On 03/05/2014 08:59 PM, Li, Chen wrote:
Hi,
I'm working under CentOS 6.4 + Havana, my keystone version is:
openstack-keystone.noarch 2013.2.2-1.el6 @openstack-havana
When I run command "keystone user-list", I get error:
Authorization Failed: Unable to sign token. (HTTP 500)
I can get error information in both "keystone-startup.log" and
"keystone.log":
Did you run keystone-manage pki_setup? Problem is something with your
certificates.
2014-03-06 09:31:29.999 18693 ERROR keystone.common.cms [-] Signing
error: Unable to load certificate - ensure you've configured PKI with
'keystone-manage pki_setup'
2014-03-06 09:31:29.999 18693 ERROR keystone.token.providers.pki [-]
Unable to sign token
2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki
Traceback (most recent call last):
2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki File
"/usr/lib/python2.6/site-packages/keystone/token/providers/pki.py",
line 39, in _get_token_id
2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki
CONF.signing.keyfile)
2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki File
"/usr/lib/python2.6/site-packages/keystone/common/cms.py", line 144,
in cms_sign_token
2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki
output = cms_sign_text(text, signing_cert_file_name,
signing_key_file_name)
2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki File
"/usr/lib/python2.6/site-packages/keystone/common/cms.py", line 139,
in cms_sign_text
2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki raise
environment.subprocess.CalledProcessError(retcode, "openssl")
2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki
CalledProcessError: Command 'openssl' returned non-zero exit status 3
2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki
2014-03-06 09:31:30.000 18693 WARNING keystone.common.wsgi [-] Unable
to sign token.
~
Anyone know why this happened ???
Thanks.
-chen
My /etc/keystone/keystone.conf :
[DEFAULT]
[sql]
connection = mysql://keystone:keystone@host-db/keystone
[identity]
[credential]
[trust]
[os_inherit]
[catalog]
driver = keystone.catalog.backends.sql.Catalog
[endpoint_filter]
[token]
driver = keystone.token.backends.memcache.Token
[cache]
[policy]
[ec2]
[assignment]
[oauth1]
[ssl]
[signing]
[ldap]
[auth]
methods = external,password,token,oauth1
password = keystone.auth.plugins.password.Password
token = keystone.auth.plugins.token.Token
oauth1 = keystone.auth.plugins.oauth1.OAuth
[paste_deploy]
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : [email protected]
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : [email protected]
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
