Unable to start keystone
I have installed openstack mitaka using packstack installation on centos 7 by following the steps mentioned here
Now when i check the openstack-status, i see that the keystone service has failed to start. FYI,
[root@set-compute ~(keystone_admin)]# systemctl status openstack-keystone
● openstack-keystone.service - OpenStack Identity Service (code-named Keystone)
Loaded: loaded (/usr/lib/systemd/system/openstack-keystone.service; enabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Thu 2016-04-21 16:58:18 IST; 5h 49min ago
Main PID: 32976 (code=exited, status=1/FAILURE)
Apr 21 16:58:18 set-compute systemd[1]: Failed to start OpenStack Identity Service (code-named Keystone).
Apr 21 16:58:18 set-compute systemd[1]: Unit openstack-keystone.service entered failed state.
Apr 21 16:58:18 set-compute systemd[1]: openstack-keystone.service failed.
Apr 21 16:58:18 set-compute systemd[1]: openstack-keystone.service holdoff time over, scheduling restart.
Apr 21 16:58:18 set-compute systemd[1]: start request repeated too quickly for openstack-keystone.service
Apr 21 16:58:18 set-compute systemd[1]: Failed to start OpenStack Identity Service (code-named Keystone).
Apr 21 16:58:18 set-compute systemd[1]: Unit openstack-keystone.service entered failed state.
Apr 21 16:58:18 set-compute systemd[1]: openstack-keystone.service failed.
even openstack-status confirms this
[root@set-compute ~(keystone_admin)]# openstack-status
== Nova services ==
openstack-nova-api: active
openstack-nova-compute: active
openstack-nova-network: inactive (disabled on boot)
openstack-nova-scheduler: active
openstack-nova-cert: active
openstack-nova-conductor: active
openstack-nova-console: active
openstack-nova-consoleauth: active
openstack-nova-xvpvncproxy: active
== Glance services ==
openstack-glance-api: active
openstack-glance-registry: active
== Keystone service ==
openstack-keystone: failed
== Horizon service ==
openstack-dashboard: 502
But i am able to create instances, upload images etc. which surprises me because from what i know, each service has to get an authentication token from the keystone as soon as the service receives and API request. So if the keystone service is not running, how come are other services like creation of instances working fine. Would any one bother to explain. Even links to explanation would work.
These information might interest you.
/etc/keystone/keystone.conf
[root@set-compute ~(keystone_admin)]# grep -v -e^# -e ^$ /etc/keystone/keystone.conf
[DEFAULT]
admin_token = ca7172741569472e8d258ae5aedbaf74
debug = False
log_dir = /var/log/keystone
public_port=5000
admin_bind_host=0.0.0.0
public_bind_host=0.0.0.0
admin_port=35357
[assignment]
[auth]
[cache]
[catalog]
template_file = /etc/keystone/default_catalog.templates
driver = sql
[cors]
[cors.subdomain]
[credential]
[database]
connection = mysql+pymysql://keystone_admin:c034c5a9cfba44f1@172.19.18.1/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
public_workers = 24
admin_workers = 24
[eventlet_server_ssl]
[federation]
[fernet_tokens]
key_repository = /etc/keystone/fernet-keys
[identity]
[identity_mapping]
[kvs]
[ldap]
[matchmaker_redis]
[memcache]
[oauth1]
[os_inherit]
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
rabbit_ha_queues = False
[oslo_middleware]
[oslo_policy]
[paste_deploy]
[policy]
[resource]
[revoke]
[role]
[saml]
[shadow_users]
[signing]
certfile = /etc/keystone/ssl/certs/signing_cert.pem
keyfile = /etc/keystone/ssl/private/signing_key.pem
ca_certs = /etc/keystone/ssl/certs/ca.pem
ca_key = /etc/keystone/ssl/private/cakey.pem
key_size = 2048
cert_subject = /C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com
[ssl]
enable=False
[token]
expiration = 3600
provider = fernet
driver = sql
revoke_by_id = True
[tokenless_auth]
[trust]
Also when i check this o/p i see many process for keystone running. Here is an abridged output.
[root@set-compute ~(keystone_admin)]# ps -ef | grep keystone
root 6134 ...
What is value CONFIG_KEYSTONE_SERVICE_NAME= ? in your answer-file.
yes it is httpd, the explanation of eduardo helps. Thanks for your assistance too. :-)
Hey dbaxps, Could you please have a look at this issue and maybe suggest something. https://ask.openstack.org/en/question...