Ask Your Question
1

HTTP 500 error while installing the keystone identity service (Mitaka)

asked 2016-07-19 18:46:36 -0500

Vijayuppala gravatar image

I'm trying to install the Mitaka and struck at the keystone identity service (http://docs.openstack.org/mitaka/inst... )

Below is my configuration

i created the keystone DB in mysql

[root@controller keystone]# mysql -u root -p 
Enter password: 
Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 63 Server version: 10.1.12-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | keystone | | mysql | | performance_schema | | test | +--------------------+ 5 rows in set (0.00 sec)

MariaDB [(none)]>

This is how my keystone.conf file looks like

[root@controller keystone]# grep ^[^#] /etc/keystone/keystone.conf 
[DEFAULT] admin_token = b9a95be763c7bf6cce1a 
[assignment] 
[auth] 
[cache] 
[catalog] 
[cors]
[cors.subdomain] 
[credential] 
[database] 
connection = mysql+pymysql://keystone:keystone123@controller/keystone 
[domain_config] 
[endpoint_filter] 
[endpoint_policy] 
[eventlet_server] 
[eventlet_server_ssl] 
[federation] 
[fernet_tokens] 
[identity] 
[identity_mapping] 
[kvs] 
[ldap] 
[matchmaker_redis] 
[memcache] 
[oauth1] 
[os_inherit] 
[oslo_messaging_amqp] 
[oslo_messaging_notifications] 
[oslo_messaging_rabbit] 
[oslo_middleware] 
[oslo_policy] 
[paste_deploy] 
[policy] 
[resource] 
[revoke] 
[role] 
[saml] 
[shadow_users]
[signing] 
[ssl] 
[token] 
provider = fernet 
[tokenless_auth] 
[trust]

And finally these are the exported values

[root@controller ~]# echo $OS_TOKEN 
b9a95be763c7bf6cce1a 
[root@controller ~]# more /etc/keystone/keystone.conf | grep admin_token
        None, the value is ignored and the admin_token log in mechanism is
        effectively disabled. To completely disable admin_token in production

        admin_token = b9a95be763c7bf6cce1a 
[root@controller ~]# echo $OS_URL 
http://controller:35357/v3 
[root@controller ~]# echo $OS_IDENTITY_API_VERSION 
3

Everything looks good in the keystone.conf file and the export values match as well but i still get the HTTP 500 error

[root@controller ~]# openstack service create \

    --name keystone --description "OpenStack Identity" identity An unexpected error prevented the server from fulfilling your request. (HTTP 500) (Request-ID: req-56b3b078-0978-4e69-886c-570ebb333ae0)

I dropped the keystone db and tried again several times but the same result. i just found out that the su -s /bin/sh -c "keystone-manage db_sync" keystone command is not populating the tables in the keystone db

MariaDB [keystone]> show tables; Empty set (0.00 sec)

MariaDB [keystone]>

Could this be the problem?

Thank You Vijay Uppala

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
1

answered 2016-07-19 23:50:51 -0500

The keystone-manage db_sync will populate the database. Your grant privileges failed to apply on the keystone database or did not have the same user password used in the keystone.conf connection value (in your case: keystone123). Reissue the grant commands on the keystone database:
grant all privileges on keystone.* to 'keystone'@'localhost' identified by 'keystone123';
grant all privileges on keystone.* to 'keystone'@'%' identified by 'keystone123';
Then try to populate the database;

edit flag offensive delete link more

Comments

today, I was also seeing the issue of no tables. Reissued the grant commands. Now the identity service creation went though fine.

Maruthi gravatar imageMaruthi ( 2016-07-20 02:23:11 -0500 )edit

Barry, thank you for the response. I issued the grant privileges commands multiple times and then tried to sync the db but it still doesnt work.

Vijayuppala gravatar imageVijayuppala ( 2016-07-20 11:55:13 -0500 )edit

MariaDB [(none)]> grant all privileges on keystone.* to 'keystone'@'localhost' identified by 'keystone123'; Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on keystone.* to 'keystone'@'%' identified by 'keystone123';
Query OK, 0 rows affected (0.00 sec)
Vijayuppala gravatar imageVijayuppala ( 2016-07-20 11:57:50 -0500 )edit

[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone

MariaDB [(none)]> use keystone
Database changed
MariaDB [keystone]> show tables;
Empty set (0.00 sec)
Vijayuppala gravatar imageVijayuppala ( 2016-07-20 11:58:47 -0500 )edit

Is there something else i'm missing?

