Open Stack

Thanks all for the suggestions, it helped to trace to the real problem: 
our own proxy server is misconfigured, nothing to do with openstack.
After fixing proxy server, it works.

Thanks,
Xin

On 8/17/2012 6:28 PM, Adam Young wrote:
> OK, SERVICE_TOKEN is the same as --token
>
>
> You can follow the steps here:
>
> https://access.redhat.com/knowledge/docs/en-US/Red_Hat_OpenStack_Preview/
>
>
> Specifically:
> https://access.redhat.com/knowledge/docs/en-US/Red_Hat_OpenStack_Preview/1/html/Getting_Started_Guide/ch02.html#id3165390
> ||  *|export SERVICE_TOKEN=$(openssl rand -hex 10)|*
> ||  *|export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0|*
> ||  *|echo $SERVICE_TOKEN > /tmp/ks_admin_token|*
> ||  *|sudo openstack-config --set /etc/keystone/keystone.conf \|*
>    *|DEFAULT admin_token $SERVICE_TOKEN|*
>
>
> and that should be the admin_token value that you have.
>
> If nothing is in the log, it probably means you have not actually hit 
> the right server.
>
>
>
> On 08/17/2012 05:47 PM, Dolph Mathews wrote:
>> The admin_token value from keystone.conf is not a real token; it 
>> exists as a string in memory and has no context, user or actual roles 
>> associated with it (hence it does not appear in your token table).
>>
>> As for your actual issue, I don't see anything obviously wrong with 
>> what's below. Is logging enabled & working, otherwise? Have you tried 
>> "verbose = True" and "debug = True"? Have you tried running that 
>> command from the compute node itself, rather than over the internet 
>> IP? What happens when you curl / GET / whatever http://<internet_ip 
>> of the controller node>:35357/v2.0 and/or http://127.0.0.1:35357/v2.0 ?
>>
>> -Dolph
>>
>> On Fri, Aug 17, 2012 at 3:26 PM, Xin Zhao <xzhao at bnl.gov 
>> <mailto:xzhao at bnl.gov>> wrote:
>>
>>     Hello,
>>
>>     I newly install keystone on the RHEL6 machine, but it is not
>>     working. The following command fails:
>>
>>     $ keystone --token <admin_token string from keystone.conf>
>>     --endpoint http://<internet_ip of the controller node>:35357/v2.0
>>     tenant-create --name openstackDemo --description "Default Tenant"
>>     --enabled true
>>
>>     Unable to communicate with identity service: (403, 'Forbidden').
>>     (HTTP 400)
>>
>>     There is no relevant log in the keystone.log file.
>>
>>     Here is the instruction I follow:
>>     http://docs.openstack.org/essex/openstack-compute/install/yum/content/setting-up-tenants-users-and-roles.html
>>
>>     This is done on the controller node itself. I can telnet to
>>     <internet_ip of the controller node>:35357. I can also
>>     log into mysql DB as keystone user, although there is no
>>     <admin_token> entry in any of the keystone tables.
>>
>>     Any idea what is going wrong here?
>>
>>     Thanks,
>>     Xin
>>
>>
>>     _______________________________________________
>>     Mailing list: https://launchpad.net/~openstack
>>     <https://launchpad.net/%7Eopenstack>
>>     Post to     : openstack at lists.launchpad.net
>>     <mailto:openstack at lists.launchpad.net>
>>     Unsubscribe : https://launchpad.net/~openstack
>>     <https://launchpad.net/%7Eopenstack>
>>     More help   : https://help.launchpad.net/ListHelp
>>
>>
>>
>>
>> _______________________________________________
>> Mailing list:https://launchpad.net/~openstack
>> Post to     :openstack at lists.launchpad.net
>> Unsubscribe :https://launchpad.net/~openstack
>> More help   :https://help.launchpad.net/ListHelp
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120820/0ffeed65/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3212 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120820/0ffeed65/attachment.bin>