nikosmeds/gist:6bc29b00c05222f94fa62a3adfffff5a Secret

## gistfile1.txt
## NOTE: We deploy OpenStack Queens with openstack-ansible
## 1. Make the following change to `user_variables` file

 keystone_policy_overrides:
   admin_required: "role:admin"
-  cloud_admin: "role:admin and (is_admin_project:True or domain_id:default)"
+  cloud_admin: "role:admin and domain_id:default"


## 2. Run the Keystone playbook

$ sudo openstack-ansible /opt/openstack-ansible/playbooks/os-keystone-install.yml --tags "keystone-config"


## 3. Removed `no_log` from role to get more verbose output
## EDIT: Apparently gists don't wrap.
## Error message: keystoneauth1.exceptions.http.Forbidden: You are not authorized to perform the requested action: identity:list_domains.

TASK [os_keystone : Wait for services to be up] ***************************************************************************************
Thursday 29 November 2018  23:07:35 +0200 (0:00:00.024)       0:01:33.645 *****
ok: [os1_keystone_container-4044b189] => (item=http://10.103.183.177:37359)
ok: [os1_keystone_container-4044b189] => (item=http://10.103.183.177:37358)

TASK [os_keystone : Bootstrap keystone admin and endpoint] ****************************************************************************
Thursday 29 November 2018  23:07:36 +0200 (0:00:00.709)       0:01:34.354 *****
ok: [os1_keystone_container-4044b189]

TASK [os_keystone : Ensure service tenant] ********************************************************************************************
Friday 30 November 2018  00:49:38 +0200 (0:00:04.935)       0:01:39.562 *******
FAILED - RETRYING: Ensure service tenant (5 retries left).
FAILED - RETRYING: Ensure service tenant (4 retries left).
FAILED - RETRYING: Ensure service tenant (3 retries left).
FAILED - RETRYING: Ensure service tenant (2 retries left).
FAILED - RETRYING: Ensure service tenant (1 retries left).
fatal: [os1_keystone_container-4044b189]: FAILED! => {"attempts": 5, "changed": false, "failed": true, "module_stderr": "mesg: ttyname failed: Inappropriate ioctl for device\nTraceback (most recent call last):\n  File \"/tmp/ansible_KDRGQr/ansible_module_keystone.py\", line 1469, in <module>\n    main()\n  File \"/tmp/ansible_KDRGQr/ansible_module_keystone.py\", line 1463, in main\n    km.command_router()\n  File \"/tmp/ansible_KDRGQr/ansible_module_keystone.py\", line 487, in command_router\n    facts = action(variables=action_command['variables'])\n  File \"/tmp/ansible_KDRGQr/ansible_module_keystone.py\", line 677, in ensure_tenant\n    return self.ensure_project(variables)\n  File \"/tmp/ansible_KDRGQr/ansible_module_keystone.py\", line 695, in ensure_project\n    domain = self._get_domain_from_vars(variables_dict)\n  File \"/tmp/ansible_KDRGQr/ansible_module_keystone.py\", line 625, in _get_domain_from_vars\n    return self._get_domain(name=domain_name)\n  File \"/tmp/ansible_KDRGQr/ansible_module_keystone.py\", line 632, in _get_domain\n    for entry in self.keystone.domains.list():\n  File \"/usr/local/lib/python2.7/dist-packages/keystoneclient/v3/domains.py\", line 87, in list\n    return super(DomainManager, self).list(**kwargs)\n  File \"/usr/local/lib/python2.7/dist-packages/keystoneclient/base.py\", line 75, in func\n    return f(*args, **new_kwargs)\n  File \"/usr/local/lib/python2.7/dist-packages/keystoneclient/base.py\", line 397, in list\n    self.collection_key)\n  File \"/usr/local/lib/python2.7/dist-packages/keystoneclient/base.py\", line 125, in _list\n    resp, body = self.client.get(url, **kwargs)\n  File \"/usr/local/lib/python2.7/dist-packages/keystoneauth1/adapter.py\", line 304, in get\n    return self.request(url, 'GET', **kwargs)\n  File \"/usr/local/lib/python2.7/dist-packages/keystoneauth1/adapter.py\", line 463, in request\n    resp = super(LegacyJsonAdapter, self).request(*args, **kwargs)\n  File \"/usr/local/lib/python2.7/dist-packages/keystoneauth1/adapter.py\", line 189, in request\n    return self.session.request(url, method, **kwargs)\n  File \"/usr/local/lib/python2.7/dist-packages/keystoneauth1/session.py\", line 737, in request\n    raise exceptions.from_response(resp, method, url)\nkeystoneauth1.exceptions.http.Forbidden: You are not authorized to perform the requested action: identity:list_domains. (HTTP 403) (Request-ID: req-cdbc5c6d-2bd6-49e0-89f5-f17852f6cca2)\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 1}

