← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #11133

[Bug 1288506] [NEW] issue when I using PKI for token format

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Hi,

I'm working under CentOS 6.4 + Havana, my keystone version is:
          openstack-keystone.noarch                         2013.2.2-1.el6  @openstack-havana

When I run command "keystone user-list", I get error:
         Authorization Failed: Unable to sign token. (HTTP 500)

I can get error information in both "keystone-startup.log" and
"keystone.log":

2014-03-06 09:31:29.999 18693 ERROR keystone.common.cms [-] Signing error: Unable to load certificate - ensure you've configured PKI with 'keystone-manage pki_setup'
2014-03-06 09:31:29.999 18693 ERROR keystone.token.providers.pki [-] Unable to sign token
2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki Traceback (most recent call last):
2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki   File "/usr/lib/python2.6/site-packages/keystone/token/providers/pki.py", line 39, in _get_token_id
2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki     CONF.signing.keyfile)
2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki   File "/usr/lib/python2.6/site-packages/keystone/common/cms.py", line 144, in cms_sign_token
2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki     output = cms_sign_text(text, signing_cert_file_name, signing_key_file_name)
2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki   File "/usr/lib/python2.6/site-packages/keystone/common/cms.py", line 139, in cms_sign_text
2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki     raise environment.subprocess.CalledProcessError(retcode, "openssl")
2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki CalledProcessError: Command 'openssl' returned non-zero exit status 3
2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki
2014-03-06 09:31:30.000 18693 WARNING keystone.common.wsgi [-] Unable to sign token.
~


Anyone know why this happened ???


Thanks.
-chen

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1288506

Title:
  issue when I using PKI for token format

Status in OpenStack Identity (Keystone):
  New

Bug description:
  Hi,

  I'm working under CentOS 6.4 + Havana, my keystone version is:
            openstack-keystone.noarch                         2013.2.2-1.el6  @openstack-havana

  When I run command "keystone user-list", I get error:
           Authorization Failed: Unable to sign token. (HTTP 500)

  I can get error information in both "keystone-startup.log" and
  "keystone.log":

  2014-03-06 09:31:29.999 18693 ERROR keystone.common.cms [-] Signing error: Unable to load certificate - ensure you've configured PKI with 'keystone-manage pki_setup'
  2014-03-06 09:31:29.999 18693 ERROR keystone.token.providers.pki [-] Unable to sign token
  2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki Traceback (most recent call last):
  2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki   File "/usr/lib/python2.6/site-packages/keystone/token/providers/pki.py", line 39, in _get_token_id
  2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki     CONF.signing.keyfile)
  2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki   File "/usr/lib/python2.6/site-packages/keystone/common/cms.py", line 144, in cms_sign_token
  2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki     output = cms_sign_text(text, signing_cert_file_name, signing_key_file_name)
  2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki   File "/usr/lib/python2.6/site-packages/keystone/common/cms.py", line 139, in cms_sign_text
  2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki     raise environment.subprocess.CalledProcessError(retcode, "openssl")
  2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki CalledProcessError: Command 'openssl' returned non-zero exit status 3
  2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki
  2014-03-06 09:31:30.000 18693 WARNING keystone.common.wsgi [-] Unable to sign token.
  ~


  Anyone know why this happened ???

  
  Thanks.
  -chen

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1288506/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next