yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #13906
[Bug 1312858] [NEW] Keystone + Devstack fail when KEYSTONE_TOKEN_FORMAT=UUID
Public bug reported:
Running devstack in fresh Ubuntu 12.04 virtual machine with:
$ cat local_rc
KEYSTONE_TOKEN_FORMAT=UUID
...fails to start Keystone. Despite being configured for the UUID
provider, keystone attempts to read
`/etc/keystone/ssl/certs/signing_cert.pem` and fails (because it doesn't
exist):
2014-04-25 10:36:25.289 INFO eventlet.wsgi.server [-] 192.168.121.46 - - [25/Apr/2014 10:36:25] "GET /v2.0/tokens/69da781ae31c405e9aaa7adbf8f6f806 HTTP/1.1" 200 3988 0.009096
2014-04-25 10:36:25.294 DEBUG keystone.middleware.core [-] RBAC: auth_context: {'project_id': u'7fab1d7a9ba741208bd748749a394902', 'user_id': u'8d21c5353bdd4eb7a1a805cb3b7fd1b2', 'roles': [u'_member_', u'service
']} from (pid=13334) process_request /opt/stack/keystone/keystone/middleware/core.py:281
2014-04-25 10:36:25.296 DEBUG keystone.common.wsgi [-] arg_dict: {} from (pid=13334) __call__ /opt/stack/keystone/keystone/common/wsgi.py:181
2014-04-25 10:36:25.296 DEBUG keystone.common.controller [-] RBAC: Authorizing identity:revocation_list() from (pid=13334) _build_policy_check_credentials /opt/stack/keystone/keystone/common/controller.py:54
2014-04-25 10:36:25.297 DEBUG keystone.common.controller [-] RBAC: using auth context from the request environment from (pid=13334) _build_policy_check_credentials /opt/stack/keystone/keystone/common/controller.
py:59
2014-04-25 10:36:25.297 DEBUG keystone.policy.backends.rules [-] enforce identity:revocation_list: {'project_id': u'7fab1d7a9ba741208bd748749a394902', 'user_id': u'8d21c5353bdd4eb7a1a805cb3b7fd1b2', 'roles': [u'
_member_', u'service']} from (pid=13334) enforce /opt/stack/keystone/keystone/policy/backends/rules.py:101
2014-04-25 10:36:25.297 DEBUG keystone.openstack.common.policy [-] Rule identity:revocation_list will be now enforced from (pid=13334) enforce /opt/stack/keystone/keystone/openstack/common/policy.py:287
2014-04-25 10:36:25.298 DEBUG keystone.common.controller [-] RBAC: Authorization granted from (pid=13334) inner /opt/stack/keystone/keystone/common/controller.py:151
2014-04-25 10:36:25.309 ERROR keystoneclient.common.cms [-] Signing error: Error opening signer certificate /etc/keystone/ssl/certs/signing_cert.pem
140424564475552:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/keystone/ssl/certs/signing_cert.pem','r')
140424564475552:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load certificate
2014-04-25 10:36:25.310 ERROR keystone.common.wsgi [-] Command 'openssl' returned non-zero exit status 3
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi Traceback (most recent call last):
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/wsgi.py", line 207, in __call__
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi result = method(context, **params)
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/controller.py", line 152, in inner
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi return f(self, context, *args, **kwargs)
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/token/controllers.py", line 436, in revocation_list
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi CONF.signing.keyfile)
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi File "/opt/stack/python-keystoneclient/keystoneclient/common/cms.py", line 251, in cms_sign_text
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi raise subprocess.CalledProcessError(retcode, 'openssl')
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi CalledProcessError: Command 'openssl' returned non-zero exit status 3
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi
2014-04-25 10:36:25.316 INFO eventlet.wsgi.server [-] 192.168.121.46 - - [25/Apr/2014 10:36:25] "GET /v2.0/tokens/revoked HTTP/1.1" 500 341 0.024887
https://asciinema.org/a/9116
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1312858
Title:
