Ask Your Question
0

Glance Rocky: Unable to validate token: Unable to establish connection to :5000/v3/auth/tokens [closed]

asked 2018-10-26 04:07:45 -0600

Thomas Bingel gravatar image

Hi, I am new to openstack and I am trying to get the minimum setup to work.

Keystone seams to work fine now. There is no port 35357 anymore. The bootstrap looks like this:

# Bootstrap the Identity service
keystone-manage bootstrap --bootstrap-password "$KEYSTONE_ADMIN_PASSWORD" \
    --bootstrap-admin-url http://keystone:5000/v3/ \
    --bootstrap-internal-url http://keystone:5000/v3/ \
    --bootstrap-public-url http://keystone:5000/v3/ \
    --bootstrap-region-id RegionOne

When I try to verify the operation of glance (https://docs.openstack.org/glance/rocky/install/verify.html (https://docs.openstack.org/glance/roc...)) I get the following error: 

2018-10-26 10:30:18.904 136 CRITICAL keystonemiddleware.auth_token [-] Unable to validate token: Unable to establish connection to http://keystone:5000/v3/auth/tokens: HTTPConnectionPool(host='keystone', port=5000): Max retries exceeded with url: /v3/auth/tokens (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f511b4bc4d0>: Failed to establish a new connection: [Errno -2] No address found',)): ConnectFailure: Unable to establish connection to http://keystone:5000/v3/auth/tokens: HTTPConnectionPool(host='keystone', port=5000): Max retries exceeded with url: /v3/auth/tokens (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f511b4bc4d0>: Failed to establish a new connection: [Errno -2] No address found',))

And this is the Clance API Config

[keystone_authtoken]
www_authenticate_uri = http://keystone:5000/v3
auth_url = http://keystone:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = glance

And the exports:

export OS_USERNAME=admin
export OS_PASSWORD=keystone
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://keystone:5000/v3
export OS_IDENTITY_API_VERSION=3

I added the /v3 according to a bug report. But still no luck. A curl to http://keystone:5000/v3 works just fine. Any idea?

Thanks Thomas

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by Bernd Bausch
close date 2018-11-03 14:10:49.817820

add a comment

3 answers

Sort by ยป oldest newest most voted
0

answered 2018-11-03 09:47:52 -0600

novainfinite gravatar image

in /etc/hosts give keystone an ip of the host like 192.168.16.1 keystone

edit flag offensive delete link more
add a comment
0

answered 2018-11-03 07:05:40 -0600

Eranachandran gravatar image

updated 2018-11-03 07:46:09 -0600

The problem in your environment is happening, due to the endpoint not properly created, check with your hostname. that is the issue, read below for fix your error ...................

you should create the endpoint URL,  with the name of the host or IP address of the host
HTTP://{host-name or host_IP}:5000/v3/

for example, if your hostname is controller1 or host-ip is 10.10.236.155 you should create endpoints,  like 
keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
  --bootstrap-admin-url http://controller1:5000/v3/ \
  --bootstrap-internal-url http://controller1:5000/v3/ \
  --bootstrap-public-url http://controller1:5000/v3/ \
  --bootstrap-region-id RegionOne

If your going to use host-IP you should create endpoints,  like 

keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
  --bootstrap-admin-url http://10.10.236.155:5000/v3/ \
  --bootstrap-internal-url http://10.10.236.155:5000/v3/ \
  --bootstrap-public-url http://10.10.236.155:5000/v3/ \
  --bootstrap-region-id RegionOne
......................

All service endpoints should be created like this, with their specified ports, try this will work for you...

edit flag offensive delete link more
add a comment
0

answered 2018-10-31 08:22:46 -0600

Thomas Bingel gravatar image

Found the problem. The documentation is missing the following step:

openstack project create service

then the rest works...

edit flag offensive delete link more
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2018-10-26 04:07:45 -0600

Seen: 29 times

Last updated: Nov 03

Related questions

Unable to get version info from keystone

Should the authtoken configuration for glance api and registration services be located in the paste.ini files and not the .conf files (as it states in the documentation)?

Horizon's ip address

Keystone user-role-add : HTTP 409

auth_token in keystone v3

Adding a new ceilometer meter

authtoken expiry unlimited

Image list of a particular tenant

Keystone: unable to use the public endpoint

creating keystone ERROR: openstack Not Found (HTTP 404) entity liberty debian