Ask Your Question
1

How to resolve keystone error

asked 2013-12-29 16:21:48 -0500

esarakaitis gravatar image

updated 2014-07-31 18:43:48 -0500

smaffulli gravatar image

Having multiple issues, currently stuck on this:

ERROR : Error appeared during Puppet run: 172.16.56.126_keystone.pp 
Error: /Stage[main]/Neutron::Keystone::Auth/Keystone_user[neutron]:
Could not evaluate: Execution of '/usr/bin/keystone --os-auth-url http://127.0.0.1:35357/v2.0/
token-get' returned 1: The request you have made requires authentication. (HTTP 401)

I've already searched the forums, but cannot seem to find a resolution

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
1

answered 2014-05-26 05:55:20 -0500

vyom gravatar image

Hello,

This is quite old, but I hit the very same issue, when I tried to _change the passwords_ in the _answers_ file of packstack. Though I changed the passwords in the _answers_ file as well as in the .conf files of all the services, the keystone would have the generated _tokens_ and passwords for all services, persisted the DB. So I did the following:

$ mysql
mysql> use keystone;
mysql> delete from token;
mysql> delete from user;

and then

$ packstack --answers-file=<the-same-answers-file>

And, I was able to get the auth happen, and all services up and running as before.

edit flag offensive delete link more

Comments

Helped me too, thanks

dgonzalezh gravatar imagedgonzalezh ( 2015-07-29 09:23:19 -0500 )edit
2

answered 2013-12-30 13:32:24 -0500

SamYaple gravatar image

updated 2013-12-30 13:32:50 -0500

I can't help you solve anything puppet specific, but 401 is a lack of authorization. I can tell you that unless your other variables are set in the environment, /usr/bin/keystone --os-auth-url http://127.0.0.1:35357/v2.0/ token-get will always return 401. You need to provide at _least_ the keystone service token. If you don't use the token (which actually bypasses authentication), you have to provide username, password, and tenant.

It looks like you are setting up neutron. If it is being setup on a separate node, you need to change 127.0.0.1 to point to the keystone server.

A proper keystone command (excluding environment variables) looks like this:

/usr/bin/keystone --os-username admin --os-password password --os-tenant-name demo --os-auth-url http://127.0.0.1:35357/v2.0/ token-get

or

/usr/bin/keystone --os-token supersecrettoken --os-auth-url http://127.0.0.1:35357/v2.0/ token-get
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2013-12-29 16:21:48 -0500

Seen: 7,301 times

Last updated: Jul 31 '14