Keystone + Devstack fail when KEYSTONE_TOKEN_FORMAT=UUID
Status in OpenStack Identity (Keystone):
New
Bug description:
Running devstack in fresh Ubuntu 12.04 virtual machine with:
$ cat local_rc
KEYSTONE_TOKEN_FORMAT=UUID
...fails to start Keystone. Despite being configured for the UUID
provider, keystone attempts to read
`/etc/keystone/ssl/certs/signing_cert.pem` and fails (because it
doesn't exist):
2014-04-25 10:36:25.289 INFO eventlet.wsgi.server [-] 192.168.121.46 - - [25/Apr/2014 10:36:25] "GET /v2.0/tokens/69da781ae31c405e9aaa7adbf8f6f806 HTTP/1.1" 200 3988 0.009096
2014-04-25 10:36:25.294 DEBUG keystone.middleware.core [-] RBAC: auth_context: {'project_id': u'7fab1d7a9ba741208bd748749a394902', 'user_id': u'8d21c5353bdd4eb7a1a805cb3b7fd1b2', 'roles': [u'_member_', u'service
']} from (pid=13334) process_request /opt/stack/keystone/keystone/middleware/core.py:281
2014-04-25 10:36:25.296 DEBUG keystone.common.wsgi [-] arg_dict: {} from (pid=13334) __call__ /opt/stack/keystone/keystone/common/wsgi.py:181
2014-04-25 10:36:25.296 DEBUG keystone.common.controller [-] RBAC: Authorizing identity:revocation_list() from (pid=13334) _build_policy_check_credentials /opt/stack/keystone/keystone/common/controller.py:54
2014-04-25 10:36:25.297 DEBUG keystone.common.controller [-] RBAC: using auth context from the request environment from (pid=13334) _build_policy_check_credentials /opt/stack/keystone/keystone/common/controller.
py:59
2014-04-25 10:36:25.297 DEBUG keystone.policy.backends.rules [-] enforce identity:revocation_list: {'project_id': u'7fab1d7a9ba741208bd748749a394902', 'user_id': u'8d21c5353bdd4eb7a1a805cb3b7fd1b2', 'roles': [u'
_member_', u'service']} from (pid=13334) enforce /opt/stack/keystone/keystone/policy/backends/rules.py:101
2014-04-25 10:36:25.297 DEBUG keystone.openstack.common.policy [-] Rule identity:revocation_list will be now enforced from (pid=13334) enforce /opt/stack/keystone/keystone/openstack/common/policy.py:287
2014-04-25 10:36:25.298 DEBUG keystone.common.controller [-] RBAC: Authorization granted from (pid=13334) inner /opt/stack/keystone/keystone/common/controller.py:151
2014-04-25 10:36:25.309 ERROR keystoneclient.common.cms [-] Signing error: Error opening signer certificate /etc/keystone/ssl/certs/signing_cert.pem
140424564475552:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/keystone/ssl/certs/signing_cert.pem','r')
140424564475552:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load certificate
2014-04-25 10:36:25.310 ERROR keystone.common.wsgi [-] Command 'openssl' returned non-zero exit status 3
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi Traceback (most recent call last):
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/wsgi.py", line 207, in __call__
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi result = method(context, **params)
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/common/controller.py", line 152, in inner
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi return f(self, context, *args, **kwargs)
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi File "/opt/stack/keystone/keystone/token/controllers.py", line 436, in revocation_list
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi CONF.signing.keyfile)
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi File "/opt/stack/python-keystoneclient/keystoneclient/common/cms.py", line 251, in cms_sign_text
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi raise subprocess.CalledProcessError(retcode, 'openssl')
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi CalledProcessError: Command 'openssl' returned non-zero exit status 3
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi
2014-04-25 10:36:25.316 INFO eventlet.wsgi.server [-] 192.168.121.46 - - [25/Apr/2014 10:36:25] "GET /v2.0/tokens/revoked HTTP/1.1" 500 341 0.024887
https://asciinema.org/a/9116
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1312858/+subscriptions
Follow ups
References
