Hello,
Ok, answers inline...
On 2/14/2014 4:28 PM, Staicu Gabriel wrote:
Hi,
Can you give more information?
- is mysql running?
- can you connect to mysql from db host and from controller node?
- who and what access rights are on keystone db?
From the controller host (10.255.2.134), from command line, I can
access the standalone DB host(10.255.2.47), using mysql keystone user
and passwd, and see the DB contents, such as the "user" table data.
- is keystone service running?
keystone service is running on the controller node.
- content of the /var/log/keystone?
Please see attachment.
- output of the "keystone --debug user-list"?
$ keystone --debug user-list
REQ: curl -i http://10.255.2.134:35357/v2.0/tokens -X POST -H
"Content-Type: application/json" -H "User-Agent: python-keystoneclient"
REQ BODY: {"auth": {"tenantName": "bnlcloud", "passwordCredentials":
{"username": "xzhao", "password": "passwd"}}}
Authorization Failed: HTTPConnectionPool(host='10.255.2.134',
port=35357): Request timed out. (timeout=600.0)
Thanks,
Xin
Regards,
Gabriel
On Friday, February 14, 2014 10:15 PM, Xin Zhao <[email protected]> wrote:
Hello,
I would like to use a mysql DB, from its own host, and have all
openstack daemons talk to it. So I set up one mysql DB, dump and reload
the current running DB to it, changed the sql "connection" setting in
the keystone config file to point to the new ip, restart keystone
service, but it doesn't seem to work. The commands like "keystone
user-list" hang and eventually times out.
Do I miss something here?
Thanks,
Xin
_______________________________________________
Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : [email protected]
<mailto:[email protected]>
Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
<< note : keystone restarted .... >>
2014-02-14 16:57:51 DEBUG [keystone-all]
********************************************************************************
2014-02-14 16:57:51 DEBUG [keystone-all] Configuration options gathered from:
2014-02-14 16:57:51 DEBUG [keystone-all] command line args:
['--config-file', '/etc/keystone/keystone.conf']
2014-02-14 16:57:51 DEBUG [keystone-all] config files:
['/etc/keystone/keystone.conf']
2014-02-14 16:57:51 DEBUG [keystone-all]
================================================================================
2014-02-14 16:57:51 DEBUG [keystone-all] admin_endpoint =
http://localhost:%(admin_port)d/
2014-02-14 16:57:51 DEBUG [keystone-all] admin_port =
35357
2014-02-14 16:57:51 DEBUG [keystone-all] admin_token =
********************
2014-02-14 16:57:51 DEBUG [keystone-all] auth_admin_prefix =
2014-02-14 16:57:51 DEBUG [keystone-all] bind_host =
0.0.0.0
2014-02-14 16:57:51 DEBUG [keystone-all] compute_port =
8774
2014-02-14 16:57:51 DEBUG [keystone-all] config_dir =
None
2014-02-14 16:57:51 DEBUG [keystone-all] config_file =
['/etc/keystone/keystone.conf']
2014-02-14 16:57:51 DEBUG [keystone-all] crypt_strength =
40000
2014-02-14 16:57:51 DEBUG [keystone-all] debug =
True
2014-02-14 16:57:51 DEBUG [keystone-all] log_config =
None
2014-02-14 16:57:51 DEBUG [keystone-all] log_date_format =
%Y-%m-%d %H:%M:%S
2014-02-14 16:57:51 DEBUG [keystone-all] log_dir =
None
2014-02-14 16:57:51 DEBUG [keystone-all] log_file =
/var/log/keystone/keystone.log
2014-02-14 16:57:51 DEBUG [keystone-all] log_format =
%(asctime)s %(levelname)8s [%(name)s] %(message)s
2014-02-14 16:57:51 DEBUG [keystone-all] max_param_size = 64
2014-02-14 16:57:51 DEBUG [keystone-all] max_request_body_size =
114688
2014-02-14 16:57:51 DEBUG [keystone-all] max_token_size =
8192
2014-02-14 16:57:51 DEBUG [keystone-all] member_role_id =
9fe2ff9ee4384b1894a90878d3e92bab
2014-02-14 16:57:51 DEBUG [keystone-all] member_role_name =
_member_
2014-02-14 16:57:51 DEBUG [keystone-all] onready =
None
2014-02-14 16:57:51 DEBUG [keystone-all] policy_default_rule =
None
2014-02-14 16:57:51 DEBUG [keystone-all] policy_file =
policy.json
2014-02-14 16:57:51 DEBUG [keystone-all] public_endpoint =
http://localhost:%(public_port)d/
2014-02-14 16:57:51 DEBUG [keystone-all] public_port =
5000
2014-02-14 16:57:51 DEBUG [keystone-all] pydev_debug_host =
None
2014-02-14 16:57:51 DEBUG [keystone-all] pydev_debug_port =
None
2014-02-14 16:57:51 DEBUG [keystone-all] standard_threads =
False
2014-02-14 16:57:51 DEBUG [keystone-all] syslog_log_facility =
LOG_USER
2014-02-14 16:57:51 DEBUG [keystone-all] use_syslog =
False
2014-02-14 16:57:51 DEBUG [keystone-all] verbose =
False
2014-02-14 16:57:51 DEBUG [keystone-all] signing.ca_certs =
/etc/keystone/ssl/certs/ca.pem
2014-02-14 16:57:51 DEBUG [keystone-all] signing.ca_password =
None
2014-02-14 16:57:51 DEBUG [keystone-all] signing.certfile =
/etc/keystone/ssl/certs/signing_cert.pem
2014-02-14 16:57:51 DEBUG [keystone-all] signing.key_size =
1024
2014-02-14 16:57:51 DEBUG [keystone-all] signing.keyfile =
/etc/keystone/ssl/private/signing_key.pem
2014-02-14 16:57:51 DEBUG [keystone-all] signing.token_format = PKI
2014-02-14 16:57:51 DEBUG [keystone-all] signing.valid_days =
3650
2014-02-14 16:57:51 DEBUG [keystone-all] stats.driver =
keystone.contrib.stats.backends.kvs.Stats
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.alias_dereferencing =
default
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.allow_subtree_delete =
False
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.domain_allow_create =
True
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.domain_allow_delete =
True
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.domain_allow_update =
True
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.domain_attribute_ignore =
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.domain_desc_attribute =
description
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.domain_enabled_attribute =
