[Openstack] Odd Keystone Behaviour

Daniel Ellison daniel at syrinx.net
Thu Feb 6 19:10:11 UTC 2014


On Feb 6, 2014, at 1:48 PM, Adam Young <ayoung at redhat.com> wrote:
> Those are for initializing the Keystone server.  Create a user with the admin roles,  then you disable the ADMIN_TOKEN in the conf file, and use a real user with a real token to do all other work. SERVICE_TOKEN is not a long term setting for a production environment.

Luckily this is an internal evaluation setup, not a production system. I've set up OpenStack several times before, but this time I wasn't responsible for the database initialization. There already was an admin user with the right credentials, but the incorrect auth endpoint was preventing it from working properly.

I /will/ remember to disable admin_token in keystone.conf on any production systems, however.

+Dan



More information about the Openstack mailing list