[SOLVED] Use Juju on top of OpenStack to deploy apps

riccardo-magrini · 17 April 2019 13:56

I’d like to create a new cloud in JUJU for OPENSTACK and use that to deploy the Apps on my Instances. In my lab, MAAS, JUJU and OPENSTACK are correctly installed and the instancse works fine.
I’ve followed this guide but at the end during the bootstrap I receive this error:

ERROR authentication failed.: authentication failed

IP plan:

Network: 10.20.81.0/24
Maas: 10.20.81.1
Juju: 10.20.81.2
Openstack: 10.20.81.21-24
External Gateway: 10.20.81.254
Private Network: 10.1.0.0/24
Instance: 10.1.0.12 - 10.20.81.220 (floating IP)
Private Gateway: 10.1.0.1
Private DHCP service: 10.1.0.10

Network topology:

                          +-------------+
                              Firewall
                            10.20.81.254
                          +-------------+
                                 | 
+-------------------------------------------------------------+
                              Switch 
      vlan81              vlan81                  vlan81
+-------------------------------------------------------------+
        |                   |                   || | | |
+--------------+     +-------------+       +------------------+
|Maas+Juju           |Juju Gui|            |Openstack
|10.20.81.1          |10.20.81.2           |10.20.81.21-24
+--------------+     +-------------+       +------------------+
                                                     |
                                +----------------------------------------+
                                Private Subnet-1           Public Subnet-2
                                 10.1.0.0/24                10.20.81.0/24
                                 +---+----+--+              +---+------+
                                 |   |        +----+            |
                                 |   |     .1 |    |.221        |
                                 |   +--------+ VR +------------+
                                 |            |    |
                                 +--+-+       +----+
                                 |    |
                                 |VM |
                                 |.12 |
                                 |    |
                                 +----+

these commands have being launched on MAAS server, where I’ve installed juju,

   $:juju add-cloud
    Cloud Types
      lxd
      maas
      manual
      openstack
      vsphere

Select cloud type: openstack
    Enter a name for your openstack cloud: openstack-cloud
    Enter the API endpoint url for the cloud []: http://10.20.81.22:5000/v3
    Enter a path to the CA certificate for your cloud if one is required to access it. (optional) [none]: 
    Auth Types
    access-key
    userpass
    Select one or more auth types separated by commas: userpass
    Enter region name: RegionOne
    Enter the API endpoint url for the region [use cloud api url]: 
    Enter another region? (y/N): n
    Cloud "openstack-cloud" successfully added
    You will need to add credentials for this cloud (`juju add-credential openstack-cloud`)
before creating a controller (`juju bootstrap openstack-cloud`).

then

   $:juju add-credential openstack-cloud
    Enter credential name: richardsith
        Using auth-type "userpass".
        Enter username: admin
        Enter password: 
        Enter tenant-name (optional): 
       Enter tenant-id (optional): 
       Enter version (optional): 
       Enter domain-name (optional): 
       Enter project-domain-name (optional): 
       Enter user-domain-name (optional): 
       Credential "admin" added locally for cloud "openstack-cloud".

run the bootstrap

$:juju bootstrap openstack-cloud
ERROR authentication failed.: authentication failed
caused by: requesting token failed
caused by: Resource at http://10.20.81.22:5000/v3/tokens not found
caused by: request (http://10.20.81.22:5000/v3/tokens) returned unexpected status: 404; error info: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>404 Not Found</title>
<h1>Not Found</h1>
<p>The requested URL was not found on the server.  If you entered the URL manually please check your spelling and try again.</p>

opening that url on my browser I’ve:

schkovich · 19 April 2019 12:35

Sounds as if you did not set project and user domains. What’s the output of the command juju show-credentials? This command will display locally stored credentials.

