Open Stack

Hi Eugen

I have admin_token set, but token_provider isn't set.

Can I run "su -s /bin/sh -c "keystone-manage db_sync" keystone" without 
loosing any data (current users, roles, permissions, etc)??

J.

On 20/05/16 12:42, Eugen Block wrote:
> Hi,
>
> I had a similar issue, in Liberty I used uuid tokens, then I upgraded 
> to Mitaka and also switched to fernet tokens. Because of some kind of 
> inconsistency I wanted to switch back to uuid.
> Do you have an admin_token set in your keystone.conf?
>
> I compared my current conf file to the liberty conf and I can't see 
> another difference except admin_token and token_provider.
>
> I followed [1] to get keystone to work with uuid tokens in Liberty. If 
> I understand correctly, you'll have to populate the keystone database 
> "su -s /bin/sh -c "keystone-manage db_sync" keystone" and enable the 
> required services.
> In my case, I managed to switch back to uuid, but in the meantime I'm 
> back to fernet tokens.
>
> Hope this helps!
>
> [1] 
> http://docs.openstack.org/liberty/install-guide-obs/keystone-install.html#install-and-configure-components
>
> Regards,
> Eugen
>
> Zitat von magicboiz at hotmail.com:
>
>> Hi
>>
>> I've deployed FUEL 8.0 (liberty) on my lab and noticed that FUEL 
>> works with fernet tokens. Because I have an old app which only works 
>> with UUID, I have changed /etc/keyston/keyston.conf
>>
>> from:
>>
>> [token]
>>         provider = keystone.token.providers.fernet.Provider
>>
>>
>> to:
>>
>> [token]
>>         provider = keystone.token.providers.uuid.Provider
>>
>>
>> But now, I'm facing a strange behavior:
>>
>> as admin user, executing a simple "keystone user-list" doesn't work 
>> and shows this error:
>> /.................
>> RESP BODY: {"error": {"message": "Non-default domain is not supported 
>> (Disable debug mode to suppress these details.)", "code": 401, 
>> "title": "Unauthorized"}}
>> //.................//
>>
>> /Executing "openstack user list" also gets the same error:
>> /Non-default domain is not supported (Disable debug mode to suppress 
>> these details.) (HTTP 401) (Request-ID: 
>> req-8285b64d-353a-4188-949f-679bbfaa1114)/
>>
>> Also from Horizon dashboard, I cannot retrieve the user list.....
>>
>>
>> But the funny/strange thing is that executing the same command 
>> through V3 indentity admin interface (/export 
>> OS_IDENTITY_API_VERSION=3/) it works:
>>
>> /root at node-1:~# openstack user list
>> +----------------------------------+-------------------+
>> | ID                               | Name              |
>> +----------------------------------+-------------------+
>> | 06c80b0440034f49a674bd0ef56385e1 | heat_admin        |
>> | 1b5ae288f1494efd91aa67cadd290939 | sahara            |
>> | 2c71b7342bfe421abdb1af34a05988ac | heat-cfn          |
>> | 4722750675d6416082be67a7cf9b03c3 | murano            |
>> | 6b020f2c8328430b9bc71400e8a8b661 | cinder            |
>> | 958dd93f02614f38b4575c05833b0884 | heat              |
>> | 97c015a3d9b2432090992027fdb16e44 | ceilometer        |
>> | 9fb385d757324bc0a62b502f4c3ae67c | swift             |
>> | cc1395223fd74ea2aa59242fccb279de | admin             |
>> | dc325906c9b6446a801a9d4914472b51 | neutron           |
>> | df265ea710294923991a5d10006dd9cb | nova              |
>> | ebcf0d3439c143d098d95212fa587b6a | glance            |
>> | fc804ae3614349ea80f844bc7f102a59 | fuel_stats_user   |
>> +----------------------------------+-------------------+
>> /
>>
>> Anyone could help me?
>>
>> thanks in advance.
>> J
>
>
>