Ask Your Question
0

keystone admin user creation failed (HTTP 500)

asked 2015-02-26 06:40:21 -0500

master gravatar image

updated 2015-02-26 09:28:16 -0500

It is failing with the below error

[root@controller ~]# keystone user-create --name=admin --pass=paswo --email=abcd@em.com An unexpected error prevented the server from fulfilling your request. (HTTP 500)

Debug information is as below:

[root@controller ~]# keystone --debug  user-create --name=admin --pass=paswo --email=abcd@em.com
DEBUG:keystoneclient.session:REQ: curl -i -X POST http://controller:35357/v2.0/users -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "X-Auth-Token: e89314d0e157ea9f07a2" -d '{"user": {"email": "abcd@em.com", "password": "paswo", "enabled": true, "name": "admin", "tenantId": null}}'
INFO:urllib3.connectionpool:Starting new HTTP connection (1): controller
DEBUG:urllib3.connectionpool:"POST /v2.0/users HTTP/1.1" 500 143
DEBUG:keystoneclient.session:RESP: [500] {'date': 'Thu, 26 Feb 2015 12:33:19 GMT', 'content-type': 'application/json', 'content-length': '143', 'vary': 'X-Auth-Token'}
RESP BODY: {"error": {"message": "An unexpected error prevented the server from fulfilling your request.", "code": 500, "title": "Internal Server Error"}}

DEBUG:keystoneclient.session:Request returned failure status: 500 An unexpected error prevented the server from fulfilling your request. (HTTP 500)

edit retag flag offensive close merge delete

Comments

post the output of /var/log/keystone/keystone.log

Bipin gravatar imageBipin ( 2015-02-27 02:10:45 -0500 )edit

Hi following is the response received:

-bash: /var/log/keystone/keystone.log: Permission denied and when I opened that file the error is as follows CRITICAL keystone [-] OperationalError: (OperationalError) (1045, "Access denied for user 'keystone'@'localhost' (using password: YES)") None None

master gravatar imagemaster ( 2015-02-27 03:18:29 -0500 )edit

6 answers

Sort by ยป oldest newest most voted
0

answered 2015-02-27 07:43:56 -0500

master gravatar image

Hi madhank,

I've tried as you adviced but still no luck. Please find the details below:

mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'pasw0!'; Query OK, 0 rows affected (0.00 sec)

mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'controller' IDENTIFIED BY 'pasw0!'; Query OK, 0 rows affected (0.00 sec)

mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'192.168.0.11' IDENTIFIED BY 'pasw0!'; Query OK, 0 rows affected (0.00 sec)

mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'pasw0!'; Query OK, 0 rows affected (0.00 sec)

mysql> commit; Query OK, 0 rows affected (0.00 sec)

mysql> exit Bye

[root@controller ~]# grep ^[^#] /etc/keystone/keystone.conf [DEFAULT] admin_token = e89314d0e157ea9f08a5 [assignment] [auth] [cache] [catalog] [credential] [database] connection mysql://keystone:pasw0!@controller/keystone [ec2] [endpoint_filter] [federation] [identity] [kvs] [ldap] [matchmaker_ring] [memcache] [oauth1] [os_inherit] [paste_deploy] [policy] [revoke] [signing] [ssl] [stats] [token] [trust] [ ] [root@controller ~]# export OS_SERVICE_TOKEN=e89314d0e157ea9f08a5 [root@controller ~]# export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0 [root@controller ~]# keystone user-create --name=admin --pass=pasw0! --email=abcd@em.com An unexpected error prevented the server from fulfilling your request. (HTTP 500) [root@controller ~]#

edit flag offensive delete link more

Comments

check conf

[DEFAULT]

admin_token = admin

[database]

connection = mysql://keystone:pasw0!@controller/keystone

[token]

provider = keystone.token.providers.uuid.Provider

driver = keystone.token.persistence.backends.sql.Token

[revoke]

