VMware Cloud Community
dalo
Hot Shot
Hot Shot
‎09-23-2015 11:17 PM
Jump to solution

VIO 2.0 AD integration issue

If I deploy VIO with the integrated DB authentication, everything works. If I setup the Active Directory as authentication the deploy process stops and I get a error:

Task execution failed: Task failed on the following nodes: ['172.31.93.15', '172.31.93.14']. Refer logs for more details..

Because we've more than 1000 AD users I had to implement a user filter, but on VIO 1.02 the same settings are successful.

I found the following entries in the logs, maybe they are relevant?:

controller01/logs/heat-engine.log:2015-09-23 08:35:16.381 15680 ERROR oslo_messaging._drivers.impl_rabbit [-] AMQP server on 127.0.0.1:5672 is unreachable: [Errno 111] ECONNREFUSED. Trying again in 1 seconds.

controller01/logs/heat-engine.log:2015-09-23 08:35:16.455 15678 ERROR heat.engine.service [-] Failed to stop engine service, 'NoneType' object has no attribute 'stop'

oms/logs/oms/oms.log:[2015-09-22T15:11:22.106+0000] ERROR VcEventListener| com.vmware.openstack.utils.IpAddressUtil: Can't connect to VC from OMS server vcenter.domain.org

oms/logs/oms/oms.log:[2015-09-22T15:11:22.107+0000] ERROR VcEventListener| com.vmware.aurora.vc.vcservice.VcService: !!!OMS can't connect to VC by either IP or FQDN

(The VC is pingable from the management server, also I tried to disable the firewall on the Windows Host)

Any Ideas?

Thanks, Daniel

0 Kudos
1 Solution

Accepted Solutions
jmgriffes
Enthusiast
Enthusiast
‎09-24-2015 07:29 AM
Jump to solution

dalo,

I actually already have VMware looking into this for me, it's a bug where the "_member_" role is not automatically created. You can create it manually, and it works just fine:

MemberRoleCreation.PNG

After I manually created it I could create new projects just as normal.

View solution in original post

0 Kudos
4 Replies
dalo
Hot Shot
Hot Shot
‎09-24-2015 06:53 AM
Jump to solution

I'm a step further now. I use a new bind user and the deployment works.

But now if I would create a new project in the Web Interface a get the following error:

"Danger: An error occurred. Please try again later."

I looked into the keystone.log, but could not identify any issues. Which logfiles are also relevant to this?

Thanks,

Daniel

0 Kudos
jmgriffes
Enthusiast
Enthusiast
‎09-24-2015 07:29 AM
Jump to solution

dalo,

I actually already have VMware looking into this for me, it's a bug where the "_member_" role is not automatically created. You can create it manually, and it works just fine:

MemberRoleCreation.PNG

After I manually created it I could create new projects just as normal.

0 Kudos
admin
Immortal
Immortal
‎09-24-2015 07:31 AM
Jump to solution

Oh this is happening because the "default member role" is not getting created.

It is due to this bug we found in keystone : Bug #1497461 “Fernet tokens fail for some users with LDAP identi...” : Bugs : Keystone

Also Check out the thread below

Cannot create new Project

Login to any of the controllers. That is first login to OMS server. Then ssh controller01 . Use keystone command line to create the member role:  "_member_"  

Chapter 11. Identity service command-line client - OpenStack Command-Line Interface Reference   - cur...

keystone role-create --name _member_

See if the above helps tackle the error and let me know.

dalo
Hot Shot
Hot Shot
‎09-24-2015 08:01 AM
Jump to solution

Thank you this was the problem.

I just created the new _member_ role in  horizon and it works.

I also tried it with the cli, but im not successful I need the auth URL:

viouser@controller01:~$ sudo keystone role-create --name _member_

Expecting an auth URL via either --os-auth-url or env[OS_AUTH_URL]

Which one is this in VIO? Do I've to create a cloudadmin.rc, or pass the URL? I could not found something in the documentation, could you write a example?

0 Kudos