The admin_token value from keystone.conf is not a real token; it exists as a string in memory and has no context, user or actual roles associated with it (hence it does not appear in your token table).<div><br></div><div>As for your actual issue, I don't see anything obviously wrong with what's below. Is logging enabled & working, otherwise? Have you tried "verbose = True" and "debug = True"? Have you tried running that command from the compute node itself, rather than over the internet IP? What happens when you curl / GET / whatever http://<internet_ip of the controller node>:35357/v2.0 and/or <a href="http://127.0.0.1:35357/v2.0">http://127.0.0.1:35357/v2.0</a> ?</div>
<div><br></div><div>-Dolph<br><br><div class="gmail_quote">On Fri, Aug 17, 2012 at 3:26 PM, Xin Zhao <span dir="ltr"><<a href="mailto:xzhao@bnl.gov" target="_blank">xzhao@bnl.gov</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello,<br>
<br>
I newly install keystone on the RHEL6 machine, but it is not working. The following command fails:<br>
<br>
$ keystone --token <admin_token string from keystone.conf> --endpoint http://<internet_ip of the controller node>:35357/v2.0 tenant-create --name openstackDemo --description "Default Tenant" --enabled true<br>
<br>
Unable to communicate with identity service: (403, 'Forbidden'). (HTTP 400)<br>
<br>
There is no relevant log in the keystone.log file.<br>
<br>
Here is the instruction I follow:<br>
<a href="http://docs.openstack.org/essex/openstack-compute/install/yum/content/setting-up-tenants-users-and-roles.html" target="_blank">http://docs.openstack.org/<u></u>essex/openstack-compute/<u></u>install/yum/content/setting-<u></u>up-tenants-users-and-roles.<u></u>html</a><br>
<br>
This is done on the controller node itself. I can telnet to <internet_ip of the controller node>:35357. I can also<br>
log into mysql DB as keystone user, although there is no <admin_token> entry in any of the keystone tables.<br>
<br>
Any idea what is going wrong here?<br>
<br>
Thanks,<br>
Xin<br>
<br>
<br>_______________________________________________<br>
Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
Post to : <a href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>
<br></blockquote></div><br></div>