug: Executing: '/bin/openstack role list --quiet --format csv'
Debug: Executing: '/bin/openstack role create --format shell admin'
Debug: Prefetching openstack resources for keystone_user
Debug: Executing: '/bin/openstack user list --quiet --format csv --long'
Debug: Executing: '/bin/openstack user create --format shell admin --enable --password a_big_secret --email <email address hidden> --domain admin'
Debug: Executing: '/bin/openstack project show --format shell admin --domain Default'
Error: /Stage[
If I am using "Default" domains, it works just fine ....
Eventually deployment will fail anyway, as visible from second run log:
During endpoint creation service list is called with --long argument, which is not supported in V3 openstack api.
Error: Failed to apply catalog: Execution of '/bin/openstack service list --quiet --format csv --long' returned 2: usage: openstack service list [-h] [-f {csv,table}] [-c COLUMN]
openstack service list: error: unrecognized arguments: --long
description: | updated |
Changed in puppet-keystone: | |
status: | New → Invalid |
While it is not a fix for the underlying problem with the invocation of keystone_user_role in keystone: :role:: admin, you can work around it like so:
class { '::keystone: :roles: :admin' : user_domain => 'admin', # domain for user project_ domain => 'admin', # domain for project project_ domain => 'Default', user_role => false,
email => '<email address hidden>',
password => 'a_big_secret',
admin => 'admin', # username
admin_tenant => 'openstack', # project name
admin_
admin_
service_
configure_
}
keystone_user_role { "admin: :admin@ openstack: :admin" :
ensure => present,
roles => ['admin'],
}