kops: Error building OpenStack authenticated client: Authentication failed

1. What kops version are you running? The command kops version, will display this information. 1.16.0-alpha.1 (git-ea779042c). I was also able to reproduce with 1.14.1 (git-b7c25f9a9)

2. What Kubernetes version are you running? kubectl version will print the version if a cluster is running or provide the Kubernetes version specified as a kops flag. n/a (creating a new cluster, no version specified)

3. What cloud provider are you using? OpenStack (Pike)

4. What commands did you run? What is the simplest way to reproduce this issue?

source openstack.rc
export OS_USER_DOMAIN_NAME="Default"
export KOPS_STATE_STORE=swift://sid-moc-kops
kops create cluster \
  --cloud openstack \
  --name sid-moc.n-x.win \
  --state ${KOPS_STATE_STORE} \
  --zones nova \
  --network-cidr 10.0.0.0/24 \
  --image "Ubuntu 18 LTS" \
  --master-count=1 \
  --node-count=2 \
  --node-size m1.small \
  --master-size m1.large \
  --etcd-storage-type default \
  --api-loadbalancer-type public \
  --topology private \
  --bastion \
  --ssh-public-key ~/.ssh/id_rsa.pub \
  --networking weave \
  --os-dns-servers=8.8.8.8,8.8.4.4 \
  --os-ext-net "external"

5. What happened after the commands executed?

I1112 17:21:42.340212    8363 create_cluster.go:1568] Using SSH public key: /home/ubuntu/.ssh/id_rsa.pub

error building path for "swift://sid-moc-kops": error building openstack authenticated client: Authentication failed

6. What did you expect to happen? Successful creation of a cluster as explained in the OpenStack Getting Started guide.

7. Please provide your cluster manifest. Execute kops get --name my.example.com -o yaml to display your cluster manifest. You may want to remove your cluster name and other sensitive information. n/a (no cluster created)

8. Please run the commands with most verbose logging by adding the -v 10 flag. Paste the logs into this report, or in a gist and provide the gist link here.

I1112 17:21:46.646436    8480 create_cluster.go:1568] Using SSH public key: /home/ubuntu/.ssh/id_rsa.pub
I1112 17:21:46.648231    8480 factory.go:68] state store swift://sid-moc-kops
I1112 17:21:46.649790    8480 swiftfs.go:66] authenticating to keystone

error building path for "swift://sid-moc-kops": error building openstack authenticated client: Authentication failed

9. Anything else do we need to know? After running source openstack.rc and export OS_USER_DOMAIN_NAME="Default", I’m able to use the openstack CLI client without issue, so my environment should be set correctly. I’ve tried using both Identity API v2 and v3 openstack.rc files. One potential source of issues I’ve identified is that my OpenStack cluster’s Swift application is hosted on a different subdomain than the rest of the cluster (e.g. API for Image, Volume, Identity, etc. is on openstack.example.com, but Swift is on os-swift.example.com).

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Reactions: 1
  • Comments: 17 (7 by maintainers)

Most upvoted comments

I was looking at https://github.com/kubernetes/kops/blob/master/vendor/github.com/gophercloud/gophercloud/auth_options.go#L310. If I set the env variable OS_DOMAIN_NAME to the value from OS_USER_DOMAIN_NAME, (in my case, the value is default), it goes further along.

+2
vishalya on Jan 3, 2020

our openstack admins are going to install swift in this week I hope, so lets see can I reproduce this problem

+1
zetaab on Nov 20, 2019
Read more comments on GitHub
← kops: Error attaching EBS volume to instance IncorrectState Status code 400
kops: error during connection attempt in dns-controller →