If I deploy VIO with the integrated DB authentication, everything works. If I setup the Active Directory as authentication the deploy process stops and I get a error:
Task execution failed: Task failed on the following nodes: ['172.31.93.15', '172.31.93.14']. Refer logs for more details..
Because we've more than 1000 AD users I had to implement a user filter, but on VIO 1.02 the same settings are successful.
I found the following entries in the logs, maybe they are relevant?:
controller01/logs/heat-engine.log:2015-09-23 08:35:16.381 15680 ERROR oslo_messaging._drivers.impl_rabbit [-] AMQP server on 127.0.0.1:5672 is unreachable: [Errno 111] ECONNREFUSED. Trying again in 1 seconds.
controller01/logs/heat-engine.log:2015-09-23 08:35:16.455 15678 ERROR heat.engine.service [-] Failed to stop engine service, 'NoneType' object has no attribute 'stop'
oms/logs/oms/oms.log:[2015-09-22T15:11:22.106+0000] ERROR VcEventListener| com.vmware.openstack.utils.IpAddressUtil: Can't connect to VC from OMS server vcenter.domain.org
oms/logs/oms/oms.log:[2015-09-22T15:11:22.107+0000] ERROR VcEventListener| com.vmware.aurora.vc.vcservice.VcService: !!!OMS can't connect to VC by either IP or FQDN
(The VC is pingable from the management server, also I tried to disable the firewall on the Windows Host)
Any Ideas?
Thanks, Daniel
dalo,
I actually already have VMware looking into this for me, it's a bug where the "_member_" role is not automatically created. You can create it manually, and it works just fine:
After I manually created it I could create new projects just as normal.
I'm a step further now. I use a new bind user and the deployment works.
But now if I would create a new project in the Web Interface a get the following error:
"Danger: An error occurred. Please try again later."
I looked into the keystone.log, but could not identify any issues. Which logfiles are also relevant to this?
Thanks,
Daniel
dalo,
I actually already have VMware looking into this for me, it's a bug where the "_member_" role is not automatically created. You can create it manually, and it works just fine:
After I manually created it I could create new projects just as normal.
Oh this is happening because the "default member role" is not getting created.
It is due to this bug we found in keystone : Bug #1497461 “Fernet tokens fail for some users with LDAP identi...” : Bugs : Keystone
Also Check out the thread below
Login to any of the controllers. That is first login to OMS server. Then ssh controller01 . Use keystone command line to create the member role: "_member_"
Chapter 11. Identity service command-line client - OpenStack Command-Line Interface Reference - cur...
keystone role-create --name _member_
See if the above helps tackle the error and let me know.
Thank you this was the problem.
I just created the new _member_ role in horizon and it works.
I also tried it with the cli, but im not successful I need the auth URL:
viouser@controller01:~$ sudo keystone role-create --name _member_
Expecting an auth URL via either --os-auth-url or env[OS_AUTH_URL]
Which one is this in VIO? Do I've to create a cloudadmin.rc, or pass the URL? I could not found something in the documentation, could you write a example?