[Openstack] keystone: change from fernet tokens to uuid

Eugen Block eblock at nde.ag
Fri May 20 10:42:33 UTC 2016 

Hi,

I had a similar issue, in Liberty I used uuid tokens, then I upgraded  
to Mitaka and also switched to fernet tokens. Because of some kind of  
inconsistency I wanted to switch back to uuid.
Do you have an admin_token set in your keystone.conf?

I compared my current conf file to the liberty conf and I can't see  
another difference except admin_token and token_provider.

I followed [1] to get keystone to work with uuid tokens in Liberty. If  
I understand correctly, you'll have to populate the keystone database  
"su -s /bin/sh -c "keystone-manage db_sync" keystone" and enable the  
required services.
In my case, I managed to switch back to uuid, but in the meantime I'm  
back to fernet tokens.

Hope this helps!

[1]  
http://docs.openstack.org/liberty/install-guide-obs/keystone-install.html#install-and-configure-components

Regards,
Eugen

Zitat von magicboiz at hotmail.com:

> Hi
>
> I've deployed FUEL 8.0 (liberty) on my lab and noticed that FUEL  
> works with fernet tokens. Because I have an old app which only works  
> with UUID, I have changed /etc/keyston/keyston.conf
>
> from:
>
> [token]
>         provider = keystone.token.providers.fernet.Provider
>
>
> to:
>
> [token]
>         provider = keystone.token.providers.uuid.Provider
>
>
> But now, I'm facing a strange behavior:
>
> as admin user, executing a simple "keystone user-list" doesn't work  
> and shows this error:
> /.................
> RESP BODY: {"error": {"message": "Non-default domain is not  
> supported (Disable debug mode to suppress these details.)", "code":  
> 401, "title": "Unauthorized"}}
> //.................//
>
> /Executing "openstack user list" also gets the same error:
> /Non-default domain is not supported (Disable debug mode to suppress  
> these details.) (HTTP 401) (Request-ID:  
> req-8285b64d-353a-4188-949f-679bbfaa1114)/
>
> Also from Horizon dashboard, I cannot retrieve the user list.....
>
>
> But the funny/strange thing is that executing the same command  
> through V3 indentity admin interface (/export  
> OS_IDENTITY_API_VERSION=3/) it works:
>
> /root at node-1:~# openstack user list
> +----------------------------------+-------------------+
> | ID                               | Name              |
> +----------------------------------+-------------------+
> | 06c80b0440034f49a674bd0ef56385e1 | heat_admin        |
> | 1b5ae288f1494efd91aa67cadd290939 | sahara            |
> | 2c71b7342bfe421abdb1af34a05988ac | heat-cfn          |
> | 4722750675d6416082be67a7cf9b03c3 | murano            |
> | 6b020f2c8328430b9bc71400e8a8b661 | cinder            |
> | 958dd93f02614f38b4575c05833b0884 | heat              |
> | 97c015a3d9b2432090992027fdb16e44 | ceilometer        |
> | 9fb385d757324bc0a62b502f4c3ae67c | swift             |
> | cc1395223fd74ea2aa59242fccb279de | admin             |
> | dc325906c9b6446a801a9d4914472b51 | neutron           |
> | df265ea710294923991a5d10006dd9cb | nova              |
> | ebcf0d3439c143d098d95212fa587b6a | glance            |
> | fc804ae3614349ea80f844bc7f102a59 | fuel_stats_user   |
> +----------------------------------+-------------------+
> /
>
> Anyone could help me?
>
> thanks in advance.
> J



-- 
Eugen Block                             voice   : +49-40-559 51 75
NDE Netzdesign und -entwicklung AG      fax     : +49-40-559 51 77
Postfach 61 03 15
D-22423 Hamburg                         e-mail  : eblock at nde.ag

         Vorsitzende des Aufsichtsrates: Angelika Mozdzen
           Sitz und Registergericht: Hamburg, HRB 90934
                   Vorstand: Jens-U. Mozdzen
                    USt-IdNr. DE 814 013 983

More information about the Openstack mailing list