# Keystone Unable to Establish Connection

Hello everyone. I'd like to provide you with a very clear concise description of what I have set up, so there is no ambiuguity.

I have 1 single server, with 1 active network interface. I'm running OpenSuSE 13.1. I'm trying to install Openstack-keystone. I have the option of running through a proxy, but at the moment, I have it set to disabled in /etc/sysconfig/proxy.   My export list has no proxy variables set. but I did have a no_proxy="localhost, 127.0.0.1, <myip"  variable set at one time during testing.

Ok, so with that background, onto my problem.  I have set up openstack-keystone, mysql-python (which uses mariadb)

My first issue is this when I start keystone I get this output:

Active: active (exited) since Tue 2015-02-17 04:44:02 EST; 7min ago
Process: 4262 ExecStop=/etc/init.d/openstack-keystone stop (code=exited, status=0/SUCCESS)
Process: 4272 ExecStart=/etc/init.d/openstack-keystone start (code=exited, status=0/SUCCESS)


The status is Active (Exited). As opposed to other processes that have Active (running). I thought this may be normal, but in running netstat -atp or netstat -tulpen I see nothing that shows that the keystone process is listening for connections. My /etc/keystone/keystone.conf (which i'll post shortly) has it's bind address to 0.0.0.0 and it listening on ports 35357 and 5000.

Yet when I go to run or start openstack-keystone, while it recieves a real process ID, it shows no listening port. I've grepped for it, and everything. There is nothing listening on 35357 or 5000. Now before this issue comes up, I have opened up the ports in SuSEfirewall. In fact, I actually disabled the entire firewall itself, unloaded all rules. Currently, the system is wide open, no firewall rules exist.

So this leads to the next issue. I'm not sure if they are related. After I even start openstack-keystone (when it is in active (exited)), I try to connect to the mysql database. From the terminal i can issue 'mysql -u root -p" and enter the database no problem. In fact, I ran a keystone-manage db_sync keystone, and it populated the keystone table with 18 entries. So I'm assuming that all is correct....

The problem is when I take it a step further. I use the command 'keystone tenant-create --name admin --description 'admin-tenant'

This is where things get really hairy. The error I'm getting is:

Unable to establish connection to http://127.0.0.1:35357/v2.0/tenants

That's the error I receive if I set the OS_SERVICE_ENDPOINT equal to 127.0.0.1. I've tried many options such as localhost, controller, and my own interface's IP address. The results are the same. It is unable to establish a connection. I can only assume this is linked to the fact that I see nothing listening on ports 35357 and 5000.

Also ...

edit retag close merge delete

Hi, Please check by changing admin_endpoint and public_endpoint in keystone.conf from localhost to your interface IP. Restart httpd service, then keystone service. Thanks.

( 2016-02-28 02:39:54 -0500 )edit

Sort by » oldest newest most voted

Thanks! I actually found out the issue. According the Juno install docs for opensuse, it says to add the .persistence. keyword to the [token] portion of the /etc/keystone/keystone.conf file. Like this: ... [token] # Provides token persistence. driver = keystone.token.persistence.backends.sql.Token ....

After removing the persistence word, I had no issue. I restarted openstack-keystone, it brought the ports up, I was able to connect to them, and I finished the keystone install last night... Again I removed the word persistence from the drive parameter, and it worked.

driver = keystone.token.backends.sql.Token

They ask you to place the keyword "persistence" in between token and backends. It causes the keystone.conf file to not be fully loaded, and the port's listed in the same file, will not be opened up.

more

None of the above mentioned solutions helped....

So tried to troubleshoot using some basic concepts... here are the steps tried :

1. Check if keystone service is running using
2. If not running keystone-all command
3. If it starts without error problem solved.
4. If it does not troubleshoot the new error

Thanks

more

Hi this error will appears due to missing grant PRIVILEGES please do the below in mysql db and check

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'<your host="" name="">' IDENTIFIED BY 'KEYSTONE_DBPASS';

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'yourmanagementip <or> 127.0.0.1' IDENTIFIED BY 'KEYSTONE_DBPASS';

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';

edit in this file vi /etc/keystone/keystone.conf

connection = mysql://keystone:KEYSTONE_DBPASS@<your host="" name="">or <127.0.0.1>/keystone

[token]

provider = keystone.token.providers.uuid.Provider

driver = keystone.token.persistence.backends.sql.Token

save and sync keystone db

su -s /bin/sh -c "keystone-manage db_sync" keystone

Note OS_SERVICE_TOKEN and admin_token need to have same character do the below exports it will works for sure

export OS_SERVICE_TOKEN=12345

more

Thanks for the response madhank. I have two questions. Before I drop the keystone database and do as you say, will this cause all of my service Id's, tenants, and users from glance to be removed?

Also I'm having trouble starting the openstack-glance-api process. Could this be related to it?

( 2015-02-20 10:27:43 -0500 )edit

hey there,

first of all try to find the errors from logs which are available at

/var/log/keystone/
/var/log/mysql/
/var/log/glance/


likewise all relevant logs are automatically saved in respective places. log files which are nothing but a continous description of the executions no matter right one or not will be saved.

unable to establish connection to OS_AUTH_URL means it is a keystone error. hope you must have received the right tokens. because

export OS_AUTH_TOKEN
export OS_AUTH_URL


will act as a temporary variables which will be placed as environment variables and will vanish after closing terminal or a restart system.

and do check with which interface like (eth0, lo) your mysql is binded, the same IP you have to provide in every other configuration.

if possible post some logs.

more

The keystone.log is in /var/log/apache2 on ubuntu 16.04 LTS. Just adding as a FYI

( 2016-11-02 09:46:55 -0500 )edit