<div dir="ltr">Here is the documentation page I followed: <a href="https://docs.openstack.org/keystone/queens/install/keystone-install-ubuntu.html">https://docs.openstack.org/keystone/queens/install/keystone-install-ubuntu.html</a><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Apr 16, 2018 at 3:14 PM, Shyam Prasad N <span dir="ltr"><<a href="mailto:nspmangalore@gmail.com" target="_blank">nspmangalore@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div>Hi Eugen,<br><br></div>Ignore the different IPs. I had tried keystone install on two different systems. The old admin-rc script was from the other node. <br><br></div>As per the port numbers, I followed what was in the documentation: <br>Bootstrap the Identity service:<span class="m_-2644214995920630523gmail-gp"><br>#</span> keystone-manage bootstrap --bootstrap-password ADMIN_PASS <span class="m_-2644214995920630523gmail-se">\</span><br>--bootstrap-admin-url <a href="http://controller:5000/v3/" target="_blank">http://controller:5000/v3/</a> <span class="m_-2644214995920630523gmail-se">\</span>
<span class="m_-2644214995920630523gmail-se"></span><br> --bootstrap-internal-url <a href="http://controller:5000/v3/" target="_blank">http://controller:5000/v3/</a> <span class="m_-2644214995920630523gmail-se">\</span><br> --bootstrap-public-url <a href="http://controller:5000/v3/" target="_blank">http://controller:5000/v3/</a> <span class="m_-2644214995920630523gmail-se">\</span>
<span class="m_-2644214995920630523gmail-se"></span><br> --bootstrap-region-id RegionOne<br><br></div>Regards,<br></div>Shyam<br></div><div class="gmail_extra"><div><div class="h5"><br><div class="gmail_quote">On Mon, Apr 16, 2018 at 2:57 PM, Eugen Block <span dir="ltr"><<a href="mailto:eblock@nde.ag" target="_blank">eblock@nde.ag</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
I found some differences between your bootstrap command and your admin-rc credentials:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
export OS_AUTH_URL=<a href="http://20.20.20.7:35357/v3" rel="noreferrer" target="_blank">http://20.20.20.7:<wbr>35357/v3</a><br>
--bootstrap-admin-url <a href="http://20.20.20.8:5000/v3/" rel="noreferrer" target="_blank">http://20.20.20.8:5000/v3/</a><br>
</blockquote>
<br>
You use two different IPs for your controller node, this can't work. Another thing is, you usually have to create one admin endpoint (port 35357) and a public endpoint (port 5000), you use the public port for both endpoints. This could work, of course, although not recommended. But then you have to change your admin-rc credentials respectively. They should reflect the configuration you bootstrapped with keystone-manage.<br>
<br>
Change your admin-rc to point to the correct IP and the correct port, then retry the domain list command after sourcing the credentials.<div class="m_-2644214995920630523HOEnZb"><div class="m_-2644214995920630523h5"><br>
<br>
<br>
Zitat von Shyam Prasad N <<a href="mailto:nspmangalore@gmail.com" target="_blank">nspmangalore@gmail.com</a>>:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
<br>
Sorry for the late reply. Was out for a while.<br>
<br>
# openstack domain list<br>
The request you have made requires authentication. (HTTP 401) (Request-ID:<br>
req-fd20ec4d-9000-4cfa-9a5c-ba<wbr>547a11c4c4)<br>
<br>
# tail /var/log/keystone/keystone-man<wbr>age.log<br>
#<br>
<br>
# keystone-manage bootstrap --bootstrap-password PASSWORD<br>
--bootstrap-admin-url <a href="http://20.20.20.8:5000/v3/" rel="noreferrer" target="_blank">http://20.20.20.8:5000/v3/</a> --bootstrap-internal-url<br>
<a href="http://20.20.20.8:5000/v3/" rel="noreferrer" target="_blank">http://20.20.20.8:5000/v3/</a> --bootstrap-public-url <a href="http://20.20.20.8:5000/v3/" rel="noreferrer" target="_blank">http://20.20.20.8:5000/v3/</a><br>
--bootstrap-region-id RegionOne<br>
2018-04-15 22:29:39.456 18518 WARNING keystone.assignment.core [-]<br>
Deprecated: Use of the identity driver config to automatically configure<br>
the same assignment driver has been deprecated, in the "O" release, the<br>
assignment driver will need to be expicitly configured if different than<br>
the default (SQL).<br>
2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default<br>
already exists, skipping creation.<br>
