search

ystia / yorc

Ystia Orchestrator
https://ystia.github.io
Apache License 2.0
67 stars 23 forks source link

OpenStack Authentication failed #768

Closed tibeer closed 1 year ago

tibeer commented 3 years ago

I seem to have missed something in the documentation. I have bootstrapped yorc inside an OpenStack cloud. That works fine. I can also access Alien4Cloud and create Topologies, etc. But when i try to deploy something (just a basic VM with the yorc template), i get the following:

Error creating OpenStack compute client: Authentication failed

Interestingly I used in the bootstrap file the exact same credentials. I also double-checked and copy-pasted the credential stanza so there is no typo. Still Alien4Cloud logs tell me, that the authentication failed. What could I miss?

@ystia/yorc-dev

loicalbertin commented 3 years ago

Hi @tibeer

Could you please check on the bootstrapped Yorc the configuration of your locations to see if you can stare at something weird. You can use the following command to inspect your locations configuration:

yorc locations list

Also Yorc logs (accessible using journalctl -u yorc) may contain additional information.

Also, kindly note that most of our dev team will be on vacation for the next 2 weeks so please expect a delay in our responses.

tibeer commented 3 years ago

Hi @loicalbertin ,

I wish you guys happy holidays. The delay won't be an issue for me. This is the controller

ubuntu@yorc-yorc-controller-0:~$ yorc locations list
Locations:
+-----------+-----------+-------------------------------------------------+
| Name      | Type      | Properties                                      |
+-----------+-----------+-------------------------------------------------+
| betacloud | openstack |   user_name: foobar                       |
|           |           |   default_security_groups:                      |
|           |           |     yorc-all                                |
|           |           |   password: foobar                    |
|           |           |   private_network_name: net-to-external-testbed |
|           |           |   project_name: testbed                         |
|           |           |   tenant_name: testbed                          |
|           |           |   user_domain_name: betacloud                   |
|           |           |   auth_url: https://api-1.betacloud.de:5000     |
|           |           |   project_id: foobar  |
|           |           |   provisioning_over_fip_allowed: true           |
|           |           |   use_vault: true                               |
+-----------+-----------+-------------------------------------------------+

and this the bootstrapped instance

root@bootstrap-yorccompute-0:~# yorc locations list
Locations:
+-----------+-----------+-------------------------------------------------------------------------------------------+
| Name      | Type      | Properties                                                                                |
+-----------+-----------+-------------------------------------------------------------------------------------------+
| betacloud | openstack |   private_network_name: net-to-external-testbed                                           |
|           |           |   provisioning_over_fip_allowed: True                                                     |
|           |           |   tenant_name: {{ secret "/secret/yorc/locations/betacloud" "data=tenant_name" | print }} |
|           |           |   user_name: {{ secret "/secret/yorc/locations/betacloud" "data=user_name" | print }}     |
|           |           |   auth_url: https://api-1.betacloud.de:5000                                               |
|           |           |   default_security_groups:                                                                |
|           |           |     yorc-all                                                                          |
|           |           |   password: {{ secret "/secret/yorc/locations/betacloud" "data=password" | print }}       |
+-----------+-----------+-------------------------------------------------------------------------------------------+

while this is my values file I started the controller with (i have not touched any other configuration):

