Keystone Error 111: Auththentication failed using token and endpoint

asked 2013-06-17 00:46:17 -0600

Cloudie gravatar image

[root@opens-grizzly ~]# source openrc [root@opens-grizzly ~]# keystone user-list Authorization Failed: [Errno 111] Connection refused [root@opens-grizzly ~]#

edit retag flag offensive close merge delete

Comments

I want to change uthentication method to user id and pwd instead of token and endpoint. suggest me any solution regarding this.

Cloudie gravatar imageCloudie ( 2013-06-17 00:47:18 -0600 )edit

^C[root@opens-grizzly ~]# keystone user-list WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). [Errno 111] Connection refused

Cloudie gravatar imageCloudie ( 2013-06-17 00:55:22 -0600 )edit

@Cloudie it is a lot easier to edit the question and add more details there: the question becomes readable and easier to interpret for others.

smaffulli gravatar imagesmaffulli ( 2013-06-17 16:11:56 -0600 )edit

1 answer

Sort by ยป oldest newest most voted
0

answered 2013-08-12 10:21:09 -0600

annegentle gravatar image

I had asked about when it's appropriate to use a userID and password to connect to the Identity Service (keystone). I learned that there are security and audit needs. Here's some paraphrased explanation from http://docs.openstack.org/grizzly/openstack-compute/install/apt/content/setting-up-tenants-users-and-roles-manually.html .

Typically, you would use a username and password to authenticate with the Identity service. However, at the starting point in an install, you have not yet created a user. Instead, you use the service token to authenticate against the Identity service. With the keystone command-line, you can specify the token and the endpoint as arguments, as follows:

$ keystone --token 012345SECRET99TOKEN012345 --endpoint http://192.168.206.130:35357/v2.0 <command parameters=""></command> You can also specify the token and endpoint as environment variables, so they do not need to be explicitly specified each time. If you are using the bash shell, the following commands will set these variables in your current session so you don't have to pass them to the client each time. Best practice for bootstrapping the first administrative user is to use the OS_SERVICE_ENDPOINT and OS_SERVICE_TOKEN together as environment variables.

$ export OS_SERVICE_TOKEN=012345SECRET99TOKEN012345 $ export OS_SERVICE_ENDPOINT=http://192.168.206.130:35357/v2.0 In the remaining examples, we will assume you have set the above environment variables.

Because it is more secure to use a username and password to authenticate rather than the service token, when you use the token the keystone client may output the following warning, depending on the version of python-keystoneclient you are running:

WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

Stats

Asked: 2013-06-17 00:46:17 -0600

Seen: 726 times

Last updated: Aug 12 '13