← Back to team overview

openstack team mailing list archive

Re: Keystone Woes

 

It looks like you're doing everything correctly, except OS_PASSWORD is
*NOT* the same thing as the static admin_token in keystone.conf.

Passwords are user-specific attributes created using the --pass argument on
user-create for example. You may have set it to be the same as
keystone.conf's admin_token, but I necessarily wouldn't recommend that. If
you don't know what your password was, you probably need to delete your
admin user and recreate it with a known password, and then grant it your
admin role again.


-Dolph


On Sat, Apr 13, 2013 at 12:13 PM, Daniel Ellison <daniel@xxxxxxxxxx> wrote:

> Hi all,
>
> I joined this list just now to solve a particular problem, but once I'm
> past this I hope to be giving back to the community.
>
> I have spent the past week trying to get Keystone installed and configured
> properly. I want to show a running OpenStack to my manager for a proof of
> concept I want to build, so I'm installing everything on a server which has
> a public IP. I don't have more servers, so I'm attempting to install
> everything on one machine. (Yes, I have a good firewall in place on which I
> have yet to open Keystone's ports. But I have the same issue with or
> without a firewall.)
>
> The server's OS is Ubuntu 12.04. I'm attempting to install the 'grizzly'
> release. MySQL is there, and I'm using this as a connection string:
>
>     connection = mysql://keystone:openstack@204.187.138.2/keystone
>
> I have my own admin token set. I used the endpoints.sh and
> keystone_data.sh scripts to set up the database. Yes, I restarted the
> keystone service. :) I even went through the same process manually to make
> sure everything was in place. I logged into MySQL and poked around but
> everything seemed ok.
>
> Using the 'keystone' Python client on the server itself I can successfully
> execute user-list, endpoint-list, user-get, etc. But when I try to get a
> token with 'keystone token-get' I get:
>
>     Configuration error: Client configured to run without a service
> catalog. Run the client using --os-auth-url or OS_AUTH_URL, instead of
> --os-endpoint or OS_SERVICE_ENDPOINT, for example.
>
> My environment contains:
>
>     export OS_TENANT_NAME=admin
>     export OS_USERNAME=admin
>     export OS_PASSWORD=<admin_token>
>     export OS_AUTH_URL="http://204.187.138.2:5000/v2.0/";
>     export OS_SERVICE_ENDPOINT="http://204.187.138.2:35357/v2.0";
>     export OS_SERVICE_TOKEN=<admin_token>
>
> When I unset OS_SERVICE_ENDPOINT and OS_SERVICE_TOKEN (because I read
> somewhere these two are used as a pair) and execute
>
>     keystone --os-username=admin --os-password=<admin_token> --os-auth-url=
> http://204.187.138.2:5000/v2.0 token-get
>
> I get this in response:
>
>     Unable to communicate with identity service: {"error": {"message":
> "Invalid user / password", "code": 401, "title": "Not Authorized"}}. (HTTP
> 401)
>
> I've tried a seemingly infinite combination of usernames, passwords,
> tenants, etc. and nothing has worked. If someone could point me in the
> right direction I'd be very grateful. I'll answer any questions needed to
> get past this point.
>
> Thanks in advance,
> Daniel
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>

Follow ups

References