I am trying to install OpenStack on CentOS. The service nova-api is not running. The pid file exists but it is dead. the api.log gives the error 'no module named auth_token'.

my keystone.conf is

[DEFAULT]
log_file = /var/log/keystone/keystone.log
# A "shared secret" between keystone and other openstack services
# admin_token = ADMIN

admin_token = 986ca59c04be7f9402a1

# The IP address of the network interface to listen on
# bind_host = 0.0.0.0

# The port number which the public service listens on
# public_port = 5000

# The port number which the public admin listens on
# admin_port = 35357

# The port number which the OpenStack Compute service listens on
# compute_port = 8774

compute_port = 8774

# === Logging Options ===
# Print debugging output
#verbose = False

verbose = True

# Print more verbose output
# (includes plaintext request logging, potentially including passwords)
# debug = False
# Name of log file to output to. If not set, logging will go to stdout.
# log_file = keystone.log

# The directory to keep log files in (will be prepended to --logfile)
# log_dir = /var/log/keystone

# Use syslog for logging.
# use_syslog = False

# syslog facility to receive log lines
# syslog_log_facility = LOG_USER

# If this option is specified, the logging configuration file specified is
# used and overrides any other logging options specified. Please see the
# Python logging module documentation for details on logging configuration
# files.
# log_config = logging.conf

# A logging.Formatter log message format string which may use any of the
# available logging.LogRecord attributes.
# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s

# Format string for %(asctime)s in log records.
# log_date_format = %Y-%m-%d %H:%M:%S

# onready allows you to send a notification when the process is ready to serve
# For example, to have it notify using systemd, one could set shell command:
# onready = systemd-notify --ready
# or a module with notify() method:
# onready = keystone.common.systemd



[sql]
connection = mysql://keystone:*****@localhost/keystone
# The SQLAlchemy connection string used to connect to the database
# connection = sqlite:///keystone.db

# the timeout before idle sql connections are reaped
# idle_timeout = 200

[identity]
driver = keystone.identity.backends.sql.Identity
# driver = keystone.identity.backends.sql.Identity

[catalog]
template_file = /etc/keystone/default_catalog.templates
driver = keystone.catalog.backends.sql.Catalog
# dynamic, sql-based backend (supports API/CLI-based management commands)
# driver = keystone.catalog.backends.sql.Catalog

# static, file-based backend (does *NOT* support any management commands)
# driver = keystone.catalog.backends.templated.TemplatedCatalog
# template_file = default_catalog.templates

[token]
driver = keystone.token.backends.sql.Token
# driver = keystone.token.backends.kvs.Token

# Amount of time a token should remain valid (in seconds)
# expiration = 86400

[policy]
# driver = keystone.policy.backends.rules.Policy

[ec2]
driver = keystone.contrib.ec2.backends.sql.Ec2
# driver = keystone.contrib.ec2.backends.kvs.Ec2

[ssl]
#enable = True
#certfile = /etc/keystone/ssl/certs/keystone.pem
#keyfile = /etc/keystone/ssl/private/keystonekey.pem
#ca_certs = /etc/keystone/ssl/certs/ca.pem
#cert_required = True

[signing]
#token_format = UUID
#certfile = /etc/keystone/ssl/certs/signing_cert.pem
#keyfile = /etc/keystone/ssl/private/signing_key.pem
#ca_certs = /etc/keystone/ssl/certs/ca.pem
#key_size = 1024
#valid_days = 3650
#ca_password = None
#token_format = PKI

[ldap]
# url = ldap://localhost
# user = dc=Manager,dc=example,dc=com
# password = None
# suffix = cn ...