ansible:
  version: 2.10.0
  extra_package_repository_url: ""
  host_operations_allowed: false
alien4cloud:
  download_url: https://www.portaildulibre.fr/nexus/repository/opensource-releases/alien4cloud/alien4cloud-premium-dist/3.0.0-M8/alien4cloud-premium-dist-3.0.0-M8-dist.tar.gz
  port: 8088
  protocol: https
  user: admin
  password: admin
  extra_env: ""
yorcplugin:
  download_url: ""
consul:
  download_url: https://releases.hashicorp.com/consul/1.2.3/consul_1.2.3_linux_amd64.zip
  port: 8543
  tls_enabled: true
  tls_for_checks_enabled: true
  encrypt_key: foobar
terraform:
  download_url: https://releases.hashicorp.com/terraform/0.11.8/terraform_0.11.8_linux_amd64.zip
  plugins_download_urls:
  - https://releases.hashicorp.com/terraform-provider-null/1.0.0/terraform-provider-null_1.0.0_linux_amd64.zip
  - https://releases.hashicorp.com/terraform-provider-consul/2.1.0/terraform-provider-consul_2.1.0_linux_amd64.zip
  - https://releases.hashicorp.com/terraform-provider-google/1.18.0/terraform-provider-google_1.18.0_linux_amd64.zip
  - https://releases.hashicorp.com/terraform-provider-openstack/1.32.0/terraform-provider-openstack_1.32.0_linux_amd64.zip
  - https://releases.hashicorp.com/terraform-provider-aws/1.36.0/terraform-provider-aws_1.36.0_linux_amd64.zip
yorc:
  download_url: https://github.com/ystia/yorc/releases/download/v4.1.2/yorc-4.1.2.tgz
  port: 8800
  protocol: https
  private_key_content: |
    -----BEGIN OPENSSH PRIVATE KEY-----
    foobar
    -----END OPENSSH PRIVATE KEY-----
  private_key_file: /home/ubuntu/.ssh/id_rsa
  ca_pem: |
    -----BEGIN CERTIFICATE-----
    foobar
    -----END CERTIFICATE-----
  ca_pem_file: /home/ubuntu/work/bootstrapResources/ca.pem
  ca_key: |
    -----BEGIN RSA PRIVATE KEY-----
    Proc-Type: 4,ENCRYPTED
    DEK-Info: AES-256-CBC,DF4BB5B3CDD295CB647696A1114FF763

    foobar
    -----END RSA PRIVATE KEY-----
  ca_key_file: /home/ubuntu/work/bootstrapResources/ca-key.pem
  ca_passphrase: yorc
  data_dir: /var/yorc
  workers_number: 30
  resources_prefix: yorc-
locations:
- name: betacloud
  type: openstack
  properties:
    auth_url: https://api-1.betacloud.de:5000
    default_security_groups:
    - yorc-all
    password: foobar
    private_network_name: net-to-external-testbed
    project_id: foobar
    project_name: testbed
    provisioning_over_fip_allowed: true
    tenant_name: testbed
    use_vault: true
    user_domain_name: betacloud
    user_name: foobar
compute:
  availability_zone: south-2
  flavorName: 4C-4GB-20GB
  imageName: Ubuntu 20.04
  key_pair: yorc
  region: betacloud-1
  security_groups: yorc-all
credentials:
  user: ubuntu
  keys:
    "0": /home/ubuntu/.ssh/id_rsa
address:
  floating_network_name: external
jdk:
  download_url: https://api.adoptopenjdk.net/v2/binary/releases/openjdk8?openjdk_impl=hotspot&os=linux&arch=x64&release=jdk8u212-b03&type=jdk
  version: 1.8.0-212-b03
location:
  type: OpenStack
  name: betacloud
  resourcesfile: resources/ondemand_resources_openstack.yaml
  properties:
    auth_url: https://api-1.betacloud.de:5000
    default_security_groups:
    - yorc-all
    password: foobar
    private_network_name: net-to-external-testbed
    project_id: foobar
    project_name: testbed
    provisioning_over_fip_allowed: true
    tenant_name: testbed
    use_vault: true
    user_domain_name: betacloud
    user_name: foobar
hosts: []
vault:
  download_url: https://releases.hashicorp.com/vault/1.0.3/vault_1.0.3_linux_amd64.zip
  port: 8200
insecure: false
tibeer commented 3 years ago

Okay, so I logged into the bootstrapped instance and did a `yorc locations update -d' with the respective parameters. Now I can deploy with alien4cloud. Seems like the credentials from the controller are not correctly passed over to the instance?

tibeer commented 1 year ago

Stale for more than one year. Closing.