Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

ilo on CentOS7: keystone throws http-500 except when using OS_TOKEN

I am following installation guide for Kilo release on CentOS7. First install for me. http://docs.openstack.org/kilo/install-guide/install/yum/content/keystone-verify.html

I get stuck in section 3 (add the identity service), performing the "Verify Operation" steps. All verification commands in this section throw: ERROR: openstack An unexpected error prevented the server from fulfilling your request. (HTTP 500) (Request-ID: req-9f065edb-b36etc.)

If I understand correctly, first I need to unconfigure the token authentication, and then fire some commands to test the password authentication.

command is: 'openstack --os-auth-url http://oscon01:35357 --os-project-name admin --os-username admin --os-auth-type password token issue --debug'

  • I have not changed keystone-paste.ini file in /etc/keystone. This file does not exist. This seems a documentation bug? (step 1)
  • I have unset the variables OS_TOKEN OS_URL (step 2)
  • After that the test commands show the behaviour with HTTP 500. (also there is a timeout, command takes 19 seconds including typing in the password)
  • Something is working though, when I provide wrong password my requests get rejected with HTTP 401
  • When I revert back to usage of the token (by setting the 2 env. variables) I can perform commands like 'openstack user list' and so on without error.

So basically token authentication seems to work. But as soon as I switch to password authentication I get HTTP 500 messages.

keystone log file: 2015-05-14 10:19:56.393 6343 INFO keystone.common.wsgi [-] GET /? 2015-05-14 10:19:56.394 6343 INFO eventlet.wsgi.server [-] 10.0.4.11 - - [14/May/2015 10:19:56] "GET / HTTP/1.1" 300 752 0.002065 2015-05-14 10:19:56.399 6343 INFO keystone.common.wsgi [-] POST /tokens? 2015-05-14 10:19:56.516 6343 INFO keystone.common.kvs.core [-] Using default dogpile sha1_mangle_key as KVS region token-driver key_mangler 2015-05-14 10:20:03.013 6343 WARNING keystone.common.wsgi [-] An unexpected error prevented the server from fulfilling your request. 2015-05-14 10:20:03.014 6343 INFO eventlet.wsgi.server [-] 10.0.4.11 - - [14/May/2015 10:20:03] "POST /v2.0/tokens HTTP/1.1" 500 381 6.617398 2015-05-14 10:20:03.024 6344 INFO keystone.common.wsgi [-] GET /? 2015-05-14 10:20:03.025 6344 INFO eventlet.wsgi.server [-] 10.0.4.11 - - [14/May/2015 10:20:03] "GET / HTTP/1.1" 300 752 0.004133 2015-05-14 10:20:03.061 6344 INFO keystone.common.wsgi [-] POST /tokens? 2015-05-14 10:20:03.153 6344 INFO passlib.registry [-] registered crypt handler 'sha512_crypt': <class 'passlib.handlers.sha2_crypt.sha512_crypt'=""> 2015-05-14 10:20:03.371 6344 INFO keystone.common.kvs.core [-] Using default dogpile sha1_mangle_key as KVS region token-driver key_mangler 2015-05-14 10:20:09.734 6344 WARNING keystone.common.wsgi [-] An unexpected error prevented the server from fulfilling your request. 2015-05-14 10:20:09.736 6344 INFO eventlet.wsgi.server [-] 10.0.4.11 - - [14/May/2015 10:20:09] "POST /v2.0/tokens HTTP/1.1" 500 381 6.707363

Any help would be great!... Kris