<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Thanks all for the suggestions, it
helped to trace to the real problem: our own proxy server is
misconfigured, nothing to do with openstack. <br>
After fixing proxy server, it works. <br>
<br>
Thanks,<br>
Xin<br>
<br>
On 8/17/2012 6:28 PM, Adam Young wrote:<br>
</div>
<blockquote cite="mid:502EC5A6.6010309@redhat.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">
<pre class="screen">OK, SERVICE_TOKEN is the same as --token
You can follow the steps here:
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://access.redhat.com/knowledge/docs/en-US/Red_Hat_OpenStack_Preview/">https://access.redhat.com/knowledge/docs/en-US/Red_Hat_OpenStack_Preview/</a>
Specifically:
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://access.redhat.com/knowledge/docs/en-US/Red_Hat_OpenStack_Preview/1/html/Getting_Started_Guide/ch02.html#id3165390">https://access.redhat.com/knowledge/docs/en-US/Red_Hat_OpenStack_Preview/1/html/Getting_Started_Guide/ch02.html#id3165390</a>
<code class="prompt"></code> <strong class="userinput"><code>export SERVICE_TOKEN=$(openssl rand -hex 10)</code></strong>
<code class="prompt"></code> <strong class="userinput"><code>export SERVICE_ENDPOINT=<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://127.0.0.1:35357/v2.0">http://127.0.0.1:35357/v2.0</a></code></strong>
<code class="prompt"></code> <strong class="userinput"><code>echo $SERVICE_TOKEN > /tmp/ks_admin_token</code></strong>
<code class="prompt"></code> <strong class="userinput"><code>sudo openstack-config --set /etc/keystone/keystone.conf \</code></strong>
<strong class="userinput"><code>DEFAULT admin_token $SERVICE_TOKEN</code></strong></pre>
<br>
<br>
and that should be the admin_token value that you have.<br>
<br>
If nothing is in the log, it probably means you have not
actually hit the right server.<br>
<br>
<br>
<br>
On 08/17/2012 05:47 PM, Dolph Mathews wrote:<br>
</div>
<blockquote
cite="mid:CACgyLQbyJe1CK2gi6+j3dme3Ls3hpSGJCFsL6s8OfwgWr7RDbg@mail.gmail.com"
type="cite">The admin_token value from keystone.conf is not a
real token; it exists as a string in memory and has no context,
user or actual roles associated with it (hence it does not
appear in your token table).
<div><br>
</div>
<div>As for your actual issue, I don't see anything obviously
wrong with what's below. Is logging enabled & working,
otherwise? Have you tried "verbose = True" and "debug = True"?
Have you tried running that command from the compute node
itself, rather than over the internet IP? What happens when
you curl / GET / whatever <a moz-do-not-send="true"
class="moz-txt-link-freetext" href="http://">http://</a><internet_ip
of the controller node>:35357/v2.0 and/or <a
moz-do-not-send="true" href="http://127.0.0.1:35357/v2.0">http://127.0.0.1:35357/v2.0</a>
?</div>
<div><br>
</div>
<div>-Dolph<br>
<br>
<div class="gmail_quote">On Fri, Aug 17, 2012 at 3:26 PM, Xin
Zhao <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:xzhao@bnl.gov" target="_blank">xzhao@bnl.gov</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex"> Hello,<br>
<br>
I newly install keystone on the RHEL6 machine, but it is
not working. The following command fails:<br>
<br>
$ keystone --token <admin_token string from
keystone.conf> --endpoint <a moz-do-not-send="true"
class="moz-txt-link-freetext" href="http://">http://</a><internet_ip
of the controller node>:35357/v2.0 tenant-create --name
openstackDemo --description "Default Tenant" --enabled
true<br>
<br>
Unable to communicate with identity service: (403,
'Forbidden'). (HTTP 400)<br>
<br>
There is no relevant log in the keystone.log file.<br>
<br>
Here is the instruction I follow:<br>
<a moz-do-not-send="true"
href="http://docs.openstack.org/essex/openstack-compute/install/yum/content/setting-up-tenants-users-and-roles.html"
target="_blank">http://docs.openstack.org/essex/openstack-compute/install/yum/content/setting-up-tenants-users-and-roles.html</a><br>
<br>
This is done on the controller node itself. I can telnet
to <internet_ip of the controller node>:35357. I can
also<br>
log into mysql DB as keystone user, although there is no
<admin_token> entry in any of the keystone tables.<br>
<br>
Any idea what is going wrong here?<br>
<br>
Thanks,<br>
Xin<br>
<br>
<br>
_______________________________________________<br>
Mailing list: <a moz-do-not-send="true"
href="https://launchpad.net/%7Eopenstack"
target="_blank">https://launchpad.net/~openstack</a><br>
Post to : <a moz-do-not-send="true"
href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a moz-do-not-send="true"
href="https://launchpad.net/%7Eopenstack"
target="_blank">https://launchpad.net/~openstack</a><br>
More help : <a moz-do-not-send="true"
href="https://help.launchpad.net/ListHelp"
target="_blank">https://help.launchpad.net/ListHelp</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Mailing list: <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://launchpad.net/%7Eopenstack">https://launchpad.net/~openstack</a>
Post to : <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a>
Unsubscribe : <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://launchpad.net/%7Eopenstack">https://launchpad.net/~openstack</a>
More help : <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://help.launchpad.net/ListHelp">https://help.launchpad.net/ListHelp</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Mailing list: <a class="moz-txt-link-freetext" href="https://launchpad.net/~openstack">https://launchpad.net/~openstack</a>
Post to : <a class="moz-txt-link-abbreviated" href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a>
Unsubscribe : <a class="moz-txt-link-freetext" href="https://launchpad.net/~openstack">https://launchpad.net/~openstack</a>
More help : <a class="moz-txt-link-freetext" href="https://help.launchpad.net/ListHelp">https://help.launchpad.net/ListHelp</a>
</pre>
</blockquote>
<br>
</body>
</html>