3

When trying to setup a controller node for openstack USSURI version. I'm asked to setup glance service as VM images management sub-service.

As of requirement : article (under ubuntu 18.04) :

  1. I created a file named : admin-openrc.sh , under location : /usr/share/keystone , with content :
    export OS_USERNAME=admin 
    
    export OS_PASSWORD=ADMIN_PASS 
    
    export OS_PROJECT_NAME=admin 
    
    export OS_USER_DOMAIN_NAME=Default 
    
    export OS_PROJECT_DOMAIN_NAME=Default 
    
    export OS_AUTH_URL=http://controller:5000/v3 
    
    export OS_IDENTITY_API_VERSION=3`

where ADMIN_PASS is customized

  1. Type cmd : source ./admin-openrc.sh

  2. Then, create glance user with cmd : openstack user create --domain default --password-prompt glance

as output, I receive error message :

Failed to discover available identity versions when contacting http://controller:5000/v3. Attempting to parse version from URL.
Unable to establish connection to http://controller:5000/v3/auth/tokens: HTTPConnectionPool(host='controller', port=5000): Max retries exceeded with url: /v3/auth/tokens (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fa20bba02b0>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution',))

Would anybody advise please ? I completed previously all steps : NTP install, openstack packages download, SQL install, RabbitMQ install, Memcached install, Etcd install, Keystone install (USSURI version)

It seems to be authentication issue maybe or something else ?

If the question helped you, up-vote it. Thanks in advance

CloudRock
  • 159
  • 2
  • 5
  • 14
  • do you have registered `controller` ( which is used in the path `http://controller` ) in `/etc/hosts` or how does he resolve the address? If you have used the setup-instructions too straightforward, you have potentially missed to replace `controller` by the ip-address of the host or an address, which can be resolved by the /etc/hosts-file. – Tobias Jul 15 '20 at 15:27
  • the only registration I made to `controller` is stated at this [link](https://docs.openstack.org/keystone/ussuri/install/keystone-install-ubuntu.html#configure-the-apache-http-server), as apache2 host – CloudRock Jul 15 '20 at 15:39
  • yeah, then I was right. You have to replace `controller` behind each `http://` in every openstack-command and in every config-file by the ip-address of your controller-node or by a name, which is mapped by the `/etc/hosts/`-file to an ip-address or by a domain-name like `www.example.com`, which can be resolved to the ip of your controller-node. You could also register the name `controller` in your `/etc/hosts`-file together with the ip of your controller-node as workaround. So you don't have to change each command and config. – Tobias Jul 15 '20 at 15:48
  • I'm testing your approach but confused in defining IP address for `controller`. I have two IPs : 10.0.0.4 which is the OS host IP and 10.0.0.11 which the management IP for `controller` – CloudRock Jul 15 '20 at 16:02

5 Answers5

0

If this is a single control node setup (e.g. single instance of keystone) I would recommend just replacing controller with the management ip address. When going to production you tend to have a load balancer in front of these server, but you could also use a dns record resolvable on all your nodes (e.g. controller.internal).

# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
  --bootstrap-admin-url http://<your-ip>:5000/v3/ \
  --bootstrap-internal-url http://<your-ip>:5000/v3/ \
  --bootstrap-public-url http://<your-ip>:5000/v3/ \
  --bootstrap-region-id RegionOne

The disadvantage of using controller and not having a dns or load balancing solution in front (e.g. by adding it to the /etc/hosts file) is that you need to manually maintain this on all nodes, including any compute nodes you add to your setup.

eandersson
  • 25,781
  • 8
  • 89
  • 110
0

I added an entry to etc/hosts : 10.0.0.11 controller then re-execute this 2 cmds:

sudo keystone-manage bootstrap --bootstrap-password XXXXXXXX --bootstrap-admin-url http://10.0.0.11:5000/v3/ --bootstrap-internal-url http://10.0.0.11:5000/v3/ --bootstrap-public-url http://10.0.0.11:5000/v3/ --bootstrap-region-id RegionOne

sudo openstack user create --domain default --os-username XXXXXXXX --password-prompt --os-auth-url http://10.0.0.11:5000/v3 glance

But receieved, same error :

Failed to discover available identity versions when contacting http://10.0.0.11:5000/v3. Attempting to parse version from URL.

Unable to establish connection to http://10.0.0.11:5000/v3/auth/tokens: HTTPConnectionPool(host='10.0.0.11', port=5000): Max retries exceeded with url: /v3/auth/tokens (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fe863dff290>: Failed to establish a new connection: [Errno 113] No route to host',))

Waiting for your help,

CloudRock
  • 159
  • 2
  • 5
  • 14
0

Also tried this :

$sudo ping controller

PING controller (10.0.0.11) 56(84) bytes of data.
From bassamvm01.internal.cloudapp.net (10.0.0.4) icmp_seq=1 Destination Host Unreachable
......
^C
--- controller ping statistics ---
6 packets transmitted, 0 received, +3 errors, 100% packet loss, time 5081ms
pipe 4
CloudRock
  • 159
  • 2
  • 5
  • 14
  • On the host, where try to install keystone, is there even a network-interface, which listen on `10.0.0.11`? – Tobias Jul 16 '20 at 15:08
  • the only config I made with `10.0.0.11` is as of [article](https://docs.openstack.org/install-guide/environment-sql-database-ubuntu.html), ie : I added the IP in file /etc/mysql/mariadb.conf.d/99-openstack.cnf . OS host interface : 10.0.0.4 , I didn't add any new interface ... – CloudRock Jul 16 '20 at 15:28
  • General advice for you: Don't simple copy-paste example-commands, when you don't know what they do. – Tobias Jul 16 '20 at 15:41
  • is there a need to add network-interface with `10.0.0.11` ? – CloudRock Jul 16 '20 at 15:44
  • If your physical host has only one network interface with ip `10.0.0.4` then you have to use this address in your commands and config-files for any service, which runs on this physical host. Using `10.0.0.11` would only make sense, when a pysical or virtual interface exist, which listen on this ip. – Tobias Jul 16 '20 at 15:51
0

Thanks for your remark. I succeeded in granting access to controller with address 10.0.0.11

I need to change NIC config accordingly (with IP : 10.0.0.11)

CloudRock
  • 159
  • 2
  • 5
  • 14
0

that what just happened to me right now so i had tried to restart the network service and it work for me now. PS: i'm using openstack packstack on centos 7 the command:

> systemctl restart network
keyser.02
  • 1