NO MORE HOSTS LEFT ********************************************************************************************************************

PLAY RECAP ****************************************************************************************************************************
os1_keystone_container-4044b189 : ok=61   changed=9    unreachable=0    failed=1
	## NOTE: We deploy OpenStack Queens with openstack-ansible
	## 1. Make the following change to `user_variables` file

	keystone_policy_overrides:
	admin_required: "role:admin"
	- cloud_admin: "role:admin and (is_admin_project:True or domain_id:default)"
	+ cloud_admin: "role:admin and domain_id:default"


	## 2. Run the Keystone playbook

	$ sudo openstack-ansible /opt/openstack-ansible/playbooks/os-keystone-install.yml --tags "keystone-config"


	## 3. Removed `no_log` from role to get more verbose output
	## EDIT: Apparently gists don't wrap.
	## Error message: keystoneauth1.exceptions.http.Forbidden: You are not authorized to perform the requested action: identity:list_domains.

	TASK [os_keystone : Wait for services to be up] ***************************************************************************************
	Thursday 29 November 2018 23:07:35 +0200 (0:00:00.024) 0:01:33.645 *****
	ok: [os1_keystone_container-4044b189] => (item=http://10.103.183.177:37359)
	ok: [os1_keystone_container-4044b189] => (item=http://10.103.183.177:37358)

	TASK [os_keystone : Bootstrap keystone admin and endpoint] ****************************************************************************
	Thursday 29 November 2018 23:07:36 +0200 (0:00:00.709) 0:01:34.354 *****
	ok: [os1_keystone_container-4044b189]

	TASK [os_keystone : Ensure service tenant] ********************************************************************************************
	Friday 30 November 2018 00:49:38 +0200 (0:00:04.935) 0:01:39.562 *******
	FAILED - RETRYING: Ensure service tenant (5 retries left).
	FAILED - RETRYING: Ensure service tenant (4 retries left).
	FAILED - RETRYING: Ensure service tenant (3 retries left).
	FAILED - RETRYING: Ensure service tenant (2 retries left).
	FAILED - RETRYING: Ensure service tenant (1 retries left).
	fatal: [os1_keystone_container-4044b189]: FAILED! => {"attempts": 5, "changed": false, "failed": true, "module_stderr": "mesg: ttyname failed: Inappropriate ioctl for device\nTraceback (most recent call last):\n File \"/tmp/ansible_KDRGQr/ansible_module_keystone.py\", line 1469, in <module>\n main()\n File \"/tmp/ansible_KDRGQr/ansible_module_keystone.py\", line 1463, in main\n km.command_router()\n File \"/tmp/ansible_KDRGQr/ansible_module_keystone.py\", line 487, in command_router\n facts = action(variables=action_command['variables'])\n File \"/tmp/ansible_KDRGQr/ansible_module_keystone.py\", line 677, in ensure_tenant\n return self.ensure_project(variables)\n File \"/tmp/ansible_KDRGQr/ansible_module_keystone.py\", line 695, in ensure_project\n domain = self._get_domain_from_vars(variables_dict)\n File \"/tmp/ansible_KDRGQr/ansible_module_keystone.py\", line 625, in _get_domain_from_vars\n return self._get_domain(name=domain_name)\n File \"/tmp/ansible_KDRGQr/ansible_module_keystone.py\", line 632, in _get_domain\n for entry in self.keystone.domains.list():\n File \"/usr/local/lib/python2.7/dist-packages/keystoneclient/v3/domains.py\", line 87, in list\n return super(DomainManager, self).list(*kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/keystoneclient/base.py\", line 75, in func\n return f(args, new_kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/keystoneclient/base.py\", line 397, in list\n self.collection_key)\n File \"/usr/local/lib/python2.7/dist-packages/keystoneclient/base.py\", line 125, in _list\n resp, body = self.client.get(url, kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/keystoneauth1/adapter.py\", line 304, in get\n return self.request(url, 'GET', *kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/keystoneauth1/adapter.py\", line 463, in request\n resp = super(LegacyJsonAdapter, self).request(args, kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/keystoneauth1/adapter.py\", line 189, in request\n return self.session.request(url, method, kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/keystoneauth1/session.py\", line 737, in request\n raise exceptions.from_response(resp, method, url)\nkeystoneauth1.exceptions.http.Forbidden: You are not authorized to perform the requested action: identity:list_domains. (HTTP 403) (Request-ID: req-cdbc5c6d-2bd6-49e0-89f5-f17852f6cca2)\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 1}

	NO MORE HOSTS LEFT ********************************************************************************************************************

	PLAY RECAP ****************************************************************************************************************************
	os1_keystone_container-4044b189 : ok=61 changed=9 unreachable=0 failed=1