Ask Your Question
0

keystone-manage db_sync failing unless "localhost" set in keystone.conf

asked 2015-04-17 21:12:20 -0600

Locane gravatar image

updated 2015-04-20 19:33:40 -0600

Hello all. New to openstack. I'm attempting to set up Open Stack on CentOS 6.6 using the http://docs.openstack.org/icehouse/install-guide/install/yum/content/ch_basics.html (Icehouse instructions).

I'm running in to issues when I attempt the step on http://docs.openstack.org/icehouse/install-guide/install/yum/content/keystone-install.html (this page): 

su -s /bin/sh -c "keystone-manage db_sync" keystone

The error I get is nothing on the screen, but /var/log/keystone/keystone.log gets populated with:

2015-04-17 18:50:47.336 5944 CRITICAL keystone [-] OperationalError: (OperationalError) (2003, "Can't connect to MySQL server on 'controller' (111)") None None

Strangely, however, the command works if I edit the keystone.conf file to use "localhost" instead of the hostname:

[database]
connection = mysql://keystone:KEYSTONE_DBPASS@controller/keystone

Does not work, but:

[database]
connection = mysql://keystone:KEYSTONE_DBPASS@localhost/keystone

Does work.

I think my MySQL permissions are correct, but something's broken, so they might not be. Here is the output from the MySQL database for users and the keystone privileges:

+----------+------------+
| user     | host       |
+----------+------------+
| keystone | %          |
| root     | 127.0.0.1  |
| root     | controller |
| keystone | localhost  |
| root     | localhost  |
+----------+------------+
5 rows in set (0.01 sec)

mysql> show grants for 'keystone'@'%';
+---------------------------------------------------------------------------------------------------------+
| Grants for keystone@%                                                                                   |
+---------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'keystone'@'%' IDENTIFIED BY PASSWORD '*442DFE587A8B6BE1E9538855E8187C1EFB863A73' |
| GRANT ALL PRIVILEGES ON `keystone`.* TO 'keystone'@'%'                                                  |
+---------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

mysql> show grants for 'keystone'@'localhost';
+-----------------------------------------------------------------------------------------------------------------+
| Grants for keystone@localhost                                                                                   |
+-----------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'keystone'@'localhost' IDENTIFIED BY PASSWORD '*442DFE587A8B6BE1E9538855E8187C1EFB863A73' |
| GRANT ALL PRIVILEGES ON `keystone`.* TO 'keystone'@'localhost'                                                  |
+-----------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

And here are some relevant lines from the /etc/my.cnf file:

symbolic-links=0
bind-address = 10.11.21.159
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8

Does anyone know what I'm doing wrong?

What output can I provide that will help resolve the issue?

Thanks in advance.

(Edit) I figured out the answer with the help of a coworker, but do not have enough reputation to select my answer as THE answer. It is listed below.

edit retag flag offensive close merge delete
add a comment

5 answers

Sort by ยป oldest newest most voted
1

answered 2016-06-24 05:17:07 -0600

nareng gravatar image

please check it once if error

netstat -tunap| grep 3306

tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN

if the output is this do below

comment the /etc/mysql/mariadb.conf.d/50-server.cnf

# bind-address =127.0.0.1

edit flag offensive delete link more

Comments

for me I had to comment the line into

/etc/mysql/mariadb.conf.d/mysqld.cnf

Amyway it worked

turnab gravatar imageturnab ( 2016-07-19 10:11:41 -0600 )edit
add a comment
0

answered 2017-11-28 13:09:04 -0600

OpenStack gravatar image

someone please share documentation for Newton installation. When I'm trying to sych SQL database with keystone by using command su -s /bin/sh -c "keystone-manage db_sync" keystone its giveing error message as Authentication failure. Need quick results as I'm working on it for my masters project.

edit flag offensive delete link more
add a comment
0

answered 2017-02-23 06:04:44 -0600

hkml2000 gravatar image

Hi!

if the password of mysql keystone user contains special char, then you have to encode the password

you can use this tool

http://meyerweb.com/eric/tools/dencoder/

edit flag offensive delete link more

Comments

The final breakthrough - after commenting the bind-address 127.0.0.1 (localhost) in the my.cnf-file && setting the bind-address(uncommented) to 0.0.0.0 - was the change of my password to one without special characters which you suggested to be encoded. Maybe I'll play around with utf-8 in the my.cnf

Robert Wolf gravatar imageRobert Wolf ( 2018-05-13 12:48:15 -0600 )edit
add a comment
0

answered 2015-04-20 16:24:05 -0600

Locane gravatar image

I figured it out.

My /etc/hosts file was not configured properly to resolve my hostname.

Previously, it was:

127.0.0.1 controller
::1 controller

And it needed to be:

127.0.0.1 localhost
::1 localhost
10.11.21.159 controller

Where 10.11.21.159 is the machine's IP.

edit flag offensive delete link more
add a comment
0

answered 2015-04-20 06:47:37 -0600

Poonam Agarwal gravatar image

Can you please confirm whether your mysql is binding only to localhost ?

netstat -tunap| grep 3306

Also the bind address in /etc/mysql/my.cnf should be as below :

bind-address            = 0.0.0.0

Change mysql to not bind only to localhost by adding above and restart mysql. That should probably resolve your problem.

edit flag offensive delete link more

Comments

Thanks for your reply Poonam!

Locane gravatar imageLocane ( 2015-04-20 16:24:40 -0600 )edit
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2015-04-17 21:12:20 -0600

Seen: 8,310 times

Last updated: Jun 24 '16

Related questions

trouble migrating keystone database from juno to mitaka

packstack installation fails with mysql access denied error

keystone_manage db_sync keystone fails on kilo in CentOS 7.1

ERROR 1045 (28000): Access denied for user

Is rally identity v3 compatible?

MySQL count and comparison inside trigger

Problem with Keystone and Active Directory

Glance, nova not working with keystone on SSL

conflict occurred attempting to store project

Register Designate with Keystone