yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1456441] Re: keystone wsgi does not read files in /etc/keystone/*

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Andrea <andreagardiman@xxxxxxxxx>
Date: Wed, 20 May 2015 16:47:52 -0000
Reply-to: Bug 1456441 <1456441@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

The same issue affects the installation of glance. 
 
In my case it had been necessary to copy the contents of the files 
/etc/keystone/keystone.conf
/etc/glance/glance-api.conf
/etc/glance/glance-registry.conf

into, respectively, the files:
/usr/share/keystone/keystone-dist.conf
/usr/share/glance/glance-api-dist.conf
/usr/share/glance/glance-registry-dist.conf

adding, respectively, also the lines in section [paste_deploy]:
config_file = /usr/share/keystone/keystone-dist-paste.ini
config_file = /usr/share/glance/glance-api-dist-paste.ini
config_file = /usr/share/glance/glance-registry-dist-paste.ini

Moreover, it had been necessary copying the contents of the other files
in folders /etc/keystone, /etc/glance into the folders
/usr/share/keystone, /usr/share/glance. I'm not sure if it is necessary
to copy all the file inside them. I'm only sure about the files with
name "policy.json".

After moving/copying files, remember to give the right permissions to keystone and glance:
 chown -R keystone:keystone /usr/share/keystone/
 chown -R glance:glance /usr/share/glance/


** Changed in: glance
       Status: New => Invalid

** Changed in: glance
       Status: Invalid => Confirmed

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1456441

Title:
  keystone wsgi does not read files in /etc/keystone/*

Status in OpenStack Image Registry and Delivery Service (Glance):
  Confirmed
Status in OpenStack Identity (Keystone):
  Confirmed

Bug description:
  Keystone launched through wsgi was not picking up the connection
  string in /etc/keystone/keystone.conf.  Manual run of keystone-all
  identified that there was a collision with /usr/share/keystone
  /keystone-dist.conf which contains an entry for connection in
  [database].

  Commented out the line in keystone-dist.conf and restarted apache.
  Correct connection string was then picked up from
  /etc/keystone/keystone.conf.

  CentOS 7 minimal install
  Followed install guide for Kilo.
  Encountered error Access denied keystone@localhost at step of creating openstack service identity because the wrong credentials from the .conf conflict were being passed to mariadb.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1456441/+subscriptions

References

[Bug 1456441] [NEW] keystone.conf collision for database connection string
From: todd magda, 2015-05-19