[Openstack] keystone initialization problem
Xin Zhao
xzhao at bnl.gov
Mon Aug 20 12:58:04 UTC 2012
Thanks all for the suggestions, it helped to trace to the real problem:
our own proxy server is misconfigured, nothing to do with openstack.
After fixing proxy server, it works.
Thanks,
Xin
On 8/17/2012 6:28 PM, Adam Young wrote:
> OK, SERVICE_TOKEN is the same as --token
>
>
> You can follow the steps here:
>
> https://access.redhat.com/knowledge/docs/en-US/Red_Hat_OpenStack_Preview/
>
>
> Specifically:
> https://access.redhat.com/knowledge/docs/en-US/Red_Hat_OpenStack_Preview/1/html/Getting_Started_Guide/ch02.html#id3165390
> || *|export SERVICE_TOKEN=$(openssl rand -hex 10)|*
> || *|export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0|*
> || *|echo $SERVICE_TOKEN > /tmp/ks_admin_token|*
> || *|sudo openstack-config --set /etc/keystone/keystone.conf \|*
> *|DEFAULT admin_token $SERVICE_TOKEN|*
>
>
> and that should be the admin_token value that you have.
>
> If nothing is in the log, it probably means you have not actually hit
> the right server.
>
>
>
> On 08/17/2012 05:47 PM, Dolph Mathews wrote:
>> The admin_token value from keystone.conf is not a real token; it
>> exists as a string in memory and has no context, user or actual roles
>> associated with it (hence it does not appear in your token table).
>>
>> As for your actual issue, I don't see anything obviously wrong with
>> what's below. Is logging enabled & working, otherwise? Have you tried
>> "verbose = True" and "debug = True"? Have you tried running that
>> command from the compute node itself, rather than over the internet
>> IP? What happens when you curl / GET / whatever http://<internet_ip
>> of the controller node>:35357/v2.0 and/or http://127.0.0.1:35357/v2.0 ?
>>
>> -Dolph
>>
>> On Fri, Aug 17, 2012 at 3:26 PM, Xin Zhao <xzhao at bnl.gov
>> <mailto:xzhao at bnl.gov>> wrote:
>>
>> Hello,
>>
>> I newly install keystone on the RHEL6 machine, but it is not
>> working. The following command fails:
>>
>> $ keystone --token <admin_token string from keystone.conf>
>> --endpoint http://<internet_ip of the controller node>:35357/v2.0
>> tenant-create --name openstackDemo --description "Default Tenant"
>> --enabled true
>>
>> Unable to communicate with identity service: (403, 'Forbidden').
>> (HTTP 400)
>>
>> There is no relevant log in the keystone.log file.
>>
>> Here is the instruction I follow:
>> http://docs.openstack.org/essex/openstack-compute/install/yum/content/setting-up-tenants-users-and-roles.html
>>
>> This is done on the controller node itself. I can telnet to
>> <internet_ip of the controller node>:35357. I can also
>> log into mysql DB as keystone user, although there is no
>> <admin_token> entry in any of the keystone tables.
>>
>> Any idea what is going wrong here?
>>
>> Thanks,
>> Xin
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> <https://launchpad.net/%7Eopenstack>
>> Post to : openstack at lists.launchpad.net
>> <mailto:openstack at lists.launchpad.net>
>> Unsubscribe : https://launchpad.net/~openstack
>> <https://launchpad.net/%7Eopenstack>
>> More help : https://help.launchpad.net/ListHelp
>>
>>
>>
>>
>> _______________________________________________
>> Mailing list:https://launchpad.net/~openstack
>> Post to :openstack at lists.launchpad.net
>> Unsubscribe :https://launchpad.net/~openstack
>> More help :https://help.launchpad.net/ListHelp
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120820/0ffeed65/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3212 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120820/0ffeed65/attachment.bin>
More information about the Openstack
mailing list