New Question
0

Heat template pem certificate not found in metaservice user_data

asked 2017-10-26 09:54:25 +0200

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

Hello

I have a heat hot script with template version 2013-05-23. I am trying to deploy a Windows Server 2016 (With desktop Experience) image to Openstack (Kilo) using heat scripting. In my heat script I have defined our self-signed certificate that is to be installed in the windows machine. However, I cannot find the certificate from the url 169.254.169.254/openstack/latest/user_data. There seems to be some old image data in there. I cannot get any errors from creating the stack. Where can I get some more information what is happening and why the metadata service is not updated with my userdata?

here is a snippet from my heat hot template:

frontendinstance:
  type: OS::Nova::Server
  depends
on: [ extport, lanport ]
  properties:
   userdataformat: RAW
   user_data: |
   -----BEGIN CERTIFICATE-----
   cert data....
   -----END CERTIFICATE-----

edit retag flag offensive close merge delete

1 answer

Sort by » oldest newest most voted
0

answered 2017-10-30 18:16:02 +0200

avladu gravatar image

Hello,

Can you give more details on the cloudbase-init version used and, if possible, can you post the cloudbase-init logs on a pastebin?

Thank you,
Adrian Vladu

edit flag offensive delete link more

Comments

0.9.11 is the cloudbase-init version. Here is a pastebin link showing the output. https://pastebin.com/9W0VvXep/

ChristianM gravatar imageChristianM ( 2017-10-31 09:48:26 +0200 )edit

The cloudbase-init run is very erratic as it cannot find the metadata correctly. Make sure the networking setup in your OpenStack is correctly configured or use a config drive (--config_drive true when nova boot). The cloudbase-init execution does not get to the userdata part.

avladu gravatar imageavladu ( 2017-11-01 13:57:13 +0200 )edit

I tried to use a config_drive and it seems to work a bit better, but I cannot really use that since i need to be able to get a password from the instance later on with the command "nova get-password $instance_id ~/.ssh/${key_pair_name}.pem" I can access 169.254.169.254 from the instance.

ChristianM gravatar imageChristianM ( 2017-11-07 09:30:35 +0200 )edit

The network connections seem fine to me, Is there some other way I can debug why the metadata is not set correctly?

ChristianM gravatar imageChristianM ( 2017-11-07 10:13:50 +0200 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2017-10-26 09:54:25 +0200

Seen: 629 times

Last updated: Oct 30 '17