Description of problem: Director fails after deploying the Heat stack because the Overcloud assumes the Director machine has access to the Internal API network: undercloud$ openstack overcloud deploy --templates ~/templates/my-overcloud --ntp-server 10.26.235.251 --control-flavor control --compute-flavor compute --ceph-storage-flavor ceph --control-scale 3 --comp ute-scale 1 --ceph-storage-scale 3 --neutron-tunnel-types vxlan --neutron-network-type vxlan -e ~/templates/my-overcloud/environments/storage-environment.yaml -e ~/templates/my-overcloud/environments/network-iso lation.yaml -e ~/templates/my-overcloud/environments/net-multiple-nic-with-vlans.yaml Deploying templates in the directory /home/stack/templates/my-overcloud /home/stack/.ssh/known_hosts updated. Original contents retained as /home/stack/.ssh/known_hosts.old PKI initialization in init-keystone is deprecated and will be removed. ssh: connect to host 172.16.0.10 port 22: Connection timed out ERROR: openstack Command '['ssh', '-oStrictHostKeyChecking=no', '-t', '-l', 'heat-admin', u'172.16.0.10', 'sudo', 'keystone-manage', 'pki_setup', '--keystone-user', "$(getent passwd | grep '^keystone' | cut -d: -f1)", '--keystone-group', "$(getent group | grep '^keystone' | cut -d: -f1)"]' returned non-zero exit status 255 The problem is that the Director is trying to reach to Overcloud's Keystone over its internal address: [heat-admin@overcloud-controller-0 ~]$ source overcloudrc [heat-admin@overcloud-controller-0 ~]$ keystone endpoint-list /usr/lib/python2.7/site-packages/keystoneclient/shell.py:65: DeprecationWarning: The keystone CLI is deprecated in favor of python-openstackclient. For a Python library, continue using python-keystoneclient. 'python-keystoneclient.', DeprecationWarning) +----------------------------------+-----------+---------------------------------+------------------------------+-------------------------------+----------------------------------+ | id | region | publicurl | internalurl | adminurl | service_id | +----------------------------------+-----------+---------------------------------+------------------------------+-------------------------------+----------------------------------+ | 419292fdc1c643e4bcf956032f269956 | regionOne | http://192.168.122.10:5000/v2.0 | http://172.16.0.10:5000/v2.0 | http://172.16.0.10:35357/v2.0 | 9f2ea32571694542b4bf6645c2fe1130 | +----------------------------------+-----------+---------------------------------+------------------------------+-------------------------------+----------------------------------+ Version-Release number of selected component (if applicable): RHEL OSP Director 7.0 / 7.1 python-rdomanager-oscplugin-0.0.10.8.el7ost How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Heat stack is created but Director is trying to reach to Overcloud's Keystone over its internal address. This not what is documented / expected. Expected results: Either Director do not use / try to communicate over internalapi network or document otherwise of what all networks director needs access to . Additional info: documentation doesn't mention this requirement al all. Reading Director documentation , it specifically states this about the Internal API network: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/7/html-single/Director_Installation_and_Usage/index.html "The Internal API network is used for communication between the OpenStack services via API communication, RPC messages, and database communication. Used by: Controller, Compute, Cinder Storage, Swift Storage"
Dan, would you mind providing some doc text that access to the public api is necessary.
This bug did not make the OSP 8.0 release. It is being deferred to OSP 10.
This known issue was published in the RHOSP 10 Release Notes here: https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/10/html-single/release_notes/#idm140051435974272 Closing.