Bug 1346004 - puppet-neutron configuration use KEYSTONE section instead of keystone_authtoken
Summary: puppet-neutron configuration use KEYSTONE section instead of keystone_authtoken
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-puppet-modules
Version: 8.0 (Liberty)
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 8.0 (Liberty)
Assignee: Emilien Macchi
QA Contact: Arik Chernetsky
URL:
Whiteboard:
Depends On:
Blocks: 1347518 1364146
TreeView+ depends on / blocked
 
Reported: 2016-06-13 16:01 UTC by Cyril Lopez
Modified: 2016-10-26 13:42 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-10-26 13:42:56 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 329079 0 None None None 2016-07-04 12:11:59 UTC
OpenStack gerrit 351078 0 None None None 2016-08-04 09:23:49 UTC
Red Hat Product Errata RHBA-2016:2111 0 normal SHIPPED_LIVE openstack-puppet-modules bug fix advisory 2016-10-26 17:41:57 UTC

Description Cyril Lopez 2016-06-13 16:01:58 UTC
Description of problem:

When we deploy with opencontrail environement,  /etc/neutron/plugins/opencontrail/ContrailPlugin.ini is not properly configured

Version-Release number of selected component (if applicable):


How reproducible:
Deploy with opencontrail environment and this env :
parameters:
  controllerExtraConfig:
    neutron::api_extensions_path: /usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions
    neutron::plugins::opencontrail::api_server_ip: 10.4.10.100
    neutron::plugins::opencontrail::api_server_port: 8082 
    neutron::plugins::opencontrail::multi_tenancy: true
    neutron::plugins::opencontrail::contrail_extensions: '[ ''ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam'' , ''policy:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_policy.NeutronPluginContrailPolicy'' , ''route-table:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_vpc.NeutronPluginContrailVpc'' , ''contrail:None'' ]'
    neutron::plugins::opencontrail::keystone_auth_url: '"%{hiera(''keystone_auth_uri'')}"'
    neutron::plugins::opencontrail::keystone_admin_user: admin
    neutron::plugins::opencontrail::keystone_admin_tenant_name: admin
    neutron::plugins::opencontrail::keystone_admin_password: '"%{hiera(''admin_password'')}"'
    neutron::plugins::opencontrail::keystone_admin_token: '"%{hiera(''keystone::admin_token'')}"'

Actual results:

[KEYSTONE]
auth_url = http://10.4.10.10:5000/v2.0
admin_user = admin
admin_password = xxxxxxxxxxxxxxxxxxxxxxxxxxx
admin_token = xxxxxxx
admin_tenant_name=admin


Expected results:
[keystone_authtoken]
auth_host=10.4.10.10
auth_uri = http://10.4.10.10:5000/v2.0
identity_uri = http://192.0.2.17:35357
admin_tenant_name = service
admin_user = neutron
admin_password = xxxxx
auth_protocol = http

Comment 1 Emilien Macchi 2016-06-13 16:04:11 UTC
Cyril, please close this bug and report it on upstream launchpad/puppet-neutron.

Thanks.

Comment 2 Emilien Macchi 2016-06-13 16:10:09 UTC
I sent a patch here: https://review.openstack.org/329079

Comment 5 Edu Alcaniz 2016-09-06 06:05:24 UTC
Hi, could you update this Bugzilla?

Comment 6 Emilien Macchi 2016-09-06 12:10:32 UTC
I don't really know how to configure opencontrail parameters in Neutron. If someone from Juniper could help us, it would be great so we don't do random things here.

Comment 7 Cyril Lopez 2016-10-20 07:44:58 UTC
I find out a workaround with adding this in environment

parameters:
  controllerExtraConfig:
    neutron::config::plugin_opencontrail_config:
      keystone_authtoken/auth_host:
        value: '%{hiera(''keystone_admin_api_vip'')}'
      keystone_authtoken/auth_uri:
        value: '%{hiera(''keystone_auth_uri'')}'
      keystone_authtoken/identity_uri:
        value: '%{hiera(''neutron::server::identity_uri'')}'
      keystone_authtoken/admin_tenant_name:
        value: '%{hiera(''keystone::roles::admin::service_tenant'')}'
      keystone_authtoken/admin_user:
        value: '%{hiera(''nova::network::neutron::neutron_admin_username'')}'
      keystone_authtoken/admin_password:
        value: '%{hiera(''neutron::keystone::auth::password'')}'
      keystone_authtoken/auth_protocol:
        value: 'http'

Comment 13 errata-xmlrpc 2016-10-26 13:42:56 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2111.html


Note You need to log in before you can comment on or make changes to this bug.