Hi Eugen, Ignore the different IPs. I had tried keystone install on two different systems. The old admin-rc script was from the other node.
As per the port numbers, I followed what was in the documentation: Bootstrap the Identity service: # keystone-manage bootstrap --bootstrap-password ADMIN_PASS \ --bootstrap-admin-url http://controller:5000/v3/ \ --bootstrap-internal-url http://controller:5000/v3/ \ --bootstrap-public-url http://controller:5000/v3/ \ --bootstrap-region-id RegionOne Regards, Shyam On Mon, Apr 16, 2018 at 2:57 PM, Eugen Block <ebl...@nde.ag> wrote: > Hi, > > I found some differences between your bootstrap command and your admin-rc > credentials: > > export OS_AUTH_URL=http://20.20.20.7:35357/v3 >> --bootstrap-admin-url http://20.20.20.8:5000/v3/ >> > > You use two different IPs for your controller node, this can't work. > Another thing is, you usually have to create one admin endpoint (port > 35357) and a public endpoint (port 5000), you use the public port for both > endpoints. This could work, of course, although not recommended. But then > you have to change your admin-rc credentials respectively. They should > reflect the configuration you bootstrapped with keystone-manage. > > Change your admin-rc to point to the correct IP and the correct port, then > retry the domain list command after sourcing the credentials. > > > > Zitat von Shyam Prasad N <nspmangal...@gmail.com>: > > Hi, >> >> Sorry for the late reply. Was out for a while. >> >> # openstack domain list >> The request you have made requires authentication. (HTTP 401) (Request-ID: >> req-fd20ec4d-9000-4cfa-9a5c-ba547a11c4c4) >> >> # tail /var/log/keystone/keystone-manage.log >> # >> >> # keystone-manage bootstrap --bootstrap-password PASSWORD >> --bootstrap-admin-url http://20.20.20.8:5000/v3/ --bootstrap-internal-url >> http://20.20.20.8:5000/v3/ --bootstrap-public-url >> http://20.20.20.8:5000/v3/ >> --bootstrap-region-id RegionOne >> 2018-04-15 22:29:39.456 18518 WARNING keystone.assignment.core [-] >> Deprecated: Use of the identity driver config to automatically configure >> the same assignment driver has been deprecated, in the "O" release, the >> assignment driver will need to be expicitly configured if different than >> the default (SQL). >> 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default >> already exists, skipping creation. >> 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin >> already >> exists, skipping creation. >> 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already >> exists, skipping creation. >> 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin exists, >> skipping creation. >> 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already >> has >> admin on admin. >> 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne >> exists, skipping creation. >> 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin >> endpoint as already created >> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal >> endpoint as already created >> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public >> endpoint as already created >> # tail /var/log/keystone/keystone-manage.log2018-04-15 22:29:39.456 18518 >> WARNING keystone.assignment.core [-] Deprecated: Use of the identity >> driver >> config to automatically configure the same assignment driver has been >> deprecated, in the "O" release, the assignment driver will need to be >> expicitly configured if different than the default (SQL). >> 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default >> already exists, skipping creation. >> 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin >> already >> exists, skipping creation. >> 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already >> exists, skipping creation. >> 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin exists, >> skipping creation. >> 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already >> has >> admin on admin. >> 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne >> exists, skipping creation. >> 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin >> endpoint as already created >> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal >> endpoint as already created >> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public >> endpoint as already created >> # >> >> >> On Fri, Apr 13, 2018 at 11:54 AM, Eugen Block <ebl...@nde.ag> wrote: >> >> Hi, >>> >>> the bug I reported is invalid because the keystone-bootstrap command is >>> supposed to create the default domain. Since we created our cloud in >>> Liberty release the default domain already existed in our environment. >>> Well, I guess we're back to square one. ;-) >>> >>> Can you paste the output of >>> >>> control:~ # openstack domain list >>> >>> If the keystone bootstrap command worked, it should at least show the >>> default domain. If it doesn't take a look into >>> /var/log/keystone/keystone-manage.log and check for errors. If this >>> doesn't reveal anything try running it again and check the logs again. >>> >>> >>> Zitat von Eugen Block <ebl...@nde.ag>: >>> >>> >>> The missing command has been in Newton, Ocata and Pike release. They >>> fixed >>> >>>> it in Queens again. >>>> >>>> I filed a bug report: https://bugs.launchpad.net/keystone/+bug/1763297 >>>> >>>> Regards >>>> >>>> >>>> Zitat von Shyam Prasad N <nspmangal...@gmail.com>: >>>> >>>> Thanks Eugen. It'll be great if you can do it. (I haven't yet gone >>>> through >>>> >>>>> the bug reporting documentation) >>>>> Please add me to the bug's CC list. That way if some info is needed >>>>> from >>>>> me, I can provide it. >>>>> >>>>> Regards, >>>>> Shyam >>>>> >>>>> On Thu, Apr 12, 2018 at 12:48 PM, Eugen Block <ebl...@nde.ag> wrote: >>>>> >>>>> I believe there's something missing in Ocata and Pike docs. If you read >>>>> >>>>>> Mitaka install guide [1] you'll find the first step to be creating the >>>>>> default domain before all other steps regarding projects and users. >>>>>> >>>>>> You should run >>>>>> >>>>>> openstack domain create --description "Default Domain" default >>>>>> >>>>>> and then the next steps should work, at least I hope so. >>>>>> >>>>>> Do you want to report this as a bug? I can also report it, I have >>>>>> already >>>>>> filed several reports. >>>>>> >>>>>> Regards >>>>>> >>>>>> >>>>>> [1] https://docs.openstack.org/mitaka/install-guide-obs/keystone >>>>>> -users.html >>>>>> >>>>>> >>>>>> >>>>>> Zitat von Shyam Prasad N <nspmangal...