[Openstack] keystone setup & build

Adnan Smajlovic a.smajlovic at gmail.com
Mon Mar 16 12:21:03 UTC 2015 

On 14 March 2015 at 00:16, John Williams <john.1209 at yahoo.com> wrote:

> I'm on the following URL of the build docs
>
>
> http://docs.openstack.org/juno/install-guide/install/apt/content/keystone-users.html
>
>
> I'm trying to put keystone together.  The build is failing on the
> following:
>
> root at os1:/etc# keystone tenant-create --name admin --description "Admin
> Tenant"
> WARNING: Bypassing authentication using a token & endpoint (authentication
> credentials are being ignored).
> Unable to establish connection to http://os1:35357/v2.0/tenants
> root at os1:/etc#
>
>
>
> Any idea what the problem may be?
>
> Thanks in advance.
>

Hi John,

The most obvious things I can think of:

 - Service not running

Easy enough to check:

# netstat -tunlp | grep 35357
tcp        0      0 0.0.0.0:35357           0.0.0.0:*
LISTEN      19821/python

 - 'os1' does not resolve to the server IP where keystone is expected to be
running

You appear to be running the keystone command from the 'os1' instance.  I
assume this is where the service is hosted and you should be able to
confirm an entry in /etc/hosts (or DNS and search domain combo, should you
be taking that particular approach) e.g.

# grep controller /etc/hosts
172.16.32.100     controller

# host controller
controller has address 172.16.32.100

 - Firewall blocking requests to port 35357

Should you be making use of iptables (or similar), it is possible that
requests to the IP address that 'os1' resolves to are being blocked.
Example of a firewall rule permitting keystone auth and admin API access on
my local deployment and a curl request confirming it is running:

# iptables -nvL --line | grep 35357
31     304 18240 ACCEPT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0            multiport ports 5000,35357  state NEW

 - keystone.conf changes that have not been applied (or a misconfiguration)

If you have applied changes to keystone.conf and not restarted the service
you are likely to get seemingly odd behaviour.

Failing all of that I would recommend increasing log verbosity for the
keystone service ('verbose=true' and 'debug=true, under the [DEFAULT]
section in keystone.conf) restarting the service, and hopefully get more
useful output in the keystone log.

Regards,

--
Adnan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150316/c56256ea/attachment.html>

More information about the Openstack mailing list