Adding an OpenStack Infrastructure Provider

providers
gaprindashvili

#1

I installed OpenStack Pike with TripleO on CentOS and added the undercloud to MIQ as infrastructure provider with a non-SSL endpoint.
A very simple overcloud installation made with one controller and one compute node from undercloud. These hosts were discovered by MIQ. I added the RSA key of heat-admin to the infra provider endpoint according to point 9.

However, the Default Authentication of the overcloud nodes remains None and SmartState Analysis cannot discover the configuration of hosts. Validating the Default Endpoint of the host configuration is successful (showing heat-admin as Username and a Password (?) field). If I manually define a new password for heat-admin on the overcloud nodes, allow password authentication and set this password for Host Default Endpoint, the authentication succeeds and configuration discovered. But this should not be necessary as I provided the SSH private key already on provider level.

Also, there is a confusing statement in the documentation point 9b:

b. If you selected SSL in Endpoints > Default > Security Protocol earlier, use the Browse button to find and set a private key.

Does that mean that I can use key authentication only if I connect to undercloud via HTTPS? This does not make sense to me.

@Ladas?


#2

The host based auth should be separated from the provider auth. It should be enough to provide the private key, to get into the host.

@aufi can you check it out? It looks like a bug.


#3

Correct Ladas. Keypair is used during SmartState Analysis and it is not related to (Non-)SSL protocol for keystone. I opened docs issue - https://github.com/ManageIQ/guides/issues/323


#4

OK, I had two issues: SSA does not happen with key and the documentation is confusing. How about the first one?


#5

SSA on Infra is performed via SSH. Please check logs (evm.log) for attempts or failures during SSH connection to Undercloud/Infra nodes.