← Back to team overview

openstack team mailing list archive

Re: keystone help! keystone stop/waiting

 

On Mar 5, 2013, at 12:32 PM, Koert van der Veer <koert@xxxxxxxxxxxx> quoted Mballo Cherif:

>> $ sudo service keystone start
>> keystone start/running, process 15335
>> $ sudo service keystone status
>> keystone stop/waiting
>> 
>> How can I fix this?

I'm having a similar problem with a grizzly front-end that I'm trying to get running.  Turning up the logging detail with debug and verbose in /etc/keystone/keystone.conf, I can see that ssl is turned off but signing is turned on.  Here's slices from /var/log/keystone/keystone.log:

> 2013-03-05 12:20:16    DEBUG [keystone-all] ssl.ca_certs                   = None
> 2013-03-05 12:20:16    DEBUG [keystone-all] ssl.cert_required              = False
> 2013-03-05 12:20:16    DEBUG [keystone-all] ssl.certfile                   = None
> 2013-03-05 12:20:16    DEBUG [keystone-all] ssl.enable                     = False
> 2013-03-05 12:20:16    DEBUG [keystone-all] ssl.keyfile                    = None
> 
> 	[ ... deletia ... ]
> 
> 2013-03-05 12:20:16    DEBUG [keystone-all] signing.ca_certs               = /etc/keystone/ssl/certs/ca.pem
> 2013-03-05 12:20:16    DEBUG [keystone-all] signing.ca_password            = None
> 2013-03-05 12:20:16    DEBUG [keystone-all] signing.certfile               = /etc/keystone/ssl/certs/signing_cert.pem
> 2013-03-05 12:20:16    DEBUG [keystone-all] signing.key_size               = 1024
> 2013-03-05 12:20:16    DEBUG [keystone-all] signing.keyfile                = /etc/keystone/ssl/private/signing_key.pem
> 2013-03-05 12:20:16    DEBUG [keystone-all] signing.token_format           = PKI
> 2013-03-05 12:20:16    DEBUG [keystone-all] signing.valid_days             = 3650


In contrast, here are the corresponding sections from /etc/keystone/keystone.conf:

> [ssl]
> #enable = True
> #certfile = /etc/keystone/ssl/certs/keystone.pem
> #keyfile = /etc/keystone/ssl/private/keystonekey.pem
> #ca_certs = /etc/keystone/ssl/certs/ca.pem
> #cert_required = True
> 
> [signing]
> #token_format = PKI
> #certfile = /etc/keystone/ssl/certs/signing_cert.pem
> #keyfile = /etc/keystone/ssl/private/signing_key.pem
> #ca_certs = /etc/keystone/ssl/certs/ca.pem
> #key_size = 1024
> #valid_days = 3650
> #ca_password = None

So, it looks to me like both ssl and signing are commented out (and turned off) in /etc/keystone/keystone.conf, but the log file is telling me that signing is actually turned on.

I'm sure you can imagine the problems that result from having signing turned on, but no /etc/keystone/ssl directory, much less anything under that hierarchy.

So, have I missed something obvious?  Is there any other debugging info that I can provide that would be useful?

--
Brad Knowles <bknowles@xxxxxxxxxxxxxx>
Senior Consultant



Follow ups

References