R3.0.3.x Juno/Kilo - Seeing n Openstack HA setup only root@nodej3:~# server-manager-client display cluster -d | grep vip "external_vip": "10.204.217.246", "internal_vip": "192.168.100.10" root@nodej3:~# server-manager-client display server --select id,cluster_id,ip_address,roles +---------+----------------+----------------+----------------------------------------------------------------------------+ | id | cluster_id | ip_address | roles | +---------+----------------+----------------+----------------------------------------------------------------------------+ | nodec28 | cluster5sanity | 10.204.217.13 | [u'compute'] | | nodeg37 | cluster5sanity | 10.204.217.77 | [u'compute'] | | nodec10 | cluster5sanity | 10.204.217.176 | [u'compute'] | | nodei17 | cluster5sanity | 10.204.217.129 | [u'config', u'control', u'collector', u'database', u'webui', u'openstack'] | | nodei19 | cluster5sanity | 10.204.217.131 | [u'config', u'control', u'collector', u'database', u'webui', u'openstack'] | | nodei20 | cluster5sanity | 10.204.217.132 | [u'config', u'control', u'collector', u'database', u'webui', u'openstack'] | +---------+----------------+----------------+----------------------------------------------------------------------------+ reimage is successful Provision also gets completed; But, 1) Keystone is pointing to one of the control node ip , and not the external vip root@nodei17:~# keystone endpoint-list | grep 5000 | 59f1b38c382f41c38839dc9ac776ade2 | RegionOne | http://10.204.217.131:5000/v2.0 | http://10.204.217.131:5000/v2.0 | http://10.204.217.131:35357/v2.0 | 5aabf599facc4532b8f444f0903a8da6 | | 8597d0eae7ff4787b12c9add818ea1e3 | RegionOne | http://10.204.217.131:5000/v2.0 | http://10.204.217.131:5000/v2.0 | http://10.204.217.131:35357/v2.0 | 5aabf599facc4532b8f444f0903a8da6 | VIP address in not available in keystone end-point list syslog during provision of openstack nodes (/Stage[openstack]/Openstack::Common::Nova/Notify[sriov = ]/message) defined 'message' as 'sriov = ' Feb 23 08:32:09 nodei19 puppet-agent[18038]: (/Stage[openstack]/Heat::Keystone::Auth/Keystone_role[heat_stack_user]) Could not evaluate: Execution of '/usr/bin/keystone --os-endpoint http://127.0.0.1:35358/v2.0/ role-list' returned 1: An unexpected error prevented the server from fulfilling your request: (OperationalError) (1130, "Host '192.168.100.15' is not allowed to connect to this MySQL server") None None (Disable debug mode to suppress these details.) (HTTP 500) Feb 23 08:32:10 nodei19 puppet-agent[18038]: (/Stage[openstack]/Heat::Keystone::Auth/Keystone_service[heat]) Could not evaluate: Execution of '/usr/bin/keystone --os-endpoint http://127.0.0.1:35358/v2.0/ service-list' returned 1: An unexpected error prevented the server from fulfilling your request: (OperationalError) (1130, "Host '192.168.100.15' is not allowed to connect to this MySQL server") None None (Disable debug mode to suppress these details.) (HTTP 500) 2) Seeing that heat stack creation failure happens with keystone v3 authentiocation failure Command executed to create heat stack : heat -v -d stack-create test -f /usr/lib/python2.7/dist-packages/contrail_heat/new_templates/virtual_network_with_subnet.yaml -e /usr/lib/python2.7/dist-packages/contrail_heat/new_envs/virtual_network_with_subnet.env Error Traceback (most recent call last):\n', u' File "/usr/lib/python2.7/dist-packages/oslo_messaging/rpc/dispatcher.py", line 142, in _dispatch_and_reply\n executor_callback))\n', u' File "/usr/lib/python2.7/dist-packages/oslo_messaging/rpc/dispatcher.py", line 186, in _dispatch\n executor_callback)\n', u' File "/usr/lib/python2.7/dist-packages/oslo_messaging/rpc/dispatcher.py", line 130, in _do_dispatch\n result = func(ctxt, **new_args)\n', u' File "/usr/lib/python2.7/dist-packages/osprofiler/profiler.py", line 105, in wrapper\n return f(*args, **kwargs)\n', u' File "/usr/lib/python2.7/dist-packages/heat/common/context.py", line 300, in wrapped\n return func(self, ctx, *args, **kwargs)\n', u' File "/usr/lib/python2.7/dist-packages/heat/engine/service.py", line 685, in create_stack\n stack.store()\n', u' File "/usr/lib/python2.7/dist-packages/osprofiler/profiler.py", line 105, in wrapper\n return f(*args, **kwargs)\n', u' File "/usr/lib/python2.7/dist-packages/heat/engine/stack.py", line 465, in store\n trust_ctx = keystone.create_trust_context()\n', u' File "/usr/lib/python2.7/dist-packages/heat/common/heat_keystoneclient.py", line 233, in create_trust_context\n trustee_user_id = self.admin_client.auth_ref.user_id\n', u' File "/usr/lib/python2.7/dist-packages/heat/common/heat_keystoneclient.py", line 122, in admin_client\n c.authenticate()\n', u' File "/usr/lib/python2.7/dist-packages/keystoneclient/utils.py", line 318, in inner\n return func(*args, **kwargs)\n', u' File "/usr/lib/python2.7/dist-packages/keystoneclient/httpclient.py", line 503, in authenticate\n resp = self.get_raw_token_from_identity_service(**kwargs)\n', u' File "/usr/lib/python2.7/dist-packages/keystoneclient/v3/client.py", line 281, in get_raw_token_from_identity_service\n _(\'Authorization failed: %s\') % e)\n', u"AuthorizationFailure: Authorization failed: String length exceeded.The length of string “ “ ' exceeded the limit of column id(CHAR(64)). (HTTP 400) (Request-ID: req-ec02a988-f0ce-4f33-a5b7-37a767cd2489) (HTTP 400)\n"]. root@nodei19:~#