Ask Your Question
2

Keystone port 5000 used by Python

asked 2015-07-11 14:13:25 -0600

mkowalski gravatar image

updated 2015-07-15 14:38:30 -0600

Hi,

I'm following official OpenStack documentation to build my first environment and got stuck in configuring Keystone (last step from http://docs.openstack.org/kilo/install-guide/install/apt/content/keystone-install.html (http://docs.openstack.org/kilo/instal...))

While trying to restart apache I get error message about port 5000 being used

 * Restarting web server apache2
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:5000
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:5000
no listening sockets available, shutting down
AH00015: Unable to open logs
Action 'start' failed.
The Apache error log may have more information.

Netstat says the port is used by Python and further investigation shows it's somehow related to Keystone

/usr/bin/python /usr/bin/keystone-all --config-file=/etc/keystone/keystone.conf --log-file=/var/log/keystone/keystone.log

Which way should I take up in this situation? Reconfigure apache to use a different port, or try to deal with Python to use a different one?

EDIT

Referring to https://ask.openstack.org/en/question/47137/devstack-fails-to-start-apache2-address-already-in-use-could-not-bind-to-address/ (https://ask.openstack.org/en/question...) I modified /etc/apache2/sites-available/wsgi-keystone.conf from <VirtualHost *:5000> to <VirtualHost *:80>, but the error persisted. The message right now is

 * Restarting web server apache2
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:35357
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:35357
no listening sockets available, shutting down
AH00015: Unable to open logs
Action 'start' failed.
The Apache error log may have more information.

Apache error log obviously is empty, so I cannot go there to find anything helpful.

edit retag flag offensive close merge delete

Comments

Could you please check this solution works for you?

sunnyarora gravatar imagesunnyarora ( 2015-07-14 20:30:57 -0600 )edit

Could you please try rebooting the server once..:)

Ram.Meena gravatar imageRam.Meena ( 2015-07-15 04:16:29 -0600 )edit

@Ram.Meena, of course tried it before posting here...

@sunnyarora, problem there refers to Horizon, not Keystone. Anyway I've modified wsgi-keystone.conf to make apache listen on 80 instead of 5000, but it still did not help

mkowalski gravatar imagemkowalski ( 2015-07-15 14:32:49 -0600 )edit

3 answers

Sort by ยป oldest newest most voted
1

answered 2015-07-16 02:58:56 -0600

soumitrakarmakar gravatar image

Stop the openstack-keystone service and then restart httpd service, your Openstack infra will work properly except for if you are using cinder as cinder uses api v2 and for that you would require to start the openstack-keystone service again, so the best solution is comment out the Listen 5000 Listen 35357 from /etc/httpd/conf.d/wsgi-keystone.conf

edit flag offensive delete link more

Comments

After commenting ports apache starts correctly, but does it mean I don't have Keystone service at all? I cannot run openstack service create --name keystone --description "OpenStack Identity" identity as I don't have any service on 35357. If so, how infra will work without identity service?

mkowalski gravatar imagemkowalski ( 2015-07-16 04:36:30 -0600 )edit

Check the status of your openstack-keystone service if it is disabled enable it. There is actually two way work around for it: 1. If you specify Listen 5000 or Listen 35357 in httpd, then stop openstack-keystone service as httpd will handle it. 2. Start openstack-keystone service & comment out ports

soumitrakarmakar gravatar imagesoumitrakarmakar ( 2015-07-16 05:54:26 -0600 )edit

Any of the ways don't work, I'm having an ERROR: openstack Unable to establish connection to http://controller:35357/v2.0/OS-KSADM/services message when trying to openstack service create, so it's still the same situation as it was before

mkowalski gravatar imagemkowalski ( 2015-07-16 09:51:56 -0600 )edit

Did you export the OS_TOKEN and OS_URL, I suggest you follow the installation guide thoroughly.

soumitrakarmakar gravatar imagesoumitrakarmakar ( 2015-07-17 07:20:16 -0600 )edit
0

answered 2015-12-03 12:20:03 -0600

adendukuri gravatar image

OpenStack Kilo release the keystone project deprecates Eventlet in favor of a WSGI server. In Kilo release the Apache HTTP server with mod_wsgi to serve keystone requests on ports 5000 and 35357. By default, the keystone service still listens on ports 5000 and 35357. Therefore, this guide disables the keystone service.

To make this happen Openstack documentation recommends you to disable Keystone service which essentially uses python. echo "manual" > /etc/init/keystone.override then install keystone components which includes keystone python-openstackclient apache2 libapache2-mod-wsgi memcached python-memcache

If there are process from keystone using python then 1. kill those processes 2. disable keystone 3. restart the apache service.

It should work

edit flag offensive delete link more

Comments

Would echo "manual" > /etc/init/keystone.override work on centos7 or RHEL7 that use systemd instead the good old /etc/init.d?

RedCricket gravatar imageRedCricket ( 2015-12-04 12:47:05 -0600 )edit
0

answered 2016-06-23 14:24:14 -0600

hk gravatar image

In some case of openstack gives this error because port describe in file "/etc/httpd/conf.d/wsgi-keystone.conf" is same as keystone endpoint URL port. so it conflict and both keystone and httpd service not start simultaneously.

for its if you change port of keystone endpoint then you would require to change in lots of other openstack service config file

so change port 5000 to 5001 and 35357 to 35358 in file "/etc/httpd/conf.d/wsgi-keystone.conf".and reboot. then both service will work simultaneously in above file if you set to port 80 then it will conflict with "/etc/httpd/conf/httpd.conf". so kindly change as above then it work work.

edit flag offensive delete link more

Comments

hi, i have done work around as yours suggestion, later keystone authentication gets failed, Is it better to change apache2 listening port do you think ? Also tried with removing keystone.conf and remap, no luck

Maestropandy gravatar imageMaestropandy ( 2016-06-24 04:09:10 -0600 )edit

Hi maestropandy, After that change, I had verify keystone as per "http://docs.openstack.org/mitaka/install-guide-rdo/keystone-verify.html", it was working fine. also i had verify other service it were working fine. still if you could paste your log. it would better to understand.

hk gravatar imagehk ( 2016-06-24 11:04:25 -0600 )edit

hi, i have a question. your answer explain both service will work simultaneously. but next step, we use port 5000,35357 for endpoint. then, Do we need apache2??

Soondong gravatar imageSoondong ( 2016-07-10 08:45:58 -0600 )edit

hi soondong. if you won't provide extra port as my previous suggestion, still its work but you have to disable keystone service.

read second notes from ref. ref: http://docs.openstack.org/mitaka/install-guide-rdo/keystone-install.html (http://docs.openstack.org/mitaka/inst...)

hk gravatar imagehk ( 2016-07-14 15:25:28 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2015-07-11 14:13:25 -0600

Seen: 5,949 times

Last updated: Jun 23 '16