asked 2014-05-28 10:28:52 -0600

black sensei gravatar image

updated 2014-05-28 10:29:26 -0600

Hello I have been following a the pdf documentation for ubuntu 12.04/14/04 downloaded from openstack site using ubuntu 14.04. I have been following till the poing of the chapter 3 Configure the identity service where it's about creating an administrative user page 25.

keystone user-create --name=admin --pass=myadminpass --email=myadmin@email.com

it throws this following error:

Expecting an auth URL via either --os-auth-url or env[OS_AUTH_URL]

But up to that page there has never been any reference to OS_AUTH_URL variable. Only known to that point are


For search some use http://controller:5000/v2.0 for OS_AUTH_URL. So which one to use. I am not sure whether it's an oversight from the documenters or I was supposed to have known that part. For the mean time I just need a way to continue my setup. There seem to be other variables like : OS_TENANT_NAME , OS_USERNAME , OS_PASSWORD, OS_AUTH_URL .

Kindly show me the way forward.


edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by SamYaple
close date 2014-05-30 12:21:21.217725

1 answer

Sort by ยป oldest newest most voted

answered 2014-05-28 11:39:09 -0600

SamYaple gravatar image

I can see how that is a bit confusing.

Keystone has two ways of authenticating.

  • The first one uses the traditional username/password combination:

keystone --os-username <auth-user-name> --os-password <auth-password> --os-tenant-name <auth-tenant-name> --os-auth-url <auth-url>

  • The second one authenticates with a token. Technically it is bypassing authentication entirely. It is typically used to setup the initial users and for recovery purposes:

keystone --os-token <service-token> --os-endpoint <service-endpoint>

Notice auth-url is used for the username/password/tenant, while endpoint is paired with the token authentication.

edit flag offensive delete link more


Hello Thanks for the prompt response. However my method is also bypassing the use of username and password but still it requires somehow the presence of the authentication url. So without that set either in the environment variable there is no way of moving from keystone user-create command point.

black sensei gravatar imageblack sensei ( 2014-05-28 11:45:13 -0600 )edit

Check your enviroment. What variables do you have set? If you have certain ones set it will try and use that form of authentication.

SamYaple gravatar imageSamYaple ( 2014-05-28 13:09:08 -0600 )edit

I had these 2 exactly as documented: OS_SERVICE_TOKEN and OS_SERVICE_ENDPOINT

black sensei gravatar imageblack sensei ( 2014-05-28 13:34:58 -0600 )edit

Just those two, no other enviroment variables?

SamYaple gravatar imageSamYaple ( 2014-05-28 13:40:22 -0600 )edit

Yes those two only. Because those are the environment mentioned in the documentation at that point

black sensei gravatar imageblack sensei ( 2014-05-28 14:23:49 -0600 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2014-05-28 10:28:52 -0600

Seen: 1,636 times

Last updated: May 28 '14