← Back to team overview

openstack team mailing list archive

Keystone Woes


Hi all,

I joined this list just now to solve a particular problem, but once I'm past this I hope to be giving back to the community.

I have spent the past week trying to get Keystone installed and configured properly. I want to show a running OpenStack to my manager for a proof of concept I want to build, so I'm installing everything on a server which has a public IP. I don't have more servers, so I'm attempting to install everything on one machine. (Yes, I have a good firewall in place on which I have yet to open Keystone's ports. But I have the same issue with or without a firewall.)

The server's OS is Ubuntu 12.04. I'm attempting to install the 'grizzly' release. MySQL is there, and I'm using this as a connection string:

    connection = mysql://keystone:openstack@

I have my own admin token set. I used the endpoints.sh and keystone_data.sh scripts to set up the database. Yes, I restarted the keystone service. :) I even went through the same process manually to make sure everything was in place. I logged into MySQL and poked around but everything seemed ok.

Using the 'keystone' Python client on the server itself I can successfully execute user-list, endpoint-list, user-get, etc. But when I try to get a token with 'keystone token-get' I get:

    Configuration error: Client configured to run without a service catalog. Run the client using --os-auth-url or OS_AUTH_URL, instead of --os-endpoint or OS_SERVICE_ENDPOINT, for example.

My environment contains:

    export OS_TENANT_NAME=admin
    export OS_USERNAME=admin
    export OS_PASSWORD=<admin_token>
    export OS_AUTH_URL="";
    export OS_SERVICE_ENDPOINT="";
    export OS_SERVICE_TOKEN=<admin_token>

When I unset OS_SERVICE_ENDPOINT and OS_SERVICE_TOKEN (because I read somewhere these two are used as a pair) and execute

    keystone --os-username=admin --os-password=<admin_token> --os-auth-url= token-get

I get this in response:

    Unable to communicate with identity service: {"error": {"message": "Invalid user / password", "code": 401, "title": "Not Authorized"}}. (HTTP 401)

I've tried a seemingly infinite combination of usernames, passwords, tenants, etc. and nothing has worked. If someone could point me in the right direction I'd be very grateful. I'll answer any questions needed to get past this point.

Thanks in advance,

Follow ups