2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli<br>
[req-ed92018e-9fa0-4222-b9ca-6<wbr>d81d80cbf7f - - - - -] Project admin already<br>
exists, skipping creation.<br>
2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli<br>
[req-ed92018e-9fa0-4222-b9ca-6<wbr>d81d80cbf7f - - - - -] User admin already<br>
exists, skipping creation.<br>
2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli<br>
[req-ed92018e-9fa0-4222-b9ca-6<wbr>d81d80cbf7f - - - - -] Role admin exists,<br>
skipping creation.<br>
2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli<br>
[req-ed92018e-9fa0-4222-b9ca-6<wbr>d81d80cbf7f - - - - -] User admin already has<br>
admin on admin.<br>
2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli<br>
[req-ed92018e-9fa0-4222-b9ca-6<wbr>d81d80cbf7f - - - - -] Region RegionOne<br>
exists, skipping creation.<br>
2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli<br>
[req-ed92018e-9fa0-4222-b9ca-6<wbr>d81d80cbf7f - - - - -] Skipping admin<br>
endpoint as already created<br>
2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli<br>
[req-ed92018e-9fa0-4222-b9ca-6<wbr>d81d80cbf7f - - - - -] Skipping internal<br>
endpoint as already created<br>
2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli<br>
[req-ed92018e-9fa0-4222-b9ca-6<wbr>d81d80cbf7f - - - - -] Skipping public<br>
endpoint as already created<br>
# tail /var/log/keystone/keystone-man<wbr>age.log2018-04-15 22:29:39.456 18518<br>
WARNING keystone.assignment.core [-] Deprecated: Use of the identity driver<br>
config to automatically configure the same assignment driver has been<br>
deprecated, in the "O" release, the assignment driver will need to be<br>
expicitly configured if different than the default (SQL).<br>
2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default<br>
already exists, skipping creation.<br>
2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli<br>
[req-ed92018e-9fa0-4222-b9ca-6<wbr>d81d80cbf7f - - - - -] Project admin already<br>
exists, skipping creation.<br>
2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli<br>
[req-ed92018e-9fa0-4222-b9ca-6<wbr>d81d80cbf7f - - - - -] User admin already<br>
exists, skipping creation.<br>
2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli<br>
[req-ed92018e-9fa0-4222-b9ca-6<wbr>d81d80cbf7f - - - - -] Role admin exists,<br>
skipping creation.<br>
2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli<br>
[req-ed92018e-9fa0-4222-b9ca-6<wbr>d81d80cbf7f - - - - -] User admin already has<br>
admin on admin.<br>
2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli<br>
[req-ed92018e-9fa0-4222-b9ca-6<wbr>d81d80cbf7f - - - - -] Region RegionOne<br>
exists, skipping creation.<br>
2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli<br>
[req-ed92018e-9fa0-4222-b9ca-6<wbr>d81d80cbf7f - - - - -] Skipping admin<br>
endpoint as already created<br>
2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli<br>
[req-ed92018e-9fa0-4222-b9ca-6<wbr>d81d80cbf7f - - - - -] Skipping internal<br>
endpoint as already created<br>
2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli<br>
[req-ed92018e-9fa0-4222-b9ca-6<wbr>d81d80cbf7f - - - - -] Skipping public<br>
endpoint as already created<br>
#<br>
<br>
<br>
On Fri, Apr 13, 2018 at 11:54 AM, Eugen Block <<a href="mailto:eblock@nde.ag" target="_blank">eblock@nde.ag</a>> wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
<br>
the bug I reported is invalid because the keystone-bootstrap command is<br>
supposed to create the default domain. Since we created our cloud in<br>
Liberty release the default domain already existed in our environment.<br>
Well, I guess we're back to square one. ;-)<br>
<br>
Can you paste the output of<br>
<br>
control:~ # openstack domain list<br>
<br>
If the keystone bootstrap command worked, it should at least show the<br>
default domain. If it doesn't take a look into<br>
/var/log/keystone/keystone-man<wbr>age.log and check for errors. If this<br>
doesn't reveal anything try running it again and check the logs again.<br>
<br>
<br>
Zitat von Eugen Block <<a href="mailto:eblock@nde.ag" target="_blank">eblock@nde.ag</a>>:<br>
<br>
<br>
The missing command has been in Newton, Ocata and Pike release. They fixed<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
it in Queens again.<br>
<br>
