Ask Your Question

DeepVish's profile - activity

2018-03-14 05:20:05 -0500 received badge  Famous Question (source)
2016-04-28 02:09:07 -0500 received badge  Famous Question (source)
2016-04-27 04:47:40 -0500 received badge  Notable Question (source)
2015-11-02 12:45:53 -0500 received badge  Popular Question (source)
2015-11-01 00:07:16 -0500 asked a question Which table in keystone databases is used for storing keystone users ??

Hello, I am looking for table in which keystone is stores the keystone username and password ?? I wanted to see password are plaintext or encrypted ?

The user tables has following content ? Am i using wrong Query here ??

keystone=> SELECT * FROM user;
2015-11-01 00:02:38 -0500 asked a question Which ssl library is used by Keystone on Redhat for ssl and signing support ?

Hello, Which ssl library is used by Keystone on Redhat for ssl and signing support ? Does it internally uses openssl ?? Also which ssl versions keystone supports for signing and ssl ??

I am not able to locate above information is keystone documentation. If there is any official page for above information please let me know ??

2015-09-07 00:44:00 -0500 received badge  Nice Question (source)
2014-09-29 06:42:45 -0500 received badge  Famous Question (source)
2014-08-20 20:49:55 -0500 received badge  Notable Question (source)
2014-08-18 10:40:48 -0500 received badge  Famous Question (source)
2014-08-12 10:38:08 -0500 received badge  Notable Question (source)
2014-08-11 03:56:28 -0500 received badge  Popular Question (source)
2014-08-07 05:28:30 -0500 received badge  Popular Question (source)
2014-08-04 22:15:01 -0500 commented answer How to enable pam authentication with keystone ?

Yes, i have seen this webpage. But keystone document says it support PAM officially, and also backend code contains file. So as per my understanding pam code is there and it is supported as per documentation.

I want to enable supported pam functionality with keystone instead of adding new code or custom backend.

2014-08-04 11:41:38 -0500 asked a question How to enable pam authentication with keystone ?

I want to explore keystone with system pam. I am not able to locate any help for keystone with PAM. Also i wanted to know what all things are possible when keystone is configured with PAM ?

2014-08-04 11:34:07 -0500 received badge  Scholar (source)
2014-08-04 11:33:45 -0500 commented answer keystone is not working after moving to v2 from v3.

Thank you for answer. it worked after changing url to

It does not work with port number 5000. hence changed port number to 35357 in url. after that it worked.

2014-08-04 11:19:55 -0500 asked a question keystone is not working after moving to v2 from v3.

Hello, I had working setup of keystone V2. Then i moved to V3 on same setup for some exploration. Now when i again moved to V2 i am getting following error during user/tenant create/list

[root@swiftProxyNode tmp]# keystone --debug  user-create --name admin --pass Passw0rd
REQ: curl -i -X POST -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "X-Auth-Token: 71da1713141f49744207"
REQ BODY: {"user": {"email": null, "password": "Passw0rd", "enabled": true, "name": "admin", "tenantId": null}}

RESP: [404] {'date': 'Mon, 04 Aug 2014 04:02:05 GMT', 'content-type': 'application/json', 'content-length': '93', 'vary': 'X-Auth-Token'}
RESP BODY: {"error": {"message": "The resource could not be found.", "code": 404, "title": "Not Found"}}

Request returned failure status: 404
The resource could not be found. (HTTP 404)

Logs from /var/log/keystone/keystone.log

2014-08-04 09:32:05.225 22187 DEBUG routes.middleware [-] No route matched for POST /v2/users __call__ /usr/lib/python2.6/site-packages/Routes-1.12.3-py2.6.egg/routes/
2014-08-04 09:32:05.226 22187 INFO access [-] - - [04/Aug/2014:04:02:05 +0000] "POST HTTP/1.0" 404 93
2014-08-04 09:32:05.227 22187 INFO eventlet.wsgi.server [-] - - [04/Aug/2014 09:32:05] "POST /v2/users HTTP/1.1" 404 228 0.002062

2014-08-04 09:42:56.353 22187 DEBUG routes.middleware [-] No route matched for GET /v2/users __call__ /usr/lib/python2.6/site-packages/Routes-1.12.3-py2.6.egg/routes/
2014-08-04 09:42:56.354 22187 INFO access [-] - - [04/Aug/2014:04:12:56 +0000] "GET HTTP/1.0" 404 93
2014-08-04 09:42:56.355 22187 INFO eventlet.wsgi.server [-] - - [04/Aug/2014 09:42:56] "GET /v2/users HTTP/1.1" 404 228 0.001971

I even tried creating keystone database again but no luck. Any idea what i am missing here?

2014-07-31 08:56:05 -0500 received badge  Famous Question (source)
2014-07-28 16:00:59 -0500 received badge  Good Question (source)
2014-07-26 11:13:20 -0500 received badge  Notable Question (source)
2014-07-26 03:06:02 -0500 received badge  Popular Question (source)
2014-07-25 23:53:46 -0500 received badge  Famous Question (source)
2014-07-25 02:33:03 -0500 received badge  Nice Question (source)
2014-07-25 00:55:23 -0500 asked a question Using same keystone database with two or more keystone server

What all issue one should expect if same keystone database is being used with two or more keystone server ?

