[Openstack] Keystone Fernet Token
张家龙
zhangjl at awcloud.com
Tue Nov 3 04:13:26 UTC 2015
Maybe, you should do like follows:
chown -R keystone:keystone /etc/keystone
Then, restart the keystone service:
systemctl restart openstack-keystone
------------------
Best Regards
ZhangJialong
------------------ Original ------------------
From: "Adam Young"<ayoung at redhat.com>;
Date: Tue, Nov 3, 2015 11:01 AM
To: "openstack"<openstack at lists.openstack.org>;
Subject: Re: [Openstack] Keystone Fernet Token
On 10/28/2015 02:23 PM, Reza Bakhshayeshi wrote:
Hi all,
I'm going to use fernet token on OpenStack Kilo (only Keystone service is installed),
I've configured keystone.conf like:
[token]
provider = keystone.token.providers.fernet.Provider
when I'm running:
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keys creating successfully in /etc/keystone/fernet-keys directory.
But when I'm going to creating a token I receive the following error, here is the complete log:
2015-10-28 21:22:14.680 65218 INFO keystone.common.wsgi [-] GET /?
2015-10-28 23:50:25.343 9377 INFO keystone.token.providers.fernet.utils [-] [fernet_tokens] key_repository does not appear to exist; attempting to create it
2015-10-28 23:50:25.344 9377 INFO keystone.token.providers.fernet.utils [-] Created a new key: /etc/keystone/fernet-keys/0
2015-10-28 23:50:25.344 9377 INFO keystone.token.providers.fernet.utils [-] Starting key rotation with 1 key files: ['/etc/keystone/fernet-keys/0']
2015-10-28 23:50:25.344 9377 INFO keystone.token.providers.fernet.utils [-] Current primary key is: 0
2015-10-28 23:50:25.345 9377 INFO keystone.token.providers.fernet.utils [-] Next primary key will be: 1
2015-10-28 23:50:25.345 9377 INFO keystone.token.providers.fernet.utils [-] Promoted key 0 to be the primary: 1
2015-10-28 23:50:25.345 9377 INFO keystone.token.providers.fernet.utils [-] Created a new key: /etc/keystone/fernet-keys/0
2015-10-28 23:50:25.345 9377 INFO keystone.token.providers.fernet.utils [-] Excess keys to purge: []
2015-10-28 23:50:52.632 8059 INFO keystone.common.wsgi [-] POST /tokens?
2015-10-28 23:50:52.889 8059 ERROR keystone.token.providers.fernet.utils [-] Either [fernet_tokens] key_repository does not exist or Keystone does not have sufficient permission to access it: /etc/keystone/fernet-keys/
2015-10-28 23:50:52.890 8059 WARNING keystone.common.wsgi [-] No encryption keys found; run keystone-manage fernet_setup to bootstrap one.
while the permissions seem to be correct:
# ls -lah /etc/keystone/
total 104K
drwxr-x---. 3 root keystone 4.0K Oct 28 23:50 .
drwxr-xr-x. 143 root root 12K Oct 28 12:56 ..
-rw-r-----. 1 root keystone 1.5K Jul 29 00:21 default_catalog.templates
drwx------. 2 keystone keystone 4.0K Oct 28 23:50 fernet-keys
-rw-r-----. 1 root keystone 57K Oct 28 23:48 keystone.conf
-rw-r-----. 1 root keystone 1.1K Jul 29 00:21 logging.conf
-rw-r-----. 1 keystone keystone 8.6K Jul 29 00:21 policy.json
-rw-r-----. 1 keystone keystone 665 Jul 29 00:21 sso_callback_template.html
What am I missing?
No idea. When I get into these situations, I use rpdb;
http://adam.younglogic.com/2015/02/debugging-openstack-with-rpdb/
Is there anything in /etc/keystone/fernet-keys ?
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack at lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151103/ad43daf6/attachment.html>
More information about the Openstack
mailing list