Ask Your Question

How to resolve keystone error

asked 2013-12-29 16:21:48 -0500

esarakaitis gravatar image

updated 2014-07-31 18:43:48 -0500

smaffulli gravatar image

Having multiple issues, currently stuck on this:

ERROR : Error appeared during Puppet run: 
Error: /Stage[main]/Neutron::Keystone::Auth/Keystone_user[neutron]:
Could not evaluate: Execution of '/usr/bin/keystone --os-auth-url
token-get' returned 1: The request you have made requires authentication. (HTTP 401)

I've already searched the forums, but cannot seem to find a resolution

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted

answered 2014-05-26 05:55:20 -0500

vyom gravatar image


This is quite old, but I hit the very same issue, when I tried to _change the passwords_ in the _answers_ file of packstack. Though I changed the passwords in the _answers_ file as well as in the .conf files of all the services, the keystone would have the generated _tokens_ and passwords for all services, persisted the DB. So I did the following:

$ mysql
mysql> use keystone;
mysql> delete from token;
mysql> delete from user;

and then

$ packstack --answers-file=<the-same-answers-file>

And, I was able to get the auth happen, and all services up and running as before.

edit flag offensive delete link more


Helped me too, thanks

dgonzalezh gravatar imagedgonzalezh ( 2015-07-29 09:23:19 -0500 )edit

answered 2013-12-30 13:32:24 -0500

SamYaple gravatar image

updated 2013-12-30 13:32:50 -0500

I can't help you solve anything puppet specific, but 401 is a lack of authorization. I can tell you that unless your other variables are set in the environment, /usr/bin/keystone --os-auth-url token-get will always return 401. You need to provide at _least_ the keystone service token. If you don't use the token (which actually bypasses authentication), you have to provide username, password, and tenant.

It looks like you are setting up neutron. If it is being setup on a separate node, you need to change to point to the keystone server.

A proper keystone command (excluding environment variables) looks like this:

/usr/bin/keystone --os-username admin --os-password password --os-tenant-name demo --os-auth-url token-get


/usr/bin/keystone --os-token supersecrettoken --os-auth-url token-get
edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2013-12-29 16:21:48 -0500

Seen: 7,720 times

Last updated: Jul 31 '14