Vijayuppala gravatar imageVijayuppala ( 2016-07-20 12:01:48 -0500 )edit

If the connection value in keystone.conf is connection = mysql+pymysql://keystone:keystone123@controller/keystoneand grant commands are grant all privileges on keystone.* to 'keystone'@'localhost' identified by 'keystone123'and controller name resolves to ip address of controller, db_sync works.

barry.davis gravatar imagebarry.davis ( 2016-07-20 12:06:33 -0500 )edit

Thats what puzzles me. Controller resolves to the correct IP [root@controller ~]# ping controller PING controller (192.168.56.102) 56(84) bytes of data. 64 bytes from controller (192.168.56.102): icmp_seq=1 ttl=64 time=0.043 ms

Vijayuppala gravatar imageVijayuppala ( 2016-07-20 12:34:37 -0500 )edit

I even tried replacing the controller with the IP and it still doesnt work.

connection = mysql://keystone:keystone123@192.168.56.102/keystone

Vijayuppala gravatar imageVijayuppala ( 2016-07-20 12:35:44 -0500 )edit

You meant mysql+pymysql... Correct? Also in keystone.conf admin_token is on a newline under [DEFAULT] section, correct?

barry.davis gravatar imagebarry.davis ( 2016-07-20 12:41:41 -0500 )edit

yes..i tried both mysql and also mysql+pymysql. the admin_token is on a new line under the [DEFAULT] section

[DEFAULT]
admin_token = b9a95be763c7bf6cce1a
Vijayuppala gravatar imageVijayuppala ( 2016-07-20 12:47:37 -0500 )edit

Please post the output of ss -tul | grep mysql

barry.davis gravatar imagebarry.davis ( 2016-07-20 12:58:39 -0500 )edit

[root@controller keystone]# ss -tul | grep mysql tcp LISTEN 0 80 :::mysql :::*

Vijayuppala gravatar imageVijayuppala ( 2016-07-20 13:03:03 -0500 )edit

Please post the output of cat /etc/my.cnf.d/openstack.cnf

barry.davis gravatar imagebarry.davis ( 2016-07-20 13:09:27 -0500 )edit

[root@controller keystone]# cat /etc/my.cnf.d/openstack.conf

[mysqld]
bind-address = 192.168.56.102
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
Vijayuppala gravatar imageVijayuppala ( 2016-07-20 13:11:18 -0500 )edit

mysql would normally bind to the ipv4 ip address of the controller (192.168.56.102), yours is not. Have you tried to restart the mysql database (mariadb in RHEL/CentOS)?

barry.davis gravatar imagebarry.davis ( 2016-07-20 13:24:38 -0500 )edit

I just restarted the mariadb (i'm using CentOS). I see it is bind to the controller IP (192.168.56.102) truncated output of

[root@controller keystone]# tail -f /var/log/mariadb/mariadb.log 
2016-07-20 11:33:42 139827824461952 [Note] Server socket created on IP: '192.168.56.102'.
Vijayuppala gravatar imageVijayuppala ( 2016-07-20 13:38:24 -0500 )edit

After running db_sync, what is reported in /var/log/keystone/keystone.log?

barry.davis gravatar imagebarry.davis ( 2016-07-20 13:42:04 -0500 )edit

I see a lot of errors and this looks like the main culprit

2016-07-20 11:45:57.171 16376 ERROR keystone OperationalError: (pymysql.err.OperationalError) (1045, u"Access denied for user 'keystone'@'controller' (using password: YES)")
Vijayuppala gravatar imageVijayuppala ( 2016-07-20 13:48:16 -0500 )edit

Should be 'keystone'@'localhost'. Please post output of cat /etc/hosts

barry.davis gravatar imagebarry.davis ( 2016-07-20 13:50:47 -0500 )edit

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

controller

192.168.56.102 controller

compute1

192.168.56.101 compute1

Vijayuppala gravatar imageVijayuppala ( 2016-07-20 13:55:04 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2016-07-19 18:46:36 -0500

Seen: 631 times

Last updated: Jul 19 '16