Ask Your Question
0

openstack-ansible /etc/keystone/ssl/certs/ empty

asked 2016-12-23 02:34:25 -0500

seitan gravatar image

updated 2017-01-16 15:08:39 -0500

rbowen gravatar image

Hello, I'm deploying my openstack system via openstack-ansible.
Everything works fine, but it seems that /etc/keystone/ssl/certs/ in keystone containers is empty.
I'm using rados to provide object storage to openstack.
According to http://docs.ceph.com/docs/jewel/rados...
you need to generate certificates from /etc/keystone/ssl/certs/ for rados to be able to decode keystone messages.

I'm guessing because of that, rados fails to query keystone with the following errors:

2016-12-23 12:01:30.972648 7f5aaf7d6700  0 revoked tokens response is missing signed section
2016-12-23 12:01:30.972724 7f5aaf7d6700  0 ERROR: keystone revocation processing returned error r=-22

Is there any additional parameter I should use to in my ansible configuration to make those certificates be created?

my rados ceph.conf:

[client.rgw.ostack-rados1.domain.com]
rgw_frontends = "civetweb port=80"
rgw keystone url = http://192.168.0.1:5000
rgw keystone admin user = ceph
rgw keystone admin password = secret
rgw keystone admin project = admin
rgw keystone admin domain = default
rgw keystone api version = 3
rgw keystone token cache size = 500
rgw keystone revocation interval = 500
rgw s3 auth use keystone = true
rgw keystone verify ssl = false

Thank you for your help.

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2017-01-17 00:09:53 -0500

seitan gravatar image

updated 2017-01-17 00:15:10 -0500

According to: https://docs.hpcloud.com/hos-3.x/helion/releasenotes30.html

This is not an error and should be ignored.

Source: https://bugs.launchpad.net/openstack-ansible/+bug/1653483

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2016-12-23 02:34:25 -0500

Seen: 296 times

Last updated: Jan 17 '17