openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #15948
Re: keystone initialization problem
OK, SERVICE_TOKEN is the same as --token
You can follow the steps here:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_OpenStack_Preview/
Specifically:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_OpenStack_Preview/1/html/Getting_Started_Guide/ch02.html#id3165390
|| *|export SERVICE_TOKEN=$(openssl rand -hex 10)|*
|| *|export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0|*
|| *|echo $SERVICE_TOKEN > /tmp/ks_admin_token|*
|| *|sudo openstack-config --set /etc/keystone/keystone.conf \|*
*|DEFAULT admin_token $SERVICE_TOKEN|*
and that should be the admin_token value that you have.
If nothing is in the log, it probably means you have not actually hit
the right server.
On 08/17/2012 05:47 PM, Dolph Mathews wrote:
The admin_token value from keystone.conf is not a real token; it
exists as a string in memory and has no context, user or actual roles
associated with it (hence it does not appear in your token table).
As for your actual issue, I don't see anything obviously wrong with
what's below. Is logging enabled & working, otherwise? Have you tried
"verbose = True" and "debug = True"? Have you tried running that
command from the compute node itself, rather than over the internet
IP? What happens when you curl / GET / whatever http://<internet_ip of
the controller node>:35357/v2.0 and/or http://127.0.0.1:35357/v2.0 ?
-Dolph
On Fri, Aug 17, 2012 at 3:26 PM, Xin Zhao <xzhao@xxxxxxx
<mailto:xzhao@xxxxxxx>> wrote:
Hello,
I newly install keystone on the RHEL6 machine, but it is not
working. The following command fails:
$ keystone --token <admin_token string from keystone.conf>
--endpoint http://<internet_ip of the controller node>:35357/v2.0
tenant-create --name openstackDemo --description "Default Tenant"
--enabled true
Unable to communicate with identity service: (403, 'Forbidden').
(HTTP 400)
There is no relevant log in the keystone.log file.
Here is the instruction I follow:
http://docs.openstack.org/essex/openstack-compute/install/yum/content/setting-up-tenants-users-and-roles.html
This is done on the controller node itself. I can telnet to
<internet_ip of the controller node>:35357. I can also
log into mysql DB as keystone user, although there is no
<admin_token> entry in any of the keystone tables.
Any idea what is going wrong here?
Thanks,
Xin
_______________________________________________
Mailing list: https://launchpad.net/~openstack
<https://launchpad.net/%7Eopenstack>
Post to : openstack@xxxxxxxxxxxxxxxxxxx
<mailto:openstack@xxxxxxxxxxxxxxxxxxx>
Unsubscribe : https://launchpad.net/~openstack
<https://launchpad.net/%7Eopenstack>
More help : https://help.launchpad.net/ListHelp
_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to : openstack@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
Follow ups
References