search

F5Networks / f5-openstack-agent

The F5 Agent for OpenStack Neutron allows you to deploy BIG-IP services in an OpenStack environment.
http://clouddocs.f5.com/products/openstack/agent/latest
Apache License 2.0
14 stars 38 forks source link

It is not valid part of the configuration items in the Keystone v2 #296

Closed htomoya closed 8 years ago

htomoya commented 8 years ago

OpenStack Release

Liberty

Agent Version

8.0.7

Operating System

CentOS7

Description

I tried to start the f5-openstack-agent using the keystone v2. But, the following error has occurred, it did not start.

2016-08-25 18:08:29.435 22767 ERROR f5_openstack_agent.lbaasv2.drivers.bigip.icontrol_driver [req-dd274640-e0f9-4890-be0d-d6303957db51 - - - - -] Failed to initialize CertManager.
2016-08-25 18:08:29.435 22767 ERROR f5_openstack_agent.lbaasv2.drivers.bigip.agent_manager [req-dd274640-e0f9-4890-be0d-d6303957db51 - - - - -] Error importing loadbalancer device driver: f5_openstack_agent.lbaasv2.drivers.bigip.icontrol_driver.iControlDriver error ImportError('',)
###############################################################################
# Certificate Manager
###############################################################################
cert_manager = f5_openstack_agent.lbaasv2.drivers.bigip.barbican_cert.BarbicanCertManager
#
# Two authentication modes are supported for BarbicanCertManager:
#   keystone_v2, and keystone_v3
#
#
# Keystone v2 authentication:
#
auth_version = v2
os_auth_url = http://10.0.2.15:5000/v2.0
os_username = admin
os_password = admin
os_tenant_name = admin
#
# Parent SSL profile name
#
# A client SSL profile is created for LBaaS listeners that use TERMINATED_HTTPS
# protocol. You can define the parent profile for this profile by setting
# f5_parent_ssl_profile. The profile created to support TERMINATTED_HTTPS will
# inherit settings from the parent you define. This must be an existing profile,
# and if it does not exist on your BIG-IP system the agent will use the default
# profile, clientssl.
f5_parent_ssl_profile = clientssl

Loading "tenant_name" in barbican_cert.py.

https://github.com/F5Networks/f5-openstack-agent/blob/mitaka/f5_openstack_agent/lbaasv2/drivers/bigip/barbican_cert.py#L104

                else:
                    # assume v2 auth
                    auth = v2.Password(
                        username=self.username,
                        password=self.password,
                        auth_url=self.auth_url,
                        tenant_name=self.tenant_name)  <--

However, do not cfg.StrOpt the "tenant_name" in icontrol_driver.py. I think that we should add a cfg.StrOpt to icontrol_driver.py.

    cfg.StrOpt(
        'os_tenant_name',
        default='None',
        help='OpenStack tenant_name for Keystone authentication.(v2 only)'
    ),
jlongstaf commented 8 years ago

Fix has been submitted for approval (see pull request #297). In the meantime, users can use Keystone v3 authentication instead of v2.