[Openstack] Keystone Fernet Token

Reza Bakhshayeshi reza.b2008 at gmail.com
Wed Oct 28 18:23:44 UTC 2015


Hi all,

I'm going to use fernet token on OpenStack Kilo (only Keystone service is
installed),
I've configured keystone.conf like:

[token]
provider = keystone.token.providers.fernet.Provider

when I'm running:
keystone-manage fernet_setup --keystone-user keystone --keystone-group
keystone

keys creating successfully in /etc/keystone/fernet-keys directory.
But when I'm going to creating a token I receive the following error, here
is the complete log:

2015-10-28 21:22:14.680 65218 INFO keystone.common.wsgi [-] GET /?
2015-10-28 23:50:25.343 9377 INFO keystone.token.providers.fernet.utils [-]
[fernet_tokens] key_repository does not appear to exist; attempting to
create it
2015-10-28 23:50:25.344 9377 INFO keystone.token.providers.fernet.utils [-]
Created a new key: /etc/keystone/fernet-keys/0
2015-10-28 23:50:25.344 9377 INFO keystone.token.providers.fernet.utils [-]
Starting key rotation with 1 key files: ['/etc/keystone/fernet-keys/0']
2015-10-28 23:50:25.344 9377 INFO keystone.token.providers.fernet.utils [-]
Current primary key is: 0
2015-10-28 23:50:25.345 9377 INFO keystone.token.providers.fernet.utils [-]
Next primary key will be: 1
2015-10-28 23:50:25.345 9377 INFO keystone.token.providers.fernet.utils [-]
Promoted key 0 to be the primary: 1
2015-10-28 23:50:25.345 9377 INFO keystone.token.providers.fernet.utils [-]
Created a new key: /etc/keystone/fernet-keys/0
2015-10-28 23:50:25.345 9377 INFO keystone.token.providers.fernet.utils [-]
Excess keys to purge: []
2015-10-28 23:50:52.632 8059 INFO keystone.common.wsgi [-] POST /tokens?
2015-10-28 23:50:52.889 8059 ERROR keystone.token.providers.fernet.utils
[-] Either [fernet_tokens] key_repository does not exist or Keystone does
not have sufficient permission to access it: /etc/keystone/fernet-keys/
2015-10-28 23:50:52.890 8059 WARNING keystone.common.wsgi [-] No encryption
keys found; run keystone-manage fernet_setup to bootstrap one.

while the permissions seem to be correct:

# ls -lah /etc/keystone/
total 104K
drwxr-x---.   3 root     keystone 4.0K Oct 28 23:50 .
drwxr-xr-x. 143 root     root      12K Oct 28 12:56 ..
-rw-r-----.   1 root     keystone 1.5K Jul 29 00:21
default_catalog.templates
drwx------.   2 keystone keystone 4.0K Oct 28 23:50 fernet-keys
-rw-r-----.   1 root     keystone  57K Oct 28 23:48 keystone.conf
-rw-r-----.   1 root     keystone 1.1K Jul 29 00:21 logging.conf
-rw-r-----.   1 keystone keystone 8.6K Jul 29 00:21 policy.json
-rw-r-----.   1 keystone keystone  665 Jul 29 00:21
sso_callback_template.html

What am I missing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151028/6c01805f/attachment.html>


More information about the Openstack mailing list