The aim of this configuration is to achieve the High availability for keystone? In this configuration i am planning to install single mysql server and multiple keystone server, all keystone server will point to the same keystone database.

Does openstack support such configuration ?

Will there be data corruption because two keystone writing to same db?

2014-07-22 04:52:02 -0500 received badge  Popular Question (source)
2014-07-22 04:52:02 -0500 received badge  Notable Question (source)
2014-07-21 07:55:47 -0500 commented answer Is there keystone client available for keystone V3 api ?

Thank you for detailed answer. I was looking for keystone command line client for V3. As you mentioned it is not there. My final aim is to configure swift with keystone v3, Before that i was trying get familiar with keystone v3.

2014-07-21 05:07:18 -0500 asked a question Is there keystone client available for keystone V3 api ?

I am trying to use keystone v3 api. My default keystone client is not working with it ? Is there v3 keystone client exist ? What are different way to use keystone v3 other than curl ?

2014-07-15 00:46:18 -0500 received badge  Enthusiast
2014-07-14 23:50:53 -0500 received badge  Notable Question (source)
2014-07-11 06:27:00 -0500 answered a question Keystone LDAP configuration

Hello, Even if you make following attribute false in keystone.conf, still keystone is able to update the ldap database if you do user-role-add.


user_allow_create = False

user_allow_update = False

user_allow_delete = False

tenant_allow_create = False

tenant_allow_update = False

tenant_allow_delete = False

role_allow_create = False

role_allow_update = False

role_allow_delete = False

One possible solution to block keystone for updating ldap is provide ldap admin user in keystone.conf who has only read access to ldap.


query_scope = sub

url = ldap://

user = cn=admin,dc=keystoneldap,dc=com

password = secret

You should make sure that user "cn=admin,dc=keystoneldap,dc=com" have only read access to ldap. This can achieved by using acl on ldap server.

Hope this is useful.

2014-07-11 04:59:15 -0500 received badge  Editor (source)
2014-07-11 04:58:18 -0500 answered a question Is it possible to use PostgreSQL with Keystone?

Yes, it is possible to use keystone with postgres, You can setup postgres database for keystone using following steps.

yum install postgresql
yum install postgresql-server
yum install python-sqlalchemy python-psycopg2

sudo su - postgres

postgres> psql
postgres=# CREATE USER keystone;
postgres=# ALTER USER keystone WITH PASSWORD 'Passw0rd';
postgres=# CREATE DATABASE keystone;
postgres=# GRANT ALL PRIVILEGES ON DATABASE keystone TO keystone;
postgres=# \q
postgres> exit


connection = postgresql://keystone:Passw0rd@

Hope this is useful

2014-07-11 01:45:02 -0500 commented answer What is the purpose of LDAP groups to Keystone?

We tried setup with groups, it is working but nested group are not working. Does keystone support nested group ?

2014-07-11 01:22:19 -0500 received badge  Supporter (source)
2014-07-11 01:21:43 -0500 commented answer for what group_tree_dn is used in keystone ?

Thanks for the reply We tried above setup, basic group are working now but nested group are not working ? Does keystone support nested group ?

2014-07-11 00:17:55 -0500 received badge  Popular Question (source)
2014-07-10 16:55:43 -0500 received badge  Student (source)
2014-07-10 12:48:40 -0500 answered a question Keystone / Swift authentication challenges

As Haneef said, looks like you are missing the mapping between user role and tenant I am using swift with keystone, I have following mapping in keystone

$keystone user-role-list --user swift
|   id  |  name | user_id | tenant_id |
| admin | admin |  swift  |    service    |

If it is not there in your setup you need to add this using following command,

keystone user-role-add --user=swift --tenant=service --role=admin

Hope this is useful.

2014-07-10 12:39:52 -0500 answered a question Account HEAD failed 503 Internal Server Error

Please try changing the bind_ip from to in following files and then restart the all swift storage services.

account-server.conf: bind_ip =

container-server.conf: bind_ip =

object-server.conf: bind_ip =

Hope this solve your problem

2014-07-10 12:26:43 -0500 answered a question Openstack Havana - Ldap / MySQL authentication "You are not authorized for any projects."

First create user for each service in ldap, like i have created one for swift.

[root@swiftProxyNode ~]# keystone user-list +------------+------------+---------+-----------------------------------+ | id | name | enabled | email | +------------+------------+---------+-----------------------------------+ | swift | swift | | |

I think you already have role and tenant created in ldap. Now map service users(eg swift) into tenant with role "admin" using user-role-add command or you can directly add this on ldap server. You can create separate tenant named as "service" to keep all service user into it. This will help in keeping configuration simple and clean. if you dont want to create extra tenant then you can add these service users into any tenant with role "admin".

keystone user-role-add --user=swift --tenant=service --role=admin

[root@swiftProxyNode ~]# keystone user-role-list --user swift +-------+-------+---------+-----------+ | id | name | user_id | tenant_id | +-------+-------+---------+-----------+ | admin | admin | swift | service | +-------+-------+---------+-----------+

now in configuration of each service you need to add details of service users, like i added for swift in proxy-server.conf

[filter:authtoken] paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory admin_tenant_name = service admin_user = swift admin_password = Password

After restarting the services everything should work fine.

Hope this is userful.