Open Stack

Thanks all, specially Rahul,
I solved the problem temporarily by disabling selinux.

On 3 November 2015 at 07:43, 张家龙 <zhangjl at awcloud.com> wrote:

> Maybe, you should do like follows:
>
>     chown -R keystone:keystone /etc/keystone
>
> Then, restart the keystone service:
>
>     systemctl restart openstack-keystone
>
>
>
>
>
> ------------------
> Best Regards
>
> ZhangJialong
>
>
>
> ------------------ Original ------------------
> *From: * "Adam Young"<ayoung at redhat.com>;
> *Date: * Tue, Nov 3, 2015 11:01 AM
> *To: * "openstack"<openstack at lists.openstack.org>;
> *Subject: * Re: [Openstack] Keystone Fernet Token
>
> On 10/28/2015 02:23 PM, Reza Bakhshayeshi wrote:
>
> Hi all,
>
> I'm going to use fernet token on OpenStack Kilo (only Keystone service is
> installed),
> I've configured keystone.conf like:
>
> [token]
> provider = keystone.token.providers.fernet.Provider
>
> when I'm running:
> keystone-manage fernet_setup --keystone-user keystone --keystone-group
> keystone
>
> keys creating successfully in /etc/keystone/fernet-keys directory.
> But when I'm going to creating a token I receive the following error, here
> is the complete log:
>
> 2015-10-28 21:22:14.680 65218 INFO keystone.common.wsgi [-] GET /?
> 2015-10-28 23:50:25.343 9377 INFO keystone.token.providers.fernet.utils
> [-] [fernet_tokens] key_repository does not appear to exist; attempting to
> create it
> 2015-10-28 23:50:25.344 9377 INFO keystone.token.providers.fernet.utils
> [-] Created a new key: /etc/keystone/fernet-keys/0
> 2015-10-28 23:50:25.344 9377 INFO keystone.token.providers.fernet.utils
> [-] Starting key rotation with 1 key files: ['/etc/keystone/fernet-keys/0']
> 2015-10-28 23:50:25.344 9377 INFO keystone.token.providers.fernet.utils
> [-] Current primary key is: 0
> 2015-10-28 23:50:25.345 9377 INFO keystone.token.providers.fernet.utils
> [-] Next primary key will be: 1
> 2015-10-28 23:50:25.345 9377 INFO keystone.token.providers.fernet.utils
> [-] Promoted key 0 to be the primary: 1
> 2015-10-28 23:50:25.345 9377 INFO keystone.token.providers.fernet.utils
> [-] Created a new key: /etc/keystone/fernet-keys/0
> 2015-10-28 23:50:25.345 9377 INFO keystone.token.providers.fernet.utils
> [-] Excess keys to purge: []
> 2015-10-28 23:50:52.632 8059 INFO keystone.common.wsgi [-] POST /tokens?
> 2015-10-28 23:50:52.889 8059 ERROR keystone.token.providers.fernet.utils
> [-] Either [fernet_tokens] key_repository does not exist or Keystone does
> not have sufficient permission to access it: /etc/keystone/fernet-keys/
> 2015-10-28 23:50:52.890 8059 WARNING keystone.common.wsgi [-] No
> encryption keys found; run keystone-manage fernet_setup to bootstrap one.
>
> while the permissions seem to be correct:
>
> # ls -lah /etc/keystone/
> total 104K
> drwxr-x---.   3 root     keystone 4.0K Oct 28 23:50 .
> drwxr-xr-x. 143 root     root      12K Oct 28 12:56 ..
> -rw-r-----.   1 root     keystone 1.5K Jul 29 00:21
> default_catalog.templates
> drwx------.   2 keystone keystone 4.0K Oct 28 23:50 fernet-keys
> -rw-r-----.   1 root     keystone  57K Oct 28 23:48 keystone.conf
> -rw-r-----.   1 root     keystone 1.1K Jul 29 00:21 logging.conf
> -rw-r-----.   1 keystone keystone 8.6K Jul 29 00:21 policy.json
> -rw-r-----.   1 keystone keystone  665 Jul 29 00:21
> sso_callback_template.html
>
> What am I missing?
>
>
> No idea.  When I get into these situations, I use rpdb;
>
> http://adam.younglogic.com/2015/02/debugging-openstack-with-rpdb/
>
>
> Is there anything in /etc/keystone/fernet-keys ?
>
>
>
>
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151107/e5fa7c31/attachment.html>