@gmail.com>: >>>>>> >>>>>> Hi, >>>>>> >>>>>> >>>>>>> Please read my replies inline below... >>>>>>> >>>>>>> On Thu, Apr 12, 2018 at 12:10 PM, Eugen Block <ebl...@nde.ag> wrote: >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> >>>>>>>> can you paste the credentials you're using? >>>>>>>> >>>>>>>> # cat admin-rc >>>>>>>> >>>>>>>> export OS_USERNAME=admin >>>>>>> export OS_PASSWORD=abcdef >>>>>>> export OS_PROJECT_NAME=admin >>>>>>> export OS_USER_DOMAIN_NAME=Default >>>>>>> export OS_PROJECT_DOMAIN_NAME=Default >>>>>>> export OS_AUTH_URL=http://20.20.20.7:35357/v3 >>>>>>> export OS_IDENTITY_API_VERSION=3 >>>>>>> >>>>>>> The config values (e.g. domain) are case sensitive, the ID of the >>>>>>> default >>>>>>> >>>>>>> domain is usually "domain", its name is "Default". But if you're >>>>>>> >>>>>>>> sourcing >>>>>>>> the credentials with ID "Default" this would go wrong, although I'm >>>>>>>> not >>>>>>>> sure if this would be the expected error message. >>>>>>>> >>>>>>>> Just a couple of weeks ago there was someone on ask.openstack.org >>>>>>>> who >>>>>>>> ignored case-sensitive options and failed to operate his cloud. >>>>>>>> >>>>>>>> Did the keystone-manage bootstrap command work? >>>>>>>> >>>>>>>> Yes. It did not throw any errors. >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> Regards >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Zitat von Shyam Prasad N <nspmangal...@gmail.com>: >>>>>>>> >>>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> >>>>>>>> I'm trying to install keystone for my swift cluster. >>>>>>>>> I followed this document for install and configuration: >>>>>>>>> https://docs.openstack.org/keystone/pike/install/ >>>>>>>>> >>>>>>>>> However, I'm getting this error for a command: >>>>>>>>> # openstack user create --domain default --password-prompt swift >>>>>>>>> The request you have made requires authentication. (HTTP 401) >>>>>>>>> (Request-ID: >>>>>>>>> req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8) >>>>>>>>> >>>>>>>>> # tail /var/log/keystone/keystone.log >>>>>>>>> 2018-04-11 22:45:10.895 29335 INFO keystone.common.wsgi >>>>>>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] GET >>>>>>>>> http://20.20.20.7:35357/v3/ >>>>>>>>> 2018-04-11 22:45:10.898 29335 INFO eventlet.wsgi.server >>>>>>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] 20.20.20.7 - >>>>>>>>> - >>>>>>>>> [11/Apr/2018 22:45:10] "GET /v3 HTTP/1.1" 200 493 0.062545 >>>>>>>>> 2018-04-11 22:45:10.908 29335 INFO keystone.common.wsgi >>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] POST >>>>>>>>> http://20.20.20.7:35357/v3/auth/tokens >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Could not >>>>>>>>> find >>>>>>>>> domain: >>>>>>>>> Default >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> Traceback >>>>>>>>> (most recent call last): >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> File >>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", >>>>>>>>> line >>>>>>>>> 185, >>>>>>>>> in _lookup_domain >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> domain_name) >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> File >>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/common/manager.py", >>>>>>>>> line >>>>>>>>> 124, >>>>>>>>> in >>>>>>>>> wrapped >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> __ret_val >>>>>>>>> = __f(*args, **kwargs) >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> File >>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>>>> 1053, >>>>>>>>> in >>>>>>>>> decorate >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> should_cache_fn) >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> File >>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>>>> 657, >>>>>>>>> in >>>>>>>>> get_or_create >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> async_creator) as value: >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> File >>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line >>>>>>>>> 158, >>>>>>>>> in >>>>>>>>> __enter__ >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> return >>>>>>>>> self._enter() >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> File >>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line >>>>>>>>> 98, in >>>>>>>>> _enter >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> generated >>>>>>>>> = self._enter_create(createdtime) >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> File >>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line >>>>>>>>> 149, >>>>>>>>> in >>>>>>>>> _enter_create >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> created >>>>>>>>> = >>>>>>>>> self.creator() >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> File >>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>>>> 625, >>>>>>>>> in >>>>>>>>> gen_value >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> created_value = creator() >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> File >>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>>>> 1049, >>>>>>>>> in >>>>>>>>> creator >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> return >>>>>>>>> fn(*arg, **kw) >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> File >>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/resource/core.py", line >>>>>>>>> 720, >>>>>>>>> in >>>>>>>>> get_domain_by_name >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> raise >>>>>>>>> exception.DomainNotFound(domain_id=domain_name) >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> DomainNotFound: Could not find domain: Default >>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>> 2018-04-11 22:45:11.016 29335 WARNING keystone.common.wsgi >>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Authorization >>>>>>>>> failed. >>>>>>>>> The request you have made requires authentication. from 20.20.20.7 >>>>>>>>> 2018-04-11 22:45:11.018 29335 INFO eventlet.wsgi.server >>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] 20.20.20.7 - >>>>>>>>> - >>>>>>>>> [11/Apr/2018 22:45:11] "POST /v3/auth/tokens HTTP/1.1" 401 425 >>>>>>>>> 0.113822 >>>>>>>>> >>>>>>>>> Can someone please tell me what's going on? >>>>>>>>> Thanks in advance for your replies. >>>>>>>>> >>>>>>>>> > > -- -Shyam
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
