Maybe, you should do like follows:<br><br> chown -R keystone:keystone /etc/keystone<br><br>Then, restart the keystone service:<br><br> systemctl restart openstack-keystone<br><br><div><sign signid="1"><div style="color:#909090;font-family:Arial Narrow;font-size:12px"><br><br><br><br>------------------</div><div style="font-size:14px;font-family:Verdana;color:#000;"><div>
<div>Best Regards</div>
<div> </div>
<div>ZhangJialong</div></div></div></sign></div><div><qzone></qzone></div><div> </div><div><includetail><div> </div><div> </div><div style="font:Verdana normal 14px;color:#000;"><div style="FONT-SIZE: 12px;FONT-FAMILY: Arial Narrow;padding:2px 0 2px 0;">------------------ Original ------------------</div><div style="FONT-SIZE: 12px;background:#efefef;padding:8px;"><div id="menu_sender"><b>From: </b> "Adam Young"<ayoung@redhat.com>;</div><div><b>Date: </b> Tue, Nov 3, 2015 11:01 AM</div><div><b>To: </b> "openstack"<openstack@lists.openstack.org>; <wbr></div><div></div><div><b>Subject: </b> Re: [Openstack] Keystone Fernet Token</div></div><div> </div>
<div class="moz-cite-prefix">On 10/28/2015 02:23 PM, Reza
Bakhshayeshi wrote:<br>
</div>
<blockquote cite="mid:CAMGoRG28iF9AuX7EFFSFPbJy6EiSCzq=Heia=tpgLbxp2C9L4A@mail.gmail.com" type="cite">
<div dir="ltr">
<div class="gmail_default" style="font-family:tahoma,sans-serif;color:rgb(0,0,102)">Hi
all,<br>
<br>
I'm going to use fernet token on OpenStack Kilo (only Keystone
service is installed),<br>
I've configured keystone.conf like:<br>
<br>
[token]<br>
provider = keystone.token.providers.fernet.Provider<br>
<br>
when I'm running:<br>
keystone-manage fernet_setup --keystone-user keystone
--keystone-group keystone<br>
<br>
keys creating successfully in /etc/keystone/fernet-keys
directory.<br>
But when I'm going to creating a token I receive the following
error, here is the complete log:<br>
<br>
2015-10-28 21:22:14.680 65218 INFO keystone.common.wsgi [-]
GET /?<br>
2015-10-28 23:50:25.343 9377 INFO
keystone.token.providers.fernet.utils [-] [fernet_tokens]
key_repository does not appear to exist; attempting to create
it<br>
2015-10-28 23:50:25.344 9377 INFO
keystone.token.providers.fernet.utils [-] Created a new key:
/etc/keystone/fernet-keys/0<br>
2015-10-28 23:50:25.344 9377 INFO
keystone.token.providers.fernet.utils [-] Starting key
rotation with 1 key files: ['/etc/keystone/fernet-keys/0']<br>
2015-10-28 23:50:25.344 9377 INFO
keystone.token.providers.fernet.utils [-] Current primary key
is: 0<br>
2015-10-28 23:50:25.345 9377 INFO
keystone.token.providers.fernet.utils [-] Next primary key
will be: 1<br>
2015-10-28 23:50:25.345 9377 INFO
keystone.token.providers.fernet.utils [-] Promoted key 0 to be
the primary: 1<br>
2015-10-28 23:50:25.345 9377 INFO
keystone.token.providers.fernet.utils [-] Created a new key:
/etc/keystone/fernet-keys/0<br>
2015-10-28 23:50:25.345 9377 INFO
keystone.token.providers.fernet.utils [-] Excess keys to
purge: []<br>
2015-10-28 23:50:52.632 8059 INFO keystone.common.wsgi [-]
POST /tokens?<br>
2015-10-28 23:50:52.889 8059 ERROR
keystone.token.providers.fernet.utils [-] Either
[fernet_tokens] key_repository does not exist or Keystone does
not have sufficient permission to access it:
/etc/keystone/fernet-keys/<br>
2015-10-28 23:50:52.890 8059 WARNING keystone.common.wsgi [-]
No encryption keys found; run keystone-manage fernet_setup to
bootstrap one.<br>
<br>
while the permissions seem to be correct:<br>
<br>
# ls -lah /etc/keystone/<br>
total 104K<br>
drwxr-x---. 3 root keystone 4.0K Oct 28 23:50 .<br>
drwxr-xr-x. 143 root root 12K Oct 28 12:56 ..<br>
-rw-r-----. 1 root keystone 1.5K Jul 29 00:21
default_catalog.templates<br>
drwx------. 2 keystone keystone 4.0K Oct 28 23:50
fernet-keys<br>
-rw-r-----. 1 root keystone 57K Oct 28 23:48
keystone.conf<br>
-rw-r-----. 1 root keystone 1.1K Jul 29 00:21
logging.conf<br>
-rw-r-----. 1 keystone keystone 8.6K Jul 29 00:21
policy.json<br>
-rw-r-----. 1 keystone keystone 665 Jul 29 00:21
sso_callback_template.html<br>
<br>
What am I missing?<br>
</div>
</div>
</blockquote>
<br>
No idea. When I get into these situations, I use rpdb;<br>
<br>
<a class="moz-txt-link-freetext" href="http://adam.younglogic.com/2015/02/debugging-openstack-with-rpdb/">http://adam.younglogic.com/2015/02/debugging-openstack-with-rpdb/</a><br>
<br>
<br>
Is there anything in /etc/keystone/fernet-keys ?<br>
<br>
<br>
<br>
<blockquote cite="mid:CAMGoRG28iF9AuX7EFFSFPbJy6EiSCzq=Heia=tpgLbxp2C9L4A@mail.gmail.com" type="cite">
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Mailing list: <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
Post to : <a class="moz-txt-link-abbreviated" href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a>
Unsubscribe : <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
</pre>
</blockquote>
<br>
</div><!--<![endif]--></includetail></div>