I filed a bug report: <a href="https://bugs.launchpad.net/keystone/+bug/1763297" rel="noreferrer" target="_blank">https://bugs.launchpad.net/key<wbr>stone/+bug/1763297</a><br>
<br>
Regards<br>
<br>
<br>
Zitat von Shyam Prasad N <<a href="mailto:nspmangalore@gmail.com" target="_blank">nspmangalore@gmail.com</a>>:<br>
<br>
Thanks Eugen. It'll be great if you can do it. (I haven't yet gone through<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
the bug reporting documentation)<br>
Please add me to the bug's CC list. That way if some info is needed from<br>
me, I can provide it.<br>
<br>
Regards,<br>
Shyam<br>
<br>
On Thu, Apr 12, 2018 at 12:48 PM, Eugen Block <<a href="mailto:eblock@nde.ag" target="_blank">eblock@nde.ag</a>> wrote:<br>
<br>
I believe there's something missing in Ocata and Pike docs. If you read<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Mitaka install guide [1] you'll find the first step to be creating the<br>
default domain before all other steps regarding projects and users.<br>
<br>
You should run<br>
<br>
openstack domain create --description "Default Domain" default<br>
<br>
and then the next steps should work, at least I hope so.<br>
<br>
Do you want to report this as a bug? I can also report it, I have<br>
already<br>
filed several reports.<br>
<br>
Regards<br>
<br>
<br>
[1] <a href="https://docs.openstack.org/mitaka/install-guide-obs/keystone" rel="noreferrer" target="_blank">https://docs.openstack.org/mit<wbr>aka/install-guide-obs/keystone</a><br>
-users.html<br>
<br>
<br>
<br>
Zitat von Shyam Prasad N <<a href="mailto:nspmangalore@gmail.com" target="_blank">nspmangalore@gmail.com</a>>:<br>
<br>
Hi,<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Please read my replies inline below...<br>
<br>
On Thu, Apr 12, 2018 at 12:10 PM, Eugen Block <<a href="mailto:eblock@nde.ag" target="_blank">eblock@nde.ag</a>> wrote:<br>
<br>
Hi,<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
can you paste the credentials you're using?<br>
<br>
# cat admin-rc<br>
<br>
</blockquote>
export OS_USERNAME=admin<br>
export OS_PASSWORD=abcdef<br>
export OS_PROJECT_NAME=admin<br>
export OS_USER_DOMAIN_NAME=Default<br>
export OS_PROJECT_DOMAIN_NAME=Default<br>
export OS_AUTH_URL=<a href="http://20.20.20.7:35357/v3" rel="noreferrer" target="_blank">http://20.20.20.7:<wbr>35357/v3</a><br>
export OS_IDENTITY_API_VERSION=3<br>
<br>
The config values (e.g. domain) are case sensitive, the ID of the<br>
default<br>
<br>
domain is usually "domain", its name is "Default". But if you're<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
sourcing<br>
the credentials with ID "Default" this would go wrong, although I'm<br>
not<br>
sure if this would be the expected error message.<br>
<br>
Just a couple of weeks ago there was someone on <a href="http://ask.openstack.org" rel="noreferrer" target="_blank">ask.openstack.org</a> who<br>
ignored case-sensitive options and failed to operate his cloud.<br>
<br>
Did the keystone-manage bootstrap command work?<br>
<br>
Yes. It did not throw any errors.<br>
<br>
</blockquote>
<br>
<br>
Regards<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
<br>
Zitat von Shyam Prasad N <<a href="mailto:nspmangalore@gmail.com" target="_blank">nspmangalore@gmail.com</a>>:<br>
<br>
<br>
Hi,<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I'm trying to install keystone for my swift cluster.<br>
I followed this document for install and configuration:<br>
<a href="https://docs.openstack.org/keystone/pike/install/" rel="noreferrer" target="_blank">https://docs.openstack.org/key<wbr>stone/pike/install/</a><br>
<br>
However, I'm getting this error for a command:<br>
# openstack user create --domain default --password-prompt swift<br>
The request you have made requires authentication. (HTTP 401)<br>
(Request-ID:<br>
req-8f888754-1cf5-4c24-81b6-74<wbr>81c9c0dfb8)<br>
<br>
# tail /var/log/keystone/keystone.log<br>
2018-04-11 22:45:10.895 29335 INFO keystone.common.wsgi<br>
[req-147f239e-2205-40b5-8aea-4<wbr>0604c99b695 - - - - -] GET<br>
<a href="http://20.20.20.7:35357/v3/" rel="noreferrer" target="_blank">http://20.20.20.7:35357/v3/</a><br>
2018-04-11 22:45:10.898 29335 INFO eventlet.wsgi.server<br>
[req-147f239e-2205-40b5-8aea-4<wbr>0604c99b695 - - - - -] 20.20.20.7 - -<br>
[11/Apr/2018 22:45:10] "GET /v3 HTTP/1.1" 200 493 0.062545<br>
