openstack team mailing list archive

[Adam Young <ayoung@xxxxxxxxxx>]

OK, SERVICE_TOKEN is the same as --token


You can follow the steps here:

https://access.redhat.com/knowledge/docs/en-US/Red_Hat_OpenStack_Preview/


Specifically:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_OpenStack_Preview/1/html/Getting_Started_Guide/ch02.html#id3165390
||  *|export SERVICE_TOKEN=$(openssl rand -hex 10)|*
||  *|export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0|*
||  *|echo $SERVICE_TOKEN > /tmp/ks_admin_token|*
||  *|sudo openstack-config --set /etc/keystone/keystone.conf \|*
  *|DEFAULT admin_token $SERVICE_TOKEN|*



and that should be the admin_token value that you have.

If nothing is in the log, it probably means you have not actually hit 
the right server.



On 08/17/2012 05:47 PM, Dolph Mathews wrote:
> The admin_token value from keystone.conf is not a real token; it 
> exists as a string in memory and has no context, user or actual roles 
> associated with it (hence it does not appear in your token table).
>
> As for your actual issue, I don't see anything obviously wrong with 
> what's below. Is logging enabled & working, otherwise? Have you tried 
> "verbose = True" and "debug = True"? Have you tried running that 
> command from the compute node itself, rather than over the internet 
> IP? What happens when you curl / GET / whatever http://<internet_ip of 
> the controller node>:35357/v2.0 and/or http://127.0.0.1:35357/v2.0 ?
>
> -Dolph
>
> On Fri, Aug 17, 2012 at 3:26 PM, Xin Zhao <xzhao@xxxxxxx 
> <mailto:xzhao@xxxxxxx>> wrote:
>
>     Hello,
>
>     I newly install keystone on the RHEL6 machine, but it is not
>     working. The following command fails:
>
>     $ keystone --token <admin_token string from keystone.conf>
>     --endpoint http://<internet_ip of the controller node>:35357/v2.0
>     tenant-create --name openstackDemo --description "Default Tenant"
>     --enabled true
>
>     Unable to communicate with identity service: (403, 'Forbidden').
>     (HTTP 400)
>
>     There is no relevant log in the keystone.log file.
>
>     Here is the instruction I follow:
>     http://docs.openstack.org/essex/openstack-compute/install/yum/content/setting-up-tenants-users-and-roles.html
>
>     This is done on the controller node itself. I can telnet to
>     <internet_ip of the controller node>:35357. I can also
>     log into mysql DB as keystone user, although there is no
>     <admin_token> entry in any of the keystone tables.
>
>     Any idea what is going wrong here?
>
>     Thanks,
>     Xin
>
>
>     _______________________________________________
>     Mailing list: https://launchpad.net/~openstack
>     <https://launchpad.net/%7Eopenstack>
>     Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>     <mailto:openstack@xxxxxxxxxxxxxxxxxxx>
>     Unsubscribe : https://launchpad.net/~openstack
>     <https://launchpad.net/%7Eopenstack>
>     More help   : https://help.launchpad.net/ListHelp
>
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp