Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

keystone federation extension causes ArgsAlreadyParsedError

Hi, hopefully someone will understand what is going on with my keystone server. I am running Juno on CentOS 6.5 and have just moved keystone 2014.2.2 to httpd, I followed the openstack documentation for this and everything worked fine.

I linked the keystone.wsgi from /usr/share/kestone to /var/www/cgi-bin/keystone/admin & main and then created the virtual host:

Listen 5000
Listen 35357

WSGIDaemonProcess keystone user=keystone group=keystone processes=3 threads=10

<Virtualhost *:5000>
    LogLevel  info
    ErrorLog  /var/log/keystone/keystone-apache-error.log
    CustomLog /var/log/keystone/ssl_access.log combined
    Options +FollowSymLinks

#SSLEngine on
#SSLCertificateFile /etc/ssl/certs/mycert.pem
#SSLCertificateKeyFile /etc/ssl/private/mycert.key
#SSLVerifyClient optional
#SSLVerifyDepth 10
#SSLProtocol all -SSLv2
#SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
#SSLOptions +StdEnvVars +ExportCertData

    WSGIScriptAlias /  /var/www/cgi-bin/keystone/main
    WSGIProcessGroup keystone
</VirtualHost>

<VirtualHost *:35357>
    LogLevel  info
    ErrorLog  /var/log/keystone/keystone-apache-error.log
    CustomLog /var/log/keystone/ssl_access.log combined
    Options +FollowSymLinks

#SSLEngine on
#SSLCertificateFile /etc/ssl/certs/mycert.pem
#SSLCertificateKeyFile /etc/ssl/private/mycert.key
#SSLVerifyClient optional
#SSLVerifyDepth 10
#SSLProtocol all -SSLv2
#SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
#SSLOptions +StdEnvVars +ExportCertData

    WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
    WSGIProcessGroup keystone
</VirtualHost>
~

I configured the virtual host and stopped the openstack-keystone service the restarted httpd and keystone become available as WSGI

after this I ran a few tests, wget, curl, keystone clinet commands, all is working fine. now I want to enable the federation extension so I can authenticate with saml2

I am following the guide here http://docs.openstack.org/developer/keystone/extensions/federation.html

as soon as I add in federation_extension as per the guide I get service unavailable erro 500, here is the log once the extension is enabled: i

mod_wsgi (pid=30034): Target WSGI script '/var/www/cgi-bin/keystone/admin' cannot be loaded as Python module.
mod_wsgi (pid=30034): Exception occurred processing WSGI script '/var/www/cgi-bin/keystone/admin'.
 Traceback (most recent call last):
   File "/var/www/cgi-bin/keystone/admin", line 39, in <module>
     config.configure()
   File "/usr/lib/python2.6/site-packages/keystone/common/config.py", line 968, in configure
    help='Do not monkey-patch threading system modules.'))
   File "/usr/lib/python2.6/site-packages/oslo_config/cfg.py", line 1679, in __inner
     result = f(self, *args, **kwargs)
   File "/usr/lib/python2.6/site-packages/oslo_config/cfg.py", line 1852, in register_cli_opt
     raise ArgsAlreadyParsedError("cannot register CLI option")
 ArgsAlreadyParsedError: arguments already parsed: cannot register CLI option
 mod_wsgi (pid=30036, process='keystone', application='node-55:35357|'): Loading WSGI script '/var/www/cgi-bin/keystone/admin'.
s loaded:

here is the keystone admin wsgi from CentOS 6.5

# Copyright 2013 OpenStack Foundation
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

import logging
import os

from oslo import i18n


# NOTE(dstanek): i18n.enable_lazy() must be called before
# keystone.i18n._() is called to ensure it has the desired lazy lookup
# behavior. This includes cases, like keystone.exceptions, where
# keystone.i18n._() is called at import time.
i18n.enable_lazy()


from keystone import backends
from keystone.common import dependency
from keystone.common import environment
from keystone.common import sql
from keystone import config
from keystone.openstack.common import log
from keystone import service


CONF = config.CONF

config.configure()
sql.initialize()
config.set_default_for_default_log_levels()

CONF(project='keystone')
config.setup_logging()

environment.use_stdlib()
name = os.path.basename(__file__)

if CONF.debug:
    CONF.log_opt_values(log.getLogger(CONF.prog), logging.DEBUG)


drivers = backends.load_backends()

# NOTE(ldbragst): 'application' is required in this context by WSGI spec.
# The following is a reference to Python Paste Deploy documentation
# http://pythonpaste.org/deploy/
application = service.loadapp('config:%s' % config.find_paste_config(), name)

dependency.resolve_future_dependencies()

so everything works fine right up until I put the federation_extension in /etc/keystone-paste.ini

thanks, Rob.