enabled
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.domain_enabled_emulation =
False
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.domain_enabled_emulation_dn =
None
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.domain_filter =
None
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.domain_id_attribute = cn
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.domain_member_attribute =
member
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.domain_name_attribute = ou
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.domain_objectclass =
groupOfNames
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.domain_tree_dn =
None
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.dumb_member =
cn=dumb,dc=nonexistent
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.group_allow_create =
True
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.group_allow_delete =
True
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.group_allow_update =
True
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.group_attribute_ignore =
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.group_desc_attribute =
description
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.group_domain_id_attribute =
businessCategory
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.group_filter =
None
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.group_id_attribute = cn
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.group_member_attribute =
member
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.group_name_attribute = ou
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.group_objectclass =
groupOfNames
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.group_tree_dn =
None
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.page_size = 0
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.password =
****
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.query_scope = one
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.role_allow_create =
True
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.role_allow_delete =
True
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.role_allow_update =
True
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.role_attribute_ignore =
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.role_filter =
None
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.role_id_attribute = cn
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.role_member_attribute =
roleOccupant
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.role_name_attribute = ou
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.role_objectclass =
organizationalRole
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.role_tree_dn =
None
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.suffix =
cn=example,cn=com
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.tenant_allow_create =
True
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.tenant_allow_delete =
True
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.tenant_allow_update =
True
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.tenant_attribute_ignore =
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.tenant_desc_attribute =
description
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.tenant_domain_id_attribute =
businessCategory
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.tenant_enabled_attribute =
enabled
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.tenant_enabled_emulation =
False
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.tenant_enabled_emulation_dn =
None
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.tenant_filter =
None
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.tenant_id_attribute = cn
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.tenant_member_attribute =
member
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.tenant_name_attribute = ou
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.tenant_objectclass =
groupOfNames
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.tenant_tree_dn =
None
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.url =
ldap://localhost
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.use_dumb_member =
False
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.user =
None
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.user_allow_create =
True
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.user_allow_delete =
True
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.user_allow_update =
True
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.user_attribute_ignore =
tenant_id,tenants
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.user_domain_id_attribute =
businessCategory
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.user_enabled_attribute =
enabled
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.user_enabled_default =
True
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.user_enabled_emulation =
False
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.user_enabled_emulation_dn =
None
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.user_enabled_mask = 0
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.user_filter =
None
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.user_id_attribute = cn
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.user_mail_attribute =
email
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.user_name_attribute = sn
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.user_objectclass =
inetOrgPerson
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.user_pass_attribute =
userPassword
2014-02-14 16:57:51 DEBUG [keystone-all] ldap.user_tree_dn =
