← Back to team overview

openstack team mailing list archive

Re: keystone initialization problem

 

OK, SERVICE_TOKEN is the same as --token


You can follow the steps here:

https://access.redhat.com/knowledge/docs/en-US/Red_Hat_OpenStack_Preview/


Specifically:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_OpenStack_Preview/1/html/Getting_Started_Guide/ch02.html#id3165390
||  *|export SERVICE_TOKEN=$(openssl rand -hex 10)|*
||  *|export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0|*
||  *|echo $SERVICE_TOKEN > /tmp/ks_admin_token|*
||  *|sudo openstack-config --set /etc/keystone/keystone.conf \|*
  *|DEFAULT admin_token $SERVICE_TOKEN|*



and that should be the admin_token value that you have.

If nothing is in the log, it probably means you have not actually hit the right server.



On 08/17/2012 05:47 PM, Dolph Mathews wrote:
The admin_token value from keystone.conf is not a real token; it exists as a string in memory and has no context, user or actual roles associated with it (hence it does not appear in your token table).

As for your actual issue, I don't see anything obviously wrong with what's below. Is logging enabled & working, otherwise? Have you tried "verbose = True" and "debug = True"? Have you tried running that command from the compute node itself, rather than over the internet IP? What happens when you curl / GET / whatever http://<internet_ip of the controller node>:35357/v2.0 and/or http://127.0.0.1:35357/v2.0 ?

-Dolph

On Fri, Aug 17, 2012 at 3:26 PM, Xin Zhao <xzhao@xxxxxxx <mailto:xzhao@xxxxxxx>> wrote:

    Hello,

    I newly install keystone on the RHEL6 machine, but it is not
    working. The following command fails:

    $ keystone --token <admin_token string from keystone.conf>
    --endpoint http://<internet_ip of the controller node>:35357/v2.0
    tenant-create --name openstackDemo --description "Default Tenant"
    --enabled true

    Unable to communicate with identity service: (403, 'Forbidden').
    (HTTP 400)

    There is no relevant log in the keystone.log file.

    Here is the instruction I follow:
    http://docs.openstack.org/essex/openstack-compute/install/yum/content/setting-up-tenants-users-and-roles.html

    This is done on the controller node itself. I can telnet to
    <internet_ip of the controller node>:35357. I can also
    log into mysql DB as keystone user, although there is no
    <admin_token> entry in any of the keystone tables.

    Any idea what is going wrong here?

    Thanks,
    Xin


    _______________________________________________
    Mailing list: https://launchpad.net/~openstack
    <https://launchpad.net/%7Eopenstack>
    Post to     : openstack@xxxxxxxxxxxxxxxxxxx
    <mailto:openstack@xxxxxxxxxxxxxxxxxxx>
    Unsubscribe : https://launchpad.net/~openstack
    <https://launchpad.net/%7Eopenstack>
    More help   : https://help.launchpad.net/ListHelp




_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp


Follow ups

References