I am recently trying to setup LDAP/AD integration with Openstack keystone (packstack) for authentication and i get below error when i tried to run openstack-status. I cannot access the Openstack UI anymore. Need help resolving

asked 2019-12-23 10:05:05 -0500

WoleS gravatar image

== Keystone users == Failed to discover available identity versions when contacting http://controllerIP:5000/v3. Attempting to parse version from URL. == Glance images == Internal Server Error (HTTP 500) == Nova managed services == No handlers could be found for logger "keystoneauth.identity.generic.base" ERROR (InternalServerError): Internal Server Error (HTTP 500) == Nova networks == No handlers could be found for logger "keystoneauth.identity.generic.base" ERROR (InternalServerError): Internal Server Error (HTTP 500) == Nova instance flavors == No handlers could be found for logger "keystoneauth.identity.generic.base" ERROR (InternalServerError): Internal Server Error (HTTP 500) == Nova instances == No handlers could be found for logger "keystoneauth.identity.generic.base" ERROR (InternalServerError): Internal Server Error (HTTP 500)

edit retag flag offensive close merge delete

Comments

Check the Keystone log for errors.

Bernd Bausch gravatar imageBernd Bausch ( 2019-12-23 15:12:30 -0500 )edit

Here is the error in the Keystone log and it doesn't really make sense to me : ConfigFilesNotFoundError: Failed to find some config files: policy.d default default] /usr/lib/python2.7/site-packages/oslo_policy/policy.py:695: UserWarning: Policy "identity:delete_region":"rule:admin_required"

WoleS gravatar imageWoleS ( 2019-12-26 14:22:56 -0500 )edit

was deprecated in S in favor of "identity:delete_region":"role:admin and system_scope:all". Reason: As of the Stein release, the region API now understands default roles and system-scoped tokens, making the API more granular without compromising security.

WoleS gravatar imageWoleS ( 2019-12-26 14:23:43 -0500 )edit

he new policies for this API account for these changes automatically. Be sure to take these new defaults into consideration if you are relying on overrides in your deployment for the region API.. Either ensure your deployment is ready for the new default or copy/paste the deprecated policy into your

WoleS gravatar imageWoleS ( 2019-12-26 14:24:06 -0500 )edit

Also the keystone service is not running.

systemctl status openstack-keystone.service

Unit openstack-keystone.service could not be found.

WoleS gravatar imageWoleS ( 2019-12-26 14:25:05 -0500 )edit

Not only is the service not running, it simply doesn't exist. Are you sure it's named openstack-keystone.service? Try systemctl list-units | grep -i keystone.

If you have entries in the Keystone log, Keystone did run at some point. The messages you found, however, are warnings, not errors.

Bernd Bausch gravatar imageBernd Bausch ( 2019-12-26 20:17:36 -0500 )edit

See if you find anything running that is named Keystone: ps -ef | grep keystone. If not, look for errors in the keystone log, the apache logs, and the systemd journal.

Bernd Bausch gravatar imageBernd Bausch ( 2019-12-26 20:18:40 -0500 )edit

Thanks for the responses.....

I see nothing when i run this command

systemctl list-units | grep keystone

But I noticed Keystone is running under httpd

ps -ef | grep keystone

root 1788 1188 0 08:50 pts/0 00:00:00 grep --color=auto keystone keystone 20180 20060 0 Dec26 ? 00:00

WoleS gravatar imageWoleS ( 2019-12-27 08:05:17 -0500 )edit

ps -ef | grep keystone

root 1788 1188 0 08:50 pts/0 00:00:00 grep --color=auto keystone keystone 20180 20060 0 Dec26 ? 00:00:25 (wsgi:keystone- -DFOREGROUND keystone 20324 20060 0 Dec26 ? 00:00:02 keystone -DFOREGROUND

WoleS gravatar imageWoleS ( 2019-12-27 08:05:35 -0500 )edit

Also from the keystone log file - I see no other error except those warnings

pwd

/var/log/keystone -rw-rw----. 1 keystone keystone 178975 Dec 26 14:10 keystone.log

WoleS gravatar imageWoleS ( 2019-12-27 08:06:14 -0500 )edit

Here is the error i get from running openstack-status commnad after i configure ldap openstack keystone.

== Keystone users == Failed to discover available identity versions when contacting http://Controller-IP:5000/v3. Attempting to parse version from URL. Internal Server Error (HTTP 500)

WoleS gravatar imageWoleS ( 2019-12-27 08:07:07 -0500 )edit

= Glance images == Internal Server Error (HTTP 500) == Nova managed services == No handlers could be found for logger "keystoneauth.identity.generic.base" ERROR (InternalServerError): Internal Server Error (HTTP 500)

NOTE: I do not get this error when ldap is not configured with openstack keystone.

WoleS gravatar imageWoleS ( 2019-12-27 08:07:52 -0500 )edit

journal -f -n 10

Dec 27 13:16:42 controller-host sudo[4721]: pam_unix(sudo:session): session closed for user root Dec 27 13:16:42 controller-host sudo[4732]: cinder : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/cinder-rootwrap /etc/cinder/rootwrap.conf env LC_ALL=C lvs --noheadings --unit=g

WoleS gravatar imageWoleS ( 2019-12-27 13:05:17 -0500 )edit