None
2014-02-14 16:57:51 DEBUG [keystone-all] token.driver =
keystone.token.backends.sql.Token
2014-02-14 16:57:51 DEBUG [keystone-all] auth.methods =
['password', 'token']
2014-02-14 16:57:51 DEBUG [keystone-all] auth.password =
keystone.auth.plugins.password.Password
2014-02-14 16:57:51 DEBUG [keystone-all] auth.token =
keystone.auth.plugins.token.Token
2014-02-14 16:57:51 DEBUG [keystone-all] ssl.ca_certs =
None
2014-02-14 16:57:51 DEBUG [keystone-all] ssl.cert_required =
False
2014-02-14 16:57:51 DEBUG [keystone-all] ssl.certfile =
None
2014-02-14 16:57:51 DEBUG [keystone-all] ssl.enable =
False
2014-02-14 16:57:51 DEBUG [keystone-all] ssl.keyfile =
None
2014-02-14 16:57:51 DEBUG [keystone-all] catalog.driver =
keystone.catalog.backends.sql.Catalog
2014-02-14 16:57:51 DEBUG [keystone-all] ec2.driver =
keystone.contrib.ec2.backends.sql.Ec2
2014-02-14 16:57:51 DEBUG [keystone-all] sql.connection =
mysql://keystone:[email protected]/keystone
2014-02-14 16:57:51 DEBUG [keystone-all] sql.idle_timeout = 200
2014-02-14 16:57:51 DEBUG [keystone-all] policy.driver =
keystone.policy.backends.sql.Policy
2014-02-14 16:57:51 DEBUG [keystone-all] trust.driver =
keystone.trust.backends.sql.Trust
2014-02-14 16:57:51 DEBUG [keystone-all] trust.enabled =
True
2014-02-14 16:57:51 DEBUG [keystone-all] pam.password =
None
2014-02-14 16:57:51 DEBUG [keystone-all] pam.url =
None
2014-02-14 16:57:51 DEBUG [keystone-all] pam.userid =
None
2014-02-14 16:57:51 DEBUG [keystone-all] identity.default_domain_id =
default
2014-02-14 16:57:51 DEBUG [keystone-all] identity.driver =
keystone.identity.backends.sql.Identity
2014-02-14 16:57:51 DEBUG [keystone-all]
********************************************************************************
2014-02-14 16:57:51 DEBUG [keystone.common.wsgi] Starting
/usr/bin/keystone-all on 0.0.0.0:35357
2014-02-14 16:57:51 DEBUG [keystone.common.wsgi] Starting
/usr/bin/keystone-all on 0.0.0.0:5000
2014-02-14 16:57:51 DEBUG [eventlet.wsgi.server] (5682) wsgi starting up on
http://0.0.0.0:35357/
2014-02-14 16:57:51 DEBUG [eventlet.wsgi.server] (5682) wsgi starting up on
http://0.0.0.0:5000/
<< note : below is the log since client runs "keystone user-list" command >>
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] ********************
REQUEST ENVIRON ********************
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] SCRIPT_NAME = /v2.0
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] webob.adhoc_attrs =
{'response': <Response at 0x3394090 200 OK>}
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] REQUEST_METHOD = POST
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] PATH_INFO = /tokens
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] SERVER_PROTOCOL = HTTP/1.0
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] CONTENT_LENGTH = 105
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] HTTP_USER_AGENT =
python-keystoneclient
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] eventlet.posthooks = []
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] RAW_PATH_INFO = /v2.0/tokens
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] REMOTE_ADDR = 10.255.2.134
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] eventlet.input =
<eventlet.wsgi.Input object at 0x338a590>
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] wsgi.url_scheme = http
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] webob._body_file =
(<io.BufferedReader object at 0x338af10>, <eventlet.wsgi.Input object at
0x338a590>)
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] SERVER_PORT = 35357
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] wsgi.input = <io.BytesIO
object at 0x3383fb0>
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] openstack.context =
{'token_id': None, 'is_admin': False}
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] HTTP_HOST =
10.255.2.134:35357
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] wsgi.multithread = True
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] openstack.params =
{u'auth': {u'tenantName': u'bnlcloud', u'passwordCredentials': {u'username':
u'xzhao', u'password': u'***'}}}
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] HTTP_ACCEPT = */*
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] wsgi.version = (1, 0)
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] SERVER_NAME = 10.255.2.134
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] GATEWAY_INTERFACE = CGI/1.1
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] wsgi.run_once = False
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] wsgi.errors = <open file
'<stderr>', mode 'w' at 0x7ff453c371e0>
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] wsgi.multiprocess = False
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] webob.is_body_seekable =
True
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] CONTENT_TYPE =
application/json
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] HTTP_ACCEPT_ENCODING =
gzip, deflate, compress
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi]
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] ********************
REQUEST BODY ********************
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] {"auth": {"tenantName":
"bnlcloud", "passwordCredentials": {"username": "xzhao", "password": "***"}}}
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi]
2014-02-14 16:58:12 DEBUG [keystone.common.wsgi] arg_dict: {}
2014-02-14 16:58:12 INFO [passlib.registry] registered crypt handler
'sha512_crypt': <class 'passlib.handlers.sha2_crypt.sha512_crypt'>
^C
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : [email protected]
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
