Revision history [back]

click to hide/show revision 1
initial version

Keystone Unable to Establish Connection

Hello everyone. I'd like to provide you with a very clear concise description of what I have set up, so there is no ambiuguity.

I have 1 single server, with 1 active network interface. I'm running OpenSuSE 13.1. I'm trying to install Openstack-keystone. I have the option of running through a proxy, but at the moment, I have it set to disabled in /etc/sysconfig/proxy. My export list has no proxy variables set. but I did have a no_proxy="localhost,, <myip" variable="" set="" at="" one="" time="" during="" testing.="" <="" p="">

Ok, so with that background, onto my problem. I have set up openstack-keystone, mysql-python (which uses mariadb)

My first issue is this when I start keystone I get this output:

Loaded: loaded (/etc/init.d/openstack-keystone) Active: active (exited) since Tue 2015-02-17 04:44:02 EST; 7min ago Process: 4262 ExecStop=/etc/init.d/openstack-keystone stop (code=exited, status=0/SUCCESS) Process: 4272 ExecStart=/etc/init.d/openstack-keystone start (code=exited, status=0/SUCCESS)

The status is Active (Exited). As opposed to other processes that have Active (running). I thought this may be normal, but in running netstat -atp or netstat -tulpen I see nothing that shows that the keystone process is listening for connections. My /etc/keystone/keystone.conf (which i'll post shortly) has it's bind address to and it listening on ports 35357 and 5000.

Yet when I go to run or start openstack-keystone, while it recieves a real process ID, it shows no listening port. I've grepped for it, and everything. There is nothing listening on 35357 or 5000. Now before this issue comes up, I have opened up the ports in SuSEfirewall. In fact, I actually disabled the entire firewall itself, unloaded all rules. Currently, the system is wide open, no firewall rules exist.

So this leads to the next issue. I'm not sure if they are related. After I even start openstack-keystone (when it is in active (exited)), I try to connect to the mysql database. From the terminal i can issue 'mysql -u root -p" and enter the database no problem. In fact, I ran a keystone-manage db_sync keystone, and it populated the keystone table with 18 entries. So I'm assuming that all is correct....

The problem is when I take it a step further. I use the command 'keystone tenant-create --name admin --description 'admin-tenant'

This is where things get really hairy. The error I'm getting is:

Unable to establish connection to

That's the error I receive if I set the OS_SERVICE_ENDPOINT equal to I've tried many options such as localhost, controller, and my own interface's IP address. The results are the same. It is unable to establish a connection. I can only assume this is linked to the fact that I see nothing listening on ports 35357 and 5000.

Also as a bit of self troubleshooting, I tried to telnet to the two ports such as: telnet 35357 or telnet 5000 Both attempts give me back: telnet: connect to address Connection refused

So I think there is little doubt that something is amiss here in the way of networking.

Like I said, I have one physical interface.

Now prior to this point I was using this for my OS Endpoint and Auth URL: export OS_SERVICE_ENDPOINT= export OS_AUTH_URL=

Note the port numbers... Because I saw nothing listening on those ports, I figured, why not experiment and try to use the mysql port number of 3306. So I changed them to this:


I restarted keystone, and tried the netstat, still no 35357 or 5000 port, but 3306 from mysqld was listening, so I tried to use one of the keystone commands that requires a connection to the mysql database apparently. I did a --debug to get some extra output, and I receieved this:

keystone --debug user-list

RESP: [200] CaseInsensitiveDict({}) RESP BODY: R 5.5.33-MariaDB.Y:Uz(VY<˙÷! _I0Q)t2;n:vdmysql_native_password!˙�#08S01Got packets out of order

Could not decode JSON from body: R

'NoneType' object has no attribute '__getitem__'

SO! I got a response from mariadb (mysql) of 200 (OK), but I'm now getting an error about a mis-set attribute or JSON error... And now... alas I'm stuck..I have absolutely no idea how to go forward.

I'll post parts of my /etc/keystone/keystone.conf file for vetting...

A question about the /etc/keystone/keystone.conf I have as well is should I remove or comment out the default line: connection = sqlite:////var/lib/keystone/keystone.db

Currently I have this line commented out, and replaced with:

connection = mysql://keystone:key_password@


verbose = True log_file = keystone.log log_dir = /var/log/keystone

A "shared secret" between keystone and other openstack services

admin_token =63d9bcc957b5bc12c568

The IP address of the network interface to listen on

bind_host =

The port number which the public service listens on

public_port = 5000

The port number which the public admin listens on

admin_port = 35357

The base endpoint URLs for keystone that are advertised to clients

(NOTE: this does NOT affect how keystone listens for connections)

public_endpoint = http://localhost:%(3306)s/ admin_endpoint = http://localhost:%(3306)s/

The port number which the OpenStack Compute service listens on

compute_port = 8774

Path to your policy definition containing identity actions

policy_file = policy.json

Rule to check if no matching policy definition is found

FIXME(dolph): This should really be defined as [policy] default_rule

policy_default_rule = admin_required

Oh and one last thing, upon tailing out my /var/log/keystone/keystone.conf, I see this repeated message:

TRACE keystone TypeError: coercing to Unicode: need string or buffer, NoneType found

Not sure if this is vital...but this is everything I know and could find... I know this is a lot of crap to go over, but does anyone have any suggestions, help for this? Any idea's? Is it a python issue? a mysql issue? keystone? Thanks in advance guys.