No handlers could be found for logger "keystoneclient.client"

asked 2013-02-21 16:31:30 -0600

a-holway gravatar image


I cant do anything with Keystone due to "No handlers could be found for logger "keystoneclient.client""

Any ideas whats going on here?

root@openstack:~# keystone --debug user-list connect: (, 5000) connect fail: ('', 5000) No handlers could be found for logger "keystoneclient.client" Traceback (most recent call last): File "/usr/bin/keystone", line 9, in <module> load_entry_point('python-keystoneclient==0.1.3', 'console_scripts', 'keystone')() File "/usr/lib/python2.7/dist-packages/keystoneclient/", line 410, in main OpenStackIdentityShell().main(sys.argv[1:]) File "/usr/lib/python2.7/dist-packages/keystoneclient/", line 351, in main insecure=args.insecure) File "/usr/lib/python2.7/dist-packages/keystoneclient/v2_0/", line 80, in __init__ self.authenticate() File "/usr/lib/python2.7/dist-packages/keystoneclient/v2_0/", line 110, in authenticate "%s" % e) keystoneclient.exceptions.AuthorizationFailure: Authorization Failed: Unable to communicate with identity service: [Errno 111] Connection refused. (HTTP 400) root@openstack:~#

edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted

answered 2013-02-21 16:31:40 -0600

a-holway gravatar image

root@openstack:/etc/keystone# cat keystone.conf [DEFAULT]

A "shared secret" between keystone and other openstack services

admin_token = 92e139f7876bc89d12f6

The IP address of the network interface to listen on

bind_host =

The port number which the public service listens on

public_port = 5000

The port number which the public admin listens on

admin_port = 35357

The port number which the OpenStack Compute service listens on

compute_port = 8774

=== Logging Options ===

Print debugging output

verbose = True

Print more verbose output

(includes plaintext request logging, potentially including passwords)

debug = True

Name of log file to output to. If not set, logging will go to stdout.

log_file = keystone.log

The directory to keep log files in (will be prepended to --logfile)

log_dir = /var/log/keystone

Use syslog for logging.

#use_syslog = True

syslog facility to receive log lines

#syslog_log_facility = LOG_USER

If this option is specified, the logging configuration file specified is

used and overrides any other logging options specified. Please see the

Python logging module documentation for details on logging configuration


log_config = /etc/keystone/logging.conf

A logging.Formatter log message format string which may use any of the

available logging.LogRecord attributes.

log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s

Format string for %(asctime)s in log records.

log_date_format = %Y-%m-%d %H:%M:%S

onready allows you to send a notification when the process is ready to serve

For example, to have it notify using systemd, one could set shell command:

onready = systemd-notify --ready

or a module with notify() method:

onready = keystone.common.systemd


The SQLAlchemy connection string used to connect to the database

#connection = sqlite:////var/lib/keystone/keystone.db connection = mysql://keystone:ubuntu@localhost/keystone

the timeout before idle sql connections are reaped

idle_timeout = 200

[identity] driver = keystone.identity.backends.sql.Identity


dynamic, sql-based backend (supports API/CLI-based management commands)

driver = keystone.catalog.backends.sql.Catalog

static, file-based backend (does NOT support any management commands)

driver = keystone.catalog.backends.templated.TemplatedCatalog

template_file = default_catalog.templates

[token] driver = keystone.token.backends.sql.Token

Amount of time a token should remain valid (in seconds)

expiration = 86400

[policy] driver = keystone.policy.backends.rules.Policy

[ec2] driver = keystone.contrib.ec2.backends.sql.Ec2

[ssl] #enable = True #certfile = /etc/keystone/ssl/certs/keystone.pem #keyfile = /etc/keystone/ssl/private/keystonekey.pem #ca_certs = /etc/keystone/ssl/certs/ca.pem #cert_required = True

[signing] #token_format = UUID #certfile = /etc/keystone/ssl/certs/signing_cert.pem #keyfile = /etc/keystone/ssl/private/signing_key.pem #ca_certs = /etc/keystone/ssl/certs/ca.pem #key_size = 1024 #valid_days = 3650 #ca_password = None #token_format = PKI


url = ldap://localhost

user = dc=Manager,dc=example,dc=com

password = None

suffix = cn=example,cn=com

use_dumb_member = False

user_tree_dn = ou=Users,dc=example,dc=com

user_objectclass = inetOrgPerson

user_id_attribute = cn

user_name_attribute = sn

tenant_tree_dn = ou=Groups,dc=example,dc=com

tenant_objectclass = groupOfNames

tenant_id_attribute = cn

tenant_member_attribute = member

tenant_name_attribute = ou

role_tree_dn = ou=Roles,dc=example,dc=com

role_objectclass = organizationalRole

role_id_attribute = cn

role_member_attribute = roleOccupant

[filter:debug] paste.filter_factory = keystone.common.wsgi:Debug.factory

[filter:token_auth] paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory

[filter:admin_token_auth ... (more)

edit flag offensive delete link more

answered 2013-02-21 16:31:55 -0600

a-holway gravatar image

root@openstack:/etc/keystone# cat logging.conf [loggers] keys=root

[formatters] keys=normal,normal_with_name,debug

[handlers] keys=production,file,devel

[logger_root] level=DEBUG handlers=file

[handler_production] class=handlers.SysLogHandler level=ERROR formatter=normal_with_name args=(('localhost', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER)

[handler_file] class=FileHandler level=DEBUG formatter=normal_with_name args=('/var/log/keystone/keystone.log', 'a')

[handler_devel] class=StreamHandler level=NOTSET formatter=debug args=(sys.stdout,)

[formatter_normal] format=%(asctime)s %(levelname)s %(message)s

[formatter_normal_with_name] format=(%(name)s): %(asctime)s %(levelname)s %(message)s

[formatter_debug] format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s %(message)s

edit flag offensive delete link more

answered 2013-03-06 09:20:22 -0600

Make sure that you can connect successfully to keystone services on port :35357 and 5000 . From your log file, the keystone client can't access to the keystone admin service on port 5000.

you can check by using the command below:

curl -i -X GET -H "User-Agent: python-keystoneclient" -H "X-Auth-Token: 92e139f7876bc89d12f6"

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2013-02-21 16:31:30 -0600

Seen: 804 times

Last updated: Mar 06 '13