Creating tenant during openstack installation gives error

asked 2015-02-06 04:13:51 -0600

anil987 gravatar image

updated 2015-02-07 06:54:49 -0600


I am installing openstack juno from

After installing Keystone, I am trying to create tenant (from )

  1. export OS_SERVICE_TOKEN=55e787c32be466315550
  2. export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0
  3. keystone tenant-create --name admin --description "Admin Tenant"

I got the error "Unable to establish connection to http://controller:35357/v2.0/tenants"

I have also checked the link but I could not resolve the issue. Please help me resolving this issue


edit retag flag offensive close merge delete


Just to make sure: you can ping controller?

Ad Beumer gravatar imageAd Beumer ( 2015-02-06 04:43:15 -0600 )edit

yes, I am able to ping the controller

anil987 gravatar imageanil987 ( 2015-02-06 05:02:36 -0600 )edit

2 answers

Sort by ยป oldest newest most voted

answered 2015-02-08 02:58:34 -0600

anil987 gravatar image

updated 2015-02-08 03:00:02 -0600

Thanks for reply

I ran the command "ss -tlnp | grep 35357" and I got nothing in the output. So, Keystone is not listening on port 35357. Can you please suggest me the reason for this? I have exactly followed the steps mentioned in the document. Also there is no log file in /var/log/keystone/

edit flag offensive delete link more

answered 2015-02-07 08:41:48 -0600

larsks gravatar image

The error Unable to establish connection to http://controller:35357/v2.0/tenants seems pretty clear: the client is unable to connect to the service at that host and port. There are a number of simple steps you can perform to further diagnose this problem:

  1. Is the Keystone service running on the controller?

    # ps -fe | grep keystone

    You would expect to see one or more keystone-all processes. If Keystone is not running, what happens if you start it manually? If it doesn't start correctly, are there are useful error messages in the Keystone log (generally /var/log/keystone/keystone.log)?

  2. Is Keystone listening on port 35357?

    # ss -tlnp | grep 35357

    You would expect to see a LISTEN entry on this port:

    LISTEN     0      128                       *:35357                    *:*      ...

    If Keystone is not listening, the response is largely the same as for the previous step. If it is listening, but on a specific address other than *, does that address match the result of looking up the hostname?

  3. Are you able to connect to the port from another host?

    # curl http://controler:35357

    This should result in a JSON response from the controller:

    {"versions": {"values": [{"status": "stable", "updated": ...

    If curl fails to connect to the controller, but the previous step shows that Keystone was up and listening, this suggests that either (a) there is a firewall rule that is blocking the connection, or (b) you need to double check the ip address associate with the controller's hostname.

  4. Lastly, if everything prior to this point seems successful, run the keystone command with the --debug flag. This will show you exactly what requests Keystone is making and may help narrow down the problem.

Good luck!

edit flag offensive delete link more


What happens when you start the keystone service? Please update your question to show the exact commands you are running and any output that results. Thanks.

larsks gravatar imagelarsks ( 2015-02-08 13:19:16 -0600 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-02-06 04:13:51 -0600

Seen: 634 times

Last updated: Feb 07 '15