My apologies, I had previously used the tenant.yml playbook without modification. On my new openstack cloud, i had to change the endpoint from the default http://127.0.0.1:35357/v2.0/
to the value in my openrc OS_AUTH_URL "http://10.x.y.z:35357/v2.0/"; I also switched from token to login_user and login_password authentication for the admin user of the admin tenant. I then see the following error: TASK: [Create Tenant] ********************************************************* failed: [node-8] => {"failed": true, "item": ""} msg: Current authorization does not have a known management url FATAL: all hosts have already failed -- aborting ----------------------------- I then tried using the service endpoint instead of auth_url also defined in openrc SERVICE_ENDPOINT "http://10.x.y.z:5000/v2.0/"; TASK: [Create Tenant] ********************************************************* failed: [node-8] => {"failed": true, "item": ""} msg: Unable to communicate with identity service: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Not Authorized"}}. FATAL: all hosts have already failed -- aborting Switching back to token authorization but now with either endpoint i see keystoneclient.exceptions.Unauthorized: Unable to communicate with identity service: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Not Authorized"}}. (HTTP 401) Any ideas what i'm missing? On Monday, March 17, 2014 1:30:36 PM UTC-5, Kesten Broughton wrote: > > I am able to connect to my openstack private cloud directly using pyrax. > I have ~/.pyrax.cfg and ~/.pyrax.creds to accomplish this. > > Now i'm trying to get it working via ansible. In the docs, it's not clear > how the example tenant creation is authenticated. > > http://docs.ansible.com/keystone_user_module.html > > # Create a tenant > > - keystone_user: tenant=demo tenant_description="Default Tenant" > > > From the openstack controller it works > > root@node-8:~# keystone --os-token **mytoken** tenant-delete --name > lynx-dev3 > > WARNING: Bypassing authentication using a token & endpoint (authentication > credentials are being ignored). > > +-------------+----------------------------------+ > > | Property | Value | > > +-------------+----------------------------------+ > > | description | | > > | enabled | True | > > | id | 7663d799b78644cc9e15a2c6e4b4160a | > > | name | lynx-dev3 | > > +-------------+----------------------------------+ > > > But from ansible (using the redhat-openstack-ansible tenant.yml) it fails > > - name: Create Tenant > > keystone_user: token={{ keystone_admin_token }} tenant={{ tenant_name > }} > > description="{{tenant_description}}" > > register: tenant > > TASK: [Create Tenant] > ********************************************************* > > fatal: [node-8] => failed to parse: Traceback (most recent call last): > > File > "/root/.ansible/tmp/ansible-tmp-1395080004.53-1005279474045/keystone_user", > line 1913, in <module> > > main() > > File > "/root/.ansible/tmp/ansible-tmp-1395080004.53-1005279474045/keystone_user", > line 320, in main > > keystone = get_keystone_client(module) > > File > "/root/.ansible/tmp/ansible-tmp-1395080004.53-1005279474045/keystone_user", > line 1558, in get_keystone_client > > keystone = keystoneclient.v2_0.client.Client(**kwargs) > > File "/usr/lib/python2.7/dist-packages/keystoneclient/v2_0/client.py", > line 134, in __init__ > > self.authenticate() > > File "/usr/lib/python2.7/dist-packages/keystoneclient/client.py", line > 205, in authenticate > > token) > > File "/usr/lib/python2.7/dist-packages/keystoneclient/v2_0/client.py", > line 180, in get_raw_token_from_identity_service > > "%s" % e) > > keystoneclient.exceptions.AuthorizationFailure: Authorization Failed: > [Errno 111] Connection refused > > > > FATAL: all hosts have already failed -- aborting > > > PLAY RECAP > ******************************************************************** > > to retry, use: --limit @/Users/kbroughton/tenant_play.retry > > > fuel2 : ok=0 changed=0 unreachable=1 > failed=0 > > node-8 : ok=2 changed=0 unreachable=1 > failed=0 > > > Also, i feel that the docs aren't clear on what login_password refers to > if we are creating a tenant. It seems to pair with login_tenant_name but > is that the new tenant i am creating (doesn't have a password yet) or the > default "admin" tenant that controls all tenant projects? > > The tenant field comment also doesn't specify which password > > "The token to be uses in case the password is not specified" and there are > two "password" type fields. > > > thanks > > > kesten > > > Kesten Broughton > 512 701 4209 > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/6ea29646-a94d-4d38-becf-bccedb70c657%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
