Hey,

You mention that you're not using any external authentication like IPA. But you have novajoin enabled:
enable_novajoin = true

Set that to false and re-run the undercloud install. Novajoin is used for TLS-Everywhere and requires that you have a IPA server setup and some prerequisites before running the undercloud install:
https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/features/tls-everywhere.html#tls-everywhere-with-novajoin

So if that isn't your intention, you will want to disable it.

Brendan Shephard

Software Engineer

Red Hat APAC

193 N Quay

Brisbane City QLD 4000



On Fri, Aug 6, 2021 at 12:38 AM wodel youchi <wodel.youchi@gmail.com> wrote:
Hi,
I am trying to install the undercloud using the Train version on CentOS 8 Stream.
I am using container-tools 3.0

I have installed : 
yum install  -y python3-tripleoclient ceph-ansible

And I am not using any external authentication (no IPA)
I am getting this error message upon deployment

2021-08-05 15:03:01.753102 | 525400e8-92c8-feee-3618-0000000005f1 |      FATAL | Request kerberos keytab | udtrain | error={"changed": true, "cmd": "/usr/bin/kinit -kt /etc/krb5.keytab && ipa-getkeytab -s $(grep xmlrpc_uri /etc/ipa/default.conf  | cut -d/ -f3) -p nova/udtrain.example.com -k /etc/novajoin/krb5.keytab", "delta": "0:00:00.060011", "end": "2021-08-05 15:03:01.737378", "msg": "non-zero return code", "rc": 1, "start": "2021-08-05 15:03:01.677367", "stderr": "kinit: Cannot determine realm for host (principal host/udtrain.example.com@)", "stderr_lines": ["kinit: Cannot determine realm for host (principal host/udtrain.example.com@)"], "stdout": "", "stdout_lines": []}

This is my undercloud.conf file :
[DEFAULT]
clean_nodes = true
container_cli = podman
container_images_file = /home/stack/containers-prepare-parameter.yaml
custom_env_files = /home/stack/templates/custom-undercloud-params.yaml
deployment_user = stack
enable_novajoin = true
inspection_interface = br-ctlplane
ipxe_enabled = true
local_interface = enp2s0
local_ip = 10.200.4.1/24
local_subnet = ctlplane-subnet
overcloud_domain_name = example.com
subnets = ctlplane-subnet
undercloud_admin_host = 10.200.4.3
undercloud_hostname = udtrain.example.com
undercloud_nameservers = 172.16.0.252,9.9.9.9,8.8.8.8
undercloud_ntp_servers = 172.16.0.252,0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org
undercloud_public_host = 10.200.4.2
[ctlplane-subnet]
cidr = 10.200.4.0/24
dhcp_end = 10.200.4.24
dhcp_start = 10.200.4.5
gateway = 10.200.4.1
inspection_iprange = 10.200.4.100,10.200.4.120
masquerade = true

any idea?

Regards.

Virus-free. www.avast.com
_______________________________________________
users mailing list
users@lists.rdoproject.org
http://lists.rdoproject.org/mailman/listinfo/users

To unsubscribe: users-unsubscribe@lists.rdoproject.org