| *** sapd1_x has joined #senlin | 00:05 | |
| openstackgerrit | Merged openstack/senlin master: Replace git.openstack.org URLs with opendev.org URLs https://review.opendev.org/654684 | 00:32 |
|---|---|---|
| *** sapd1_x has quit IRC | 00:35 | |
| *** Ryjedo has joined #senlin | 05:38 | |
| *** openstackgerrit has quit IRC | 08:47 | |
| *** sapd1_x has joined #senlin | 13:14 | |
| -Ryjedo- hello senlin community. I'm running into considerable trouble getting senlin to authenticate on an RDO cluster running Rocky and was wondering if this was a common issue, or if anyone had any thoughts/ideas on where to go next. | 14:06 | |
| Ryjedo | i've spent a good 13-ish hours grinding at this already, and i'm using this document as a guide https://docs.openstack.org/senlin/rocky/install/install-rdo.html | 14:07 |
| Ryjedo | experimenting with the senlin.conf options i get a variety of fails from token authentication failures to ssl failures. other services seem to configure and work just fine, but i'm really struggling with this one. | 14:11 |
| Ryjedo | any suggestions on how to further trouble shoot the auth process, or any further documentation on the config options and what the various auth options do (especially some idea of what other auth plugins are available/supported) would be super helpful. I'm a little stuck on where to dig next. | 14:13 |
| Ryjedo | sorry im an irc noob, and my first message is darkened, so i'm reposting it just in case it didn't actually send correct, so that my second message won't be completely without context: "hello senlin community. I'm running into considerable trouble getting senlin to authenticate on an RDO cluster running Rocky and was wondering if this was a common issue, or if anyone had any thoughts/ideas on where to go next." | 14:14 |
| *** sapd1_x has quit IRC | 14:59 | |
| dtruong | Ryjedo: Are there any errors in the senlin logs that you can put in http://paste.openstack.org/ and then post the link here? | 15:51 |
| *** Qiming has quit IRC | 15:54 | |
| *** Qiming has joined #senlin | 15:58 | |
| Ryjedo | @dtruong yes sir, i've included the client output, the log output, my senlin.conf file, and my endpoints here http://paste.openstack.org/show/4xTJsxQ58c4CpWQCYIZm/ | 16:58 |
| Ryjedo | dtruong yes sir, i've included the client output, the log output, my senlin.conf file, and my endpoints here http://paste.openstack.org/show/4xTJsxQ58c4CpWQCYIZm/ | 16:59 |
| dtruong | Ryjedo I think the doc might be wrong | 17:29 |
| dtruong | Can you try something like this: http://paste.openstack.org/show/752544/ | 17:29 |
| Ryjedo | dtruong testing now, should i leave the [authentication] section untouched and just replace the [keystone_authtoken] section? or should I comment out the [authentication] section? | 17:30 |
| dtruong | Ryjedo the [authentication] has to stay | 18:23 |
| Ryjedo | dtruong still getting errors. the url in your paste doesn't match the urls for the identity service on my cluster either. In my paste i show the client and log output with both the format you sent, as well as for the format that matches my endpoints, i've also included my keystonerc_admin file (password redacted) and the endpoints for my identity service. http://paste.openstack.org/show/dnddbGfSnneehZF82yv9/ | 18:38 |
| dtruong | ok, you are correct that your auth url is different and you should be using :5000/v3 | 18:42 |
| dtruong | did you create the senlin user in keystone? | 18:42 |
| dtruong | in the service project | 18:42 |
| Ryjedo | dtruong yes i did. | 18:44 |
| Ryjedo | dtruong here is a paste that shows the senlin user, and it's association with the senlin service, and the admin role http://paste.openstack.org/show/b4ebV1ii9BtLGShNOWnW/ | 18:50 |
| Ryjedo | dtruong confirmed both the opentstack-senlin-api and openstack-senlin-engine services are running as well. | 18:50 |
| dtruong | Did you try using the senlin user and password with the openstack CLI and see if it works? | 18:57 |
| Ryjedo | i did not, thats a great idea. trying that now. | 19:00 |
| Ryjedo | very interesting.. it fails. | 19:01 |
| dtruong | so i'm pretty sure it's a problem with the senlin user | 19:03 |
| dtruong | maybe the password you used to create it is different | 19:03 |
| dtruong | maybe just reset the password to something simple that does not contain any special characters | 19:04 |
| dtruong | and try again | 19:04 |
| Ryjedo | will try that. question, if i changed the senlin user/password in senlin.conf to the admin user/password should that work for testing purposes or would that be expected to fail (it fails). | 19:06 |
| Ryjedo | very interesting situation, the senlin user even with a really basic password fails to simple stuff like `openstack endpoint list`.. this gives me something to track down for sure. | 19:17 |
| dtruong | Did you make sure to use the service tenant when you are using senlin user with the OpenStack CLI? | 19:19 |
| Ryjedo | tenant == project correct? | 19:23 |
| dtruong | Yes | 19:25 |
| Ryjedo | oh man i fixed it. | 19:26 |
| Ryjedo | my senlin.conf listed the senlin users project/tenant as "service".. there is no such project/tenant.. it's "services" (with an s). | 19:26 |
| Ryjedo | dtruong thank you soo so much. you got me unstuck and gave me a path to locate the issue and get it solved. 27 hours of banging my head against a config typo on my end.. lol. | 19:27 |
| dtruong | Ryjedo no problem. i'm glad that fixed it. | 19:53 |
| dtruong | I'm curious, are you doing an evaluation of senlin or are you planning to use it in production? | 19:53 |
| Ryjedo | dtruong i'm building a cluster for my dev team to be able to test our product (software defined perimeter stuff) against. The cluster is meant to run the same services/versions (hence rocky) as our customer (whom is trialing our product). My understanding is that they are running rocky with senlin in production. Not sure how public facing that is (they are a mobile telecom shop). might just be using it for the internal IT stuff, that info wasn't shar | 20:01 |
| Ryjedo | ed with me. | 20:01 |
| dtruong | cool. thanks for the info. it's interesting to see the different use cases of senlin. | 20:06 |
| dtruong | feel free to hit me up on IRC if you have any other problem. | 20:06 |
| Ryjedo | I sure will, thank you very much sir. from what I can tell that customer has a fairly HUGE openstack deployment, which is really good news for openstacks future. I wish i could share the name of the customer. | 20:07 |
| dtruong | yea, definitely good news for the adoption of senlin as well. | 20:08 |
| *** Ryjedo has quit IRC | 20:46 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!