<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Thanks all for the suggestions, it
      helped to trace to the real problem: our own proxy server is
      misconfigured, nothing to do with openstack. <br>
      After fixing proxy server, it works. <br>
      <br>
      Thanks,<br>
      Xin<br>
      <br>
      On 8/17/2012 6:28 PM, Adam Young wrote:<br>
    </div>
    <blockquote cite="mid:502EC5A6.6010309@redhat.com" type="cite">
      <meta content="text/html; charset=ISO-8859-1"
        http-equiv="Content-Type">
      <div class="moz-cite-prefix">
        <pre class="screen">OK, SERVICE_TOKEN is the same as --token


You can follow the steps here:

<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://access.redhat.com/knowledge/docs/en-US/Red_Hat_OpenStack_Preview/">https://access.redhat.com/knowledge/docs/en-US/Red_Hat_OpenStack_Preview/</a>


Specifically:
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://access.redhat.com/knowledge/docs/en-US/Red_Hat_OpenStack_Preview/1/html/Getting_Started_Guide/ch02.html#id3165390">https://access.redhat.com/knowledge/docs/en-US/Red_Hat_OpenStack_Preview/1/html/Getting_Started_Guide/ch02.html#id3165390</a>
<code class="prompt"></code> <strong class="userinput"><code>export SERVICE_TOKEN=$(openssl rand -hex 10)</code></strong>
<code class="prompt"></code> <strong class="userinput"><code>export SERVICE_ENDPOINT=<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://127.0.0.1:35357/v2.0">http://127.0.0.1:35357/v2.0</a></code></strong>
<code class="prompt"></code> <strong class="userinput"><code>echo $SERVICE_TOKEN > /tmp/ks_admin_token</code></strong>
<code class="prompt"></code> <strong class="userinput"><code>sudo openstack-config --set /etc/keystone/keystone.conf \</code></strong>
  <strong class="userinput"><code>DEFAULT admin_token $SERVICE_TOKEN</code></strong></pre>
        <br>
        <br>
        and that should be the admin_token value that you have.<br>
        <br>
        If nothing is in the log, it probably means you have not
        actually hit the right server.<br>
        <br>
        <br>
        <br>
        On 08/17/2012 05:47 PM, Dolph Mathews wrote:<br>
      </div>
      <blockquote
cite="mid:CACgyLQbyJe1CK2gi6+j3dme3Ls3hpSGJCFsL6s8OfwgWr7RDbg@mail.gmail.com"
        type="cite">The admin_token value from keystone.conf is not a
        real token; it exists as a string in memory and has no context,
        user or actual roles associated with it (hence it does not
        appear in your token table).
        <div><br>
        </div>
        <div>As for your actual issue, I don't see anything obviously
          wrong with what's below. Is logging enabled & working,
          otherwise? Have you tried "verbose = True" and "debug = True"?
          Have you tried running that command from the compute node
          itself, rather than over the internet IP? What happens when
          you curl / GET / whatever <a moz-do-not-send="true"
            class="moz-txt-link-freetext" href="http://">http://</a><internet_ip
          of the controller node>:35357/v2.0 and/or <a
            moz-do-not-send="true" href="http://127.0.0.1:35357/v2.0">http://127.0.0.1:35357/v2.0</a>
          ?</div>
        <div><br>
        </div>
        <div>-Dolph<br>
          <br>
          <div class="gmail_quote">On Fri, Aug 17, 2012 at 3:26 PM, Xin
            Zhao <span dir="ltr"><<a moz-do-not-send="true"
                href="mailto:xzhao@bnl.gov" target="_blank">xzhao@bnl.gov</a>></span>
            wrote:<br>
            <blockquote class="gmail_quote" style="margin:0 0 0
              .8ex;border-left:1px #ccc solid;padding-left:1ex"> Hello,<br>
              <br>
              I newly install keystone on the RHEL6 machine, but it is
              not working. The following command fails:<br>
              <br>
              $ keystone --token <admin_token string from
              keystone.conf> --endpoint <a moz-do-not-send="true"
                class="moz-txt-link-freetext" href="http://">http://</a><internet_ip
              of the controller node>:35357/v2.0 tenant-create --name
              openstackDemo --description "Default Tenant" --enabled
              true<br>
              <br>
              Unable to communicate with identity service: (403,
              'Forbidden'). (HTTP 400)<br>
              <br>
              There is no relevant log in the keystone.log file.<br>
              <br>
              Here is the instruction I follow:<br>
              <a moz-do-not-send="true"
href="http://docs.openstack.org/essex/openstack-compute/install/yum/content/setting-up-tenants-users-and-roles.html"
                target="_blank">http://docs.openstack.org/essex/openstack-compute/install/yum/content/setting-up-tenants-users-and-roles.html</a><br>
              <br>
              This is done on the controller node itself. I can telnet
              to <internet_ip of the controller node>:35357. I can
              also<br>
              log into mysql DB as keystone user, although there is no
              <admin_token> entry in any of the keystone tables.<br>
              <br>
              Any idea what is going wrong here?<br>
              <br>
              Thanks,<br>
              Xin<br>
              <br>
              <br>
              _______________________________________________<br>
              Mailing list: <a moz-do-not-send="true"
                href="https://launchpad.net/%7Eopenstack"
                target="_blank">https://launchpad.net/~openstack</a><br>
              Post to     : <a moz-do-not-send="true"
                href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><br>
              Unsubscribe : <a moz-do-not-send="true"
                href="https://launchpad.net/%7Eopenstack"
                target="_blank">https://launchpad.net/~openstack</a><br>
              More help   : <a moz-do-not-send="true"
                href="https://help.launchpad.net/ListHelp"
                target="_blank">https://help.launchpad.net/ListHelp</a><br>
              <br>
            </blockquote>
          </div>
          <br>
        </div>
        <br>
        <fieldset class="mimeAttachmentHeader"></fieldset>
        <br>
        <pre wrap="">_______________________________________________
Mailing list: <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://launchpad.net/%7Eopenstack">https://launchpad.net/~openstack</a>
Post to     : <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a>
Unsubscribe : <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://launchpad.net/%7Eopenstack">https://launchpad.net/~openstack</a>
More help   : <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://help.launchpad.net/ListHelp">https://help.launchpad.net/ListHelp</a>
</pre>
      </blockquote>
      <br>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Mailing list: <a class="moz-txt-link-freetext" href="https://launchpad.net/~openstack">https://launchpad.net/~openstack</a>
Post to     : <a class="moz-txt-link-abbreviated" href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a>
Unsubscribe : <a class="moz-txt-link-freetext" href="https://launchpad.net/~openstack">https://launchpad.net/~openstack</a>
More help   : <a class="moz-txt-link-freetext" href="https://help.launchpad.net/ListHelp">https://help.launchpad.net/ListHelp</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>