Ask Your Question

Can't get keystone token: "HTTP Unable to establish connection"

asked 2014-04-30 08:38:03 -0500

phil gravatar image

updated 2014-04-30 08:52:19 -0500

What I think is happening:

I installed openstack (havana on ubuntu 12.04 LTS) through Puppet and forgot to update the public ip address used by puppet to propagate throughout the install. I partially fixed this by updating the keystone endpoints table to reflect the actual address but I think there's one spot where I haven't been sucessful in updating the old ip address (I can't find the entry in the database or a file). I could simply reinstall it with the right address and I think it would fix my problem but I'd rather understand openstack better, and in case I'm ever forgetful again.

Other symptoms, I tried launching an instance but I received this error (again) Now when I try to launch an instance it's stuck launching the instance and I can't access the page in the dashboard, it's endlessly loading.

Onto the problem I'm facing which could be unrelated to the above.

Whenever I try to "keystone token-get" I get this error,

REQ: curl -i -X POST https://localhost:35357/v2.0/tokens -H "Content-Type: application/json" -H "User-Agent: python-keystoneclient"
REQ BODY: {"auth": {"tenantName": "admin", "passwordCredentials": {"username": "admin", "password": "admin_password"}}}

Authorization Failed: <attribute 'message' of 'exceptions.BaseException' objects> (HTTP Unable to establish connection to https://localhost:35357/v2.0/tokens)

You're first (and mine) reaction is probably along the lines of "well keystone must not be running", but I'm fairly certain it is. wget localhost:35357 downloads index.html, curl localhost:35357/v2.0 returns data and I'm able to login to the dashboard without any problems, I just can't access any pages linked to instances as they endlessly load.

I'm trying to access keystone, nova, etc this way in order to kill the instance that won't stop loading. I'm a little lost at this point, with all these things going wrong I'm not really sure what to tackle first and google hasn't been that helpful. Thanks for reading.

Curl output

curl localhost:35357/v2.0
{"version": {"status": "stable", "updated": "2013-03-06T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v2.0+json"}, {"base": "application/xml", "type": "application/vnd.openstack.identity-v2.0+xml"}], "id": "v2.0", "links": [{"href": "http://localhost:35357/v2.0/", "rel": "self"}, {"href": "", "type": "text/html", "rel": "describedby"}, {"href": "", "type": "application/pdf", "rel": "describedby"}]}}
edit retag flag offensive close merge delete


If you try running the actual curl command line (along with the request body) that the debug output provides, does it work? Do you see keystone logging anything in /var/log/keystone/keystone.log that corresponds to these failures?

larsks gravatar imagelarsks ( 2014-04-30 08:41:07 -0500 )edit

Whenever I try to get a token, nothing is being logged to /var/log/keystone/keystone.log. Sadly I'm not sure I understand what you mean by the first part of your comment but I updated my original post with the curl output I received.

phil gravatar imagephil ( 2014-04-30 08:48:36 -0500 )edit

I was suggesting using the information from REQ and REQ BODY in the output you posted to constract a curl command line. But I think I spotted your problem anyway...see my answer.

larsks gravatar imagelarsks ( 2014-04-30 09:24:01 -0500 )edit

1 answer

Sort by ยป oldest newest most voted

answered 2014-04-30 09:22:34 -0500

larsks gravatar image

updated 2014-04-30 09:22:59 -0500

Looking more closely at your output, your keystone client is attempting to use https...

REQ: curl -i -X POST https://localhost:35357/v2.0/tokens -H "Content-Type: application/json" -H "User-Agent: python-keystoneclient"

...while all of your tests are using unencrypted http. It is likely that you have OS_AUTH_URL set incorrectly in your environment and that you need to replace:



edit flag offensive delete link more


You're entirely right, thanks for pointing that out!

phil gravatar imagephil ( 2014-04-30 09:24:55 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2014-04-30 08:38:03 -0500

Seen: 8,891 times

Last updated: Apr 30 '14