2018-04-11 22:45:10.908 29335 INFO keystone.common.wsgi<br>
[req-8f888754-1cf5-4c24-81b6-7<wbr>481c9c0dfb8 - - - - -] POST<br>
<a href="http://20.20.20.7:35357/v3/auth/tokens" rel="noreferrer" target="_blank">http://20.20.20.7:35357/v3/aut<wbr>h/tokens</a><br>
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers<br>
[req-8f888754-1cf5-4c24-81b6-7<wbr>481c9c0dfb8 - - - - -] Could not find<br>
domain:<br>
Default<br>
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers<br>
Traceback<br>
(most recent call last):<br>
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File<br>
"/usr/lib/python2.7/dist-packa<wbr>ges/keystone/auth/controllers.<wbr>py",<br>
line<br>
185,<br>
in _lookup_domain<br>
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers<br>
domain_name)<br>
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File<br>
"/usr/lib/python2.7/dist-packa<wbr>ges/keystone/common/manager.py<wbr>", line<br>
124,<br>
in<br>
wrapped<br>
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers<br>
__ret_val<br>
= __f(*args, **kwargs)<br>
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File<br>
"/usr/lib/python2.7/dist-packa<wbr>ges/dogpile/cache/region.py", line<br>
1053,<br>
in<br>
decorate<br>
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers<br>
should_cache_fn)<br>
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File<br>
"/usr/lib/python2.7/dist-packa<wbr>ges/dogpile/cache/region.py", line<br>
657,<br>
in<br>
get_or_create<br>
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers<br>
async_creator) as value:<br>
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File<br>
"/usr/lib/python2.7/dist-packa<wbr>ges/dogpile/core/dogpile.py", line<br>
158,<br>
in<br>
__enter__<br>
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers<br>
return<br>
self._enter()<br>
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File<br>
"/usr/lib/python2.7/dist-packa<wbr>ges/dogpile/core/dogpile.py", line<br>
98, in<br>
_enter<br>
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers<br>
generated<br>
= self._enter_create(createdtime<wbr>)<br>
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File<br>
"/usr/lib/python2.7/dist-packa<wbr>ges/dogpile/core/dogpile.py", line<br>
149,<br>
in<br>
_enter_create<br>
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers<br>
created<br>
=<br>
self.creator()<br>
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File<br>
"/usr/lib/python2.7/dist-packa<wbr>ges/dogpile/cache/region.py", line<br>
625,<br>
in<br>
gen_value<br>
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers<br>
created_value = creator()<br>
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File<br>
"/usr/lib/python2.7/dist-packa<wbr>ges/dogpile/cache/region.py", line<br>
1049,<br>
in<br>
creator<br>
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers<br>
return<br>
fn(*arg, **kw)<br>
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File<br>
"/usr/lib/python2.7/dist-packa<wbr>ges/keystone/resource/core.py"<wbr>, line<br>
720,<br>
in<br>
get_domain_by_name<br>
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers<br>
raise<br>
exception.DomainNotFound(domai<wbr>n_id=domain_name)<br>
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers<br>
DomainNotFound: Could not find domain: Default<br>
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers<br>
2018-04-11 22:45:11.016 29335 WARNING keystone.common.wsgi<br>
[req-8f888754-1cf5-4c24-81b6-7<wbr>481c9c0dfb8 - - - - -] Authorization<br>
failed.<br>
The request you have made requires authentication. from 20.20.20.7<br>
2018-04-11 22:45:11.018 29335 INFO eventlet.wsgi.server<br>
[req-8f888754-1cf5-4c24-81b6-7<wbr>481c9c0dfb8 - - - - -] 20.20.20.7 - -<br>
[11/Apr/2018 22:45:11] "POST /v3/auth/tokens HTTP/1.1" 401 425<br>
0.113822<br>
<br>
Can someone please tell me what's going on?<br>
Thanks in advance for your replies.<br>
<br>
</blockquote></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote>
<br>
<br>
</div></div></blockquote></div><br><br clear="all"><br></div></div><span class="HOEnZb"><font color="#888888">-- <br><div class="m_-2644214995920630523gmail_signature" data-smartmail="gmail_signature">-Shyam</div>
</font></span></div>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">-Shyam</div>
</div>