Request for help with keystone identity service

asked 2015-07-30 12:42:20 -0500

ubchaudhry gravatar image

updated 2015-07-30 12:43:51 -0500

I used the help of openstack installation guide (JUNO)(http://docs.openstack.org/juno/install-guide/install/apt/content/) released on May 10,2015. I followed each and every step as was stated in the tutorial. However, I still came across a few problems on which I have been stuck for quite some time now. I was hoping if someone could spare me a few minutes out and point me towards the right direction. I’ll explain my issues now:

After completing the initial steps, I started off as below:

# apt-get install mariadb-server python-mysqldb
# nano /etc/mysql/my.cnf
 [mysqld]
 ...
 bind-address = 10.10.10.10
 [mysqld]
 ...
 default-storage-engine = innodb
 innodb_file_per_table
 collation-server = utf8_general_ci
 init-connect = 'SET NAMES utf8'
 character-set-server = utf8
 # service mysql restart
 # mysql_secure_installation
 # apt-get install rabbitmq-server
 # rabbitmqctl change_password guest openstack  exit
 # mysql -u root -p
 > CREATE DATABASE keystone;
 > GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'openstack';
 > GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'openstack';
 > exit
 # apt-get install keystone python-keystoneclient
 # nano /etc/keystone/keystone.conf
 [DEFAULT]
 ...
 admin_token = openstack
 [database]
 ...
 connection = mysql://keystone:openstack@controller/keystone
 [token]
 ...
 provider = keystone.token.providers.uuid.Provider
 driver = keystone.token.persistence.backends.sql.Token
 [revoke]
 ...
 driver = keystone.contrib.revoke.backends.sql.Revoke
 [DEFAULT]
 ...
 verbose = True
 # keystone-manage db_sync
 # service keystone restart
 # rm -f /var/lib/keystone/keystone.db
 # export OS_SERVICE_TOKEN=openstack
 # export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0
 # keystone tenant-create --name admin --description "Admin Tenant"

When I tried to create the Admin Tenant, it kept saying “Unable to establish connection to http://controller:35357/v2.0/tenants%E2%80%9D (http://controller:35357/v2.0/tenants”). I went back to the keystone.conf file and commented the following lines:

 provider = keystone.token.providers.uuid.Provider
 driver = keystone.token.persistence.backends.sql.Token
 driver = keystone.contrib.revoke.backends.sql.Revoke

It allowed me to create the tenants and move forward. Everything appeared to be popping up the way it is in the tutoria. However, when I ran the following command:

# keystone --os-tenant-name admin --os-username admin --os-password openstack --os-auth-url http://controller:35357/v2.0 token-get

The result was a continuous string of dotted/hyphen line. I tried ignoring that and the next few verification commands showed the expected output until I tried switching from the Admin tenant to demo tenant using the following command:

# keystone --os-tenant-name demo --os-username demo --os-password openstack --os-auth-url http://controller:35357/v2.0 token-get

The result is "The request you made requires authentication. HTTP(401)".

I have tried everything but I cant figure out what is wrong. It would be greatly appreciated if someone can spare me a few minutes and help me out.Hoping for an early response.

Results of the following commands are shown below. I thought it might help:

#ps -fe | grep keystone

keystone    5075    1    0    time    ?    /usr/bin/python    /usr/bin/keystone-all

root    5080    2467    0    time    tty    grep    --color=auto keystone

#ss -tlnp | grep 35357

Listen    0      128     *:35357      *:*      users:(("keystone-all" ,5075,3))

Kindly get back to me at your earliest. It would be greatly appreciated.

edit retag flag offensive close merge delete