driver = keystone.contrib.revoke.backends.sql.Revoke

madhank gravatar imagemadhank ( 2015-03-01 22:54:34 -0500 )edit
1

your keystone.conf file should have all the above lines

have you sync your keystone database if not do sync by below

su -s /bin/sh -c "keystone-manage db_sync" keystone

service keystone restart

madhank gravatar imagemadhank ( 2015-03-01 22:59:31 -0500 )edit

(crontab -l -u keystone 2>&1 | grep -q token_flush) || echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' >> /var/spool/cron/crontabs/keystone

export OS_SERVICE_TOKEN=admin

export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0

it should work

madhank gravatar imagemadhank ( 2015-03-01 23:00:42 -0500 )edit

still you get the error check you mysql service

madhank gravatar imagemadhank ( 2015-03-02 00:51:02 -0500 )edit

modified the conf as you directed and performed the sync but service keystone restart threw an error "unrecognized service ". Not sure why but I can see keystone being installed on this machine

master gravatar imagemaster ( 2015-03-04 02:21:35 -0500 )edit
1

answered 2015-08-07 17:42:48 -0500

thierryv8 gravatar image

Hi,

I navigated between many forums to figure out the answer and I found out a good solution, which is working for me:

Instead of typing the command: # su -s /bin/sh -c "keystone-manage db_sync" keystone, you must type only: /bin/sh -c "keystone-manage db_sync" keystone

The issue came that: if you have already loggin as a root so you haven't needed anymore to use the "su -s" command at the beginning.

After that, you can execute the command: openstack service create --name keystone ==description "OpenStack Identity" identity, which will work perfectly fine.

by thierryv8

edit flag offensive delete link more
0

answered 2015-09-10 18:53:58 -0500

This error is because of the wrong keystone database setup via mysql. I am using CentOS. while working on mysql, I used all lower case commands as described below. It works! Do NOT use this way: GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \ IDENTIFIED BY 'KEYSTONE_DBPASS';

Try this way: grant all privileges on keystone.* to 'keystone'@localhost' identified by 'KEYSTONE_DBPASS';

Of course, the replace KEYSTONE_DBPASS with the password you set for the keystone database password. AND localhost with the hostname if you are using hostname.

edit flag offensive delete link more
0

answered 2015-05-19 08:22:55 -0500

deeghuge gravatar image

updated 2015-05-19 08:23:45 -0500

Instead of manually assigning permission in mysql for keystone db you can create the keystone db using following openstack utility. Make sure connection string is updated before running this command.

/usr/bin/openstack-db --service keystone --init --password <dbpassword> --rootpw <rootpassword>

Also are you running db_sync before running the keystone user create command.

edit flag offensive delete link more
0

answered 2015-02-27 04:48:55 -0500

madhank gravatar image

do this on mysql

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'hostname' IDENTIFIED BY 'KEYSTONE_DBPASS';

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'yourmanagementip ' IDENTIFIED BY 'KEYSTONE_DBPASS';

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';

check on this file

vi /etc/keystone/keystone.conf

connection = mysql://keystone:KEYSTONE_DBPASS@hostname or <127.0.0.1>/keystone

save

export OS_SERVICE_TOKEN= Admin(what you specified on admin_token in keystone .conf file)

export OS_SERVICE_ENDPOINT=http://<your host="" name="">:35357/v2.0

it should work

edit flag offensive delete link more

Comments

Have done as you said but still the same error again! :(

master gravatar imagemaster ( 2015-02-27 07:20:32 -0500 )edit

Show us the line related to database connection. Starting with --> connection = mysql://keystone: from /etc/keystone/keystone.conf

Bipin gravatar imageBipin ( 2015-03-01 08:23:46 -0500 )edit

connection mysql://keystone:pasw0!@controller/keystone

master gravatar imagemaster ( 2015-03-01 08:38:24 -0500 )edit

I'm working on CentOS 7 and had to shutoff httpd and use the regular openstack-keystone server to get past this. This is as far as I have gotten so I don't know if this will work on the long run. Looks like a definite bug to me!

donaldmize gravatar imagedonaldmize ( 2015-05-21 17:26:38 -0500 )edit

I have followed whatever everyone suggested, still doesnot work for me.

DarkKnight gravatar imageDarkKnight ( 2016-04-18 01:33:50 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-02-26 06:40:21 -0500

Seen: 7,773 times

Last updated: May 19 '15