yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #03084
[Bug 1053437] Re: Keystone unable to communicate with identity service
** Changed in: keystone
Status: Incomplete => Invalid
** Converted to question:
https://answers.launchpad.net/keystone/+question/230192
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1053437
Title:
Keystone unable to communicate with identity service
Status in OpenStack Identity (Keystone):
Invalid
Bug description:
I have been following the tutorials at
https://access.redhat.com/knowledge/docs/en-
US/Red_Hat_OpenStack_Preview/1/html/Getting_Started_Guide/ch02.html
and http://fedoraproject.org/wiki/Getting_started_with_OpenStack_EPEL,
on CentOS 6.3.
When it comes time to retrieve or add data to keystone (e.g. $>
keystone user-list or $> keystone user-create --name admin --pass
secret), I recieve the following error: "Unable to communicate with
identity service: (403, 'Forbidden'). (HTTP 400)".
Any help resolving this would be much appreciated.
Here is what my keystone.conf file looks like:
[DEFAULT]
#bind_host = 0.0.0.0
public_port = 5000
admin_port = 35357
admin_token = 10b341ef09b5f13befe8
compute_port = 8774
verbose = True
debug = True
#log_config = ./etc/logging.conf.sample
# ================= Syslog Options ============================
# Send logs to syslog (/dev/log) instead of to file specified
# by `log-file`
use_syslog = False
log_file = /var/log/keystone/keystone.log
# Facility to use. If unset defaults to LOG_USER.
# syslog_log_facility = LOG_LOCAL0
[sql]
connection = mysql://keystone:keystone@localhost/keystone
idle_timeout = 200
[ldap]
#url = ldap://localhost
#tree_dn = dc=example,dc=com
#user_tree_dn = ou=Users,dc=example,dc=com
#role_tree_dn = ou=Roles,dc=example,dc=com
#tenant_tree_dn = ou=Groups,dc=example,dc=com
#user = dc=Manager,dc=example,dc=com
#password = freeipa4all
#suffix = cn=example,cn=com
[identity]
driver = keystone.identity.backends.sql.Identity
[catalog]
driver = keystone.catalog.backends.sql.Catalog
template_file = /etc/keystone/default_catalog.templates
[token]
driver = keystone.token.backends.sql.Token
# Amount of time a token should remain valid (in seconds)
expiration = 86400
[policy]
driver = keystone.policy.backends.rules.Policy
[ec2]
driver = keystone.contrib.ec2.backends.sql.Ec2
[filter:debug]
paste.filter_factory = keystone.common.wsgi:Debug.factory
[filter:token_auth]
paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
[filter:admin_token_auth]
paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory
[filter:xml_body]
paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory
[filter:json_body]
paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
[filter:crud_extension]
paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
[filter:ec2_extension]
paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
[app:public_service]
paste.app_factory = keystone.service:public_app_factory
[app:admin_service]
paste.app_factory = keystone.service:admin_app_factory
[pipeline:public_api]
pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension public_service
[pipeline:admin_api]
pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension crud_extension admin_service
[app:public_version_service]
paste.app_factory = keystone.service:public_version_app_factory
[app:admin_version_service]
paste.app_factory = keystone.service:admin_version_app_factory
[pipeline:public_version_api]
pipeline = xml_body public_version_service
[pipeline:admin_version_api]
pipeline = xml_body admin_version_service
[composite:main]
use = egg:Paste#urlmap
/v2.0 = public_api
/ = public_version_api
[composite:admin]
use = egg:Paste#urlmap
/v2.0 = admin_api
/ = admin_version_api
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1053437/+subscriptions