The command show-credentials would display something like

controller-credentials:
  ostack:
    osadmin:
      content:
         auth-type: userpass
         project-domain-name: admin_domain
         tenant-name: admin
         user-domain-name: admin_domain
         username: admin
      models:
         controller: admin
         default: admin

riccardo-magrini · 19 April 2019 15:53

I don’t understand if I’ve to install Juju on an instance of Openstack or that I’ve used to deploy Openstack (installed on Maas server), anyway this is the result of my lab (second choice):

$:juju show-credentials
controller-credentials:
  maas-cloud:
    richardsith:
      content:
        auth-type: oauth1
      models:
        controller: admin
        default: admin
        openstack: admin

then

$:juju list-credentials --format yaml --show-secrets
local-credentials:
  maas-cloud:
    richardsith:
      auth-type: oauth1
      maas-oauth: j3GCen9ncJfJQYQ5ZS:ef59sS4XdwhxVPXLSR:TcxGjfyDXS42yj7afbzWrAuhMJtvNWq5
  openstack-cloud:
    richardsith:
      auth-type: userpass
      password: r12k
      username: admin

then

$:juju show-cloud openstack-cloud
defined: local
type: openstack
description: Openstack Cloud
auth-types: [userpass]
endpoint: http://10.20.81.22:5000/v3
regions:
  RegionOne: {}

$:juju show-cloud maas-cloud
defined: local
type: maas
description: Metal As A Service
auth-types: [oauth1]
endpoint: http://10.20.81.1:5240/MAAS/

schkovich · 19 April 2019 17:31

Which release of OpenStack are you running? Can you connect to the OpenStack from CLI?

riccardo-magrini · 19 April 2019 21:05

Openstack is deployed via Juju and the bundle is that (Stein ver.). No, I’ve not installed the Openstack client tools (OSC), I’ve set my private cloud via dashboard and that work fine.
I used this guide

schkovich · 19 April 2019 23:22

Your credentials are missing project-domain-name, tenant-name and user-domain-name. If you went with the defaults during the deployment, your credentials should be as below.

juju list-credentials  --format yaml --show-secrets
local-credentials:
  openstack-cloud:
    richardsith:
      auth-type: userpass
      password: somepassword
      project-domain-name: admin_domain
      tenant-name: admin
      user-domain-name: admin_domain
      username: admin

GUI is useful, but you should get familiar with CLI and API.

riccardo-magrini · 20 April 2019 22:24

like that:

$:juju add-credential openstack-cloud
Enter credential name: richardsith
A credential "richardsith" already exists locally on this client.
Replace local credential? (y/N): y
Using auth-type "userpass".
Enter username: admin
Enter password: 
Enter tenant-name (optional): admin
Enter tenant-id (optional): 
Enter version (optional): 
Enter domain-name (optional): 
Enter project-domain-name (optional): u1804Adm
Enter user-domain-name (optional): u1804Adm
Credential "richardsith" updated locally for cloud "openstack-cloud".

$:juju list-credentials  --format yaml --show-secrets
local-credentials:
  maas-cloud:
    richardsith:
      auth-type: oauth1
      maas-oauth: j3GCen9ncJfJQYQ5ZS:ef59sS4XdwhxVPXLSR:TcxGjfyDXS42yj7afbzWrAuhMJtvNWq5
  openstack-cloud:
    richardsith:
      auth-type: userpass
      password: password
      project-domain-name: u1804Adm
      tenant-name: admin
      user-domain-name: u1804Adm
      username: admin

then run the bootstrap:

$:juju bootstrap openstack-cloud
Creating Juju controller "openstack-cloud-RegionOne" on openstack-cloud/RegionOne
ERROR failed to bootstrap model: no image metadata found

I’ve noted that it works only with the admin user, if I try with an user who belongs to the same domain but with different role (“member”) it gives me the same issue.

ERROR authentication failed.: authentication failed

So the task works just with admin user, isn’t it?

schkovich · 20 April 2019 23:03

Good to hear you managed to resolve the authentication problem.

As far as I can remember, yes, only users with admin role could create machines. USERS AND IDENTITY MANAGEMENT GUIDE will be a good start.

Your best friend is the flag –debug. You will get way more details when running any juju command.

In regards to image metadata problem, let’s keep the discussion nice and tidy.

riccardo-magrini · 24 April 2019 23:04

Following your tips (Cloud image metadata ) I 've done the following steps:
On MAAS server
$: mkdir -p ~/simplestreams/images
then
$:juju metadata generate-image -d ~/simplestreams -i 1951d9a1-a227-426d-8012-6accf7898718 -s xenial -r RegionOne -u http://10.20.81.22:5000/v3

iurii-golikov · 18 July 2021 13:27

I was able to solve that issue with auth 404 not found by using region name “microstack”.
Microstack snap creates the openstack region with that name by default so that should be used instead of arbitrary regions like “RegionOne” or whatever comes to your mind.
Just use microstack region for juju cloud config, credentials and simplestreams metadata bootstrap.