Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Unable to start keystone

I have installed openstack mitaka using packstack installation on centos 7 by following the steps mentioned here

Now when i check the openstack-status, i see that the keystone service has failed to start. FYI,

[root@set-compute ~(keystone_admin)]# systemctl status openstack-keystone
‚óŹ openstack-keystone.service - OpenStack Identity Service (code-named Keystone)
   Loaded: loaded (/usr/lib/systemd/system/openstack-keystone.service; enabled; vendor preset: disabled)
   Active: failed (Result: start-limit) since Thu 2016-04-21 16:58:18 IST; 5h 49min ago
 Main PID: 32976 (code=exited, status=1/FAILURE)

Apr 21 16:58:18 set-compute systemd[1]: Failed to start OpenStack Identity Service (code-named Keystone).
Apr 21 16:58:18 set-compute systemd[1]: Unit openstack-keystone.service entered failed state.
Apr 21 16:58:18 set-compute systemd[1]: openstack-keystone.service failed.
Apr 21 16:58:18 set-compute systemd[1]: openstack-keystone.service holdoff time over, scheduling restart.
Apr 21 16:58:18 set-compute systemd[1]: start request repeated too quickly for openstack-keystone.service
Apr 21 16:58:18 set-compute systemd[1]: Failed to start OpenStack Identity Service (code-named Keystone).
Apr 21 16:58:18 set-compute systemd[1]: Unit openstack-keystone.service entered failed state.
Apr 21 16:58:18 set-compute systemd[1]: openstack-keystone.service failed.

even openstack-status confirms this

[root@set-compute ~(keystone_admin)]# openstack-status
== Nova services ==
openstack-nova-api:                     active
openstack-nova-compute:                 active
openstack-nova-network:                 inactive  (disabled on boot)
openstack-nova-scheduler:               active
openstack-nova-cert:                    active
openstack-nova-conductor:               active
openstack-nova-console:                 active
openstack-nova-consoleauth:             active
openstack-nova-xvpvncproxy:             active
== Glance services ==
openstack-glance-api:                   active
openstack-glance-registry:              active
== Keystone service ==
openstack-keystone:                     failed
== Horizon service ==
openstack-dashboard:                    502

But i am able to create instances, upload images etc. which surprises me because from what i know, each service has to get an authentication token from the keystone as soon as the service receives and API request. So if the keystone service is not running, how come are other services like creation of instances working fine. Would any one bother to explain. Even links to explanation would work.

These information might interest you.

/etc/keystone/keystone.conf

[root@set-compute ~(keystone_admin)]# grep -v -e^# -e ^$ /etc/keystone/keystone.conf
[DEFAULT]
admin_token = ca7172741569472e8d258ae5aedbaf74
debug = False
log_dir = /var/log/keystone
public_port=5000
admin_bind_host=0.0.0.0
public_bind_host=0.0.0.0
admin_port=35357
[assignment]
[auth]
[cache]
[catalog]
template_file = /etc/keystone/default_catalog.templates
driver = sql
[cors]
[cors.subdomain]
[credential]
[database]
connection = mysql+pymysql://keystone_admin:c034c5a9cfba44f1@172.19.18.1/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
public_workers = 24
admin_workers = 24
[eventlet_server_ssl]
[federation]
[fernet_tokens]
key_repository = /etc/keystone/fernet-keys
[identity]
[identity_mapping]
[kvs]
[ldap]
[matchmaker_redis]
[memcache]
[oauth1]
[os_inherit]
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
rabbit_ha_queues = False
[oslo_middleware]
[oslo_policy]
[paste_deploy]
[policy]
[resource]
[revoke]
[role]
[saml]
[shadow_users]
[signing]
certfile = /etc/keystone/ssl/certs/signing_cert.pem
keyfile = /etc/keystone/ssl/private/signing_key.pem
ca_certs = /etc/keystone/ssl/certs/ca.pem
ca_key = /etc/keystone/ssl/private/cakey.pem
key_size = 2048
cert_subject = /C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com
[ssl]
enable=False
[token]
expiration = 3600
provider = fernet
driver = sql
revoke_by_id = True
[tokenless_auth]
[trust]

Also when i check this o/p i see many process for keystone running. Here is an abridged output.

[root@set-compute ~(keystone_admin)]# ps -ef | grep keystone
root      6134 48045  0 22:57 pts/0    00:00:00 grep --color=auto keystone
keystone 13614 12816  0 Apr20 ?        00:01:33 keystone-admin  -DFOREGROUND
keystone 13615 12816  0 Apr20 ?        00:01:35 keystone-admin  -DFOREGROUND
keystone 13721 12816  0 Apr20 ?        00:01:30 keystone-admin  -DFOREGROUND
keystone 13722 12816  0 Apr20 ?        00:01:16 keystone-admin  -DFOREGROUND
keystone 13723 12816  0 Apr20 ?        00:01:32 keystone-admin  -DFOREGROUND
keystone 13738 12816  0 Apr20 ?        00:01:24 keystone-admin  -DFOREGROUND
keystone 13751 12816  0 Apr20 ?        00:01:32 keystone-admin  -DFOREGROUND
keystone 13936 12816  0 Apr20 ?        00:01:30 keystone-admin  -DFOREGROUND
keystone 13963 12816  0 Apr20 ?        00:01:35 keystone-admin  -DFOREGROUND
keystone 13970 12816  0 Apr20 ?        00:01:32 keystone-admin  -DFOREGROUND

Also many instance of httpd process,

[root@set-compute ~(keystone_admin)]# ps -ef | grep httpd | wc -l
68
[root@set-compute ~(keystone_admin)]# ps -ef | grep httpd
root      6564 48045  0 23:00 pts/0    00:00:00 grep --color=auto httpd
root     12816     1  0 Apr20 ?        00:00:18 /usr/sbin/httpd -DFOREGROUND
aodh     13242 12816  0 Apr20 ?        00:00:05 /usr/sbin/httpd -DFOREGROUND
aodh     13243 12816  0 Apr20 ?        00:00:05 /usr/sbin/httpd -DFOREGROUND

Would someone kindly help me explain this.