subject:"\[Openstack\] keystone initialization problem"

Re: [Openstack] keystone initialization problem

2012-08-20 Thread Xin Zhao

Thanks all for the suggestions, it helped to trace to the real problem: 
our own proxy server is misconfigured, nothing to do with openstack.

After fixing proxy server, it works.

Thanks,
Xin

On 8/17/2012 6:28 PM, Adam Young wrote:

OK, SERVICE_TOKEN is the same as --token


You can follow the steps here:

https://access.redhat.com/knowledge/docs/en-US/Red_Hat_OpenStack_Preview/


Specifically:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_OpenStack_Preview/1/html/Getting_Started_Guide/ch02.html#id3165390
||  *|export SERVICE_TOKEN=$(openssl rand -hex 10)|*
||  *|export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0|*
||  *|echo $SERVICE_TOKEN > /tmp/ks_admin_token|*
||  *|sudo openstack-config --set /etc/keystone/keystone.conf \|*
   *|DEFAULT admin_token $SERVICE_TOKEN|*


and that should be the admin_token value that you have.

If nothing is in the log, it probably means you have not actually hit 
the right server.




On 08/17/2012 05:47 PM, Dolph Mathews wrote:
The admin_token value from keystone.conf is not a real token; it 
exists as a string in memory and has no context, user or actual roles 
associated with it (hence it does not appear in your token table).


As for your actual issue, I don't see anything obviously wrong with 
what's below. Is logging enabled & working, otherwise? Have you tried 
"verbose = True" and "debug = True"? Have you tried running that 
command from the compute node itself, rather than over the internet 
IP? What happens when you curl / GET / whatever http://of the controller node>:35357/v2.0 and/or http://127.0.0.1:35357/v2.0 ?


-Dolph

On Fri, Aug 17, 2012 at 3:26 PM, Xin Zhao > wrote:


Hello,

I newly install keystone on the RHEL6 machine, but it is not
working. The following command fails:

$ keystone --token 
--endpoint http://:35357/v2.0
tenant-create --name openstackDemo --description "Default Tenant"
--enabled true

Unable to communicate with identity service: (403, 'Forbidden').
(HTTP 400)

There is no relevant log in the keystone.log file.

Here is the instruction I follow:

http://docs.openstack.org/essex/openstack-compute/install/yum/content/setting-up-tenants-users-and-roles.html

This is done on the controller node itself. I can telnet to
:35357. I can also
log into mysql DB as keystone user, although there is no
 entry in any of the keystone tables.

Any idea what is going wrong here?

Thanks,
Xin


___
Mailing list: https://launchpad.net/~openstack

Post to : openstack@lists.launchpad.net

Unsubscribe : https://launchpad.net/~openstack

More help   : https://help.launchpad.net/ListHelp




___
Mailing list:https://launchpad.net/~openstack
Post to :openstack@lists.launchpad.net
Unsubscribe :https://launchpad.net/~openstack
More help   :https://help.launchpad.net/ListHelp




___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp




smime.p7s
Description: S/MIME Cryptographic Signature
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] keystone initialization problem

2012-08-17 Thread Adam Young


OK, SERVICE_TOKEN is the same as --token


You can follow the steps here:

https://access.redhat.com/knowledge/docs/en-US/Red_Hat_OpenStack_Preview/


Specifically:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_OpenStack_Preview/1/html/Getting_Started_Guide/ch02.html#id3165390
||  *|export SERVICE_TOKEN=$(openssl rand -hex 10)|*
||  *|export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0|*
||  *|echo $SERVICE_TOKEN > /tmp/ks_admin_token|*
||  *|sudo openstack-config --set /etc/keystone/keystone.conf \|*
  *|DEFAULT admin_token $SERVICE_TOKEN|*



and that should be the admin_token value that you have.

If nothing is in the log, it probably means you have not actually hit 
the right server.




On 08/17/2012 05:47 PM, Dolph Mathews wrote:
The admin_token value from keystone.conf is not a real token; it 
exists as a string in memory and has no context, user or actual roles 
associated with it (hence it does not appear in your token table).


As for your actual issue, I don't see anything obviously wrong with 
what's below. Is logging enabled & working, otherwise? Have you tried 
"verbose = True" and "debug = True"? Have you tried running that 
command from the compute node itself, rather than over the internet 
IP? What happens when you curl / GET / whatever http://the controller node>:35357/v2.0 and/or http://127.0.0.1:35357/v2.0 ?


-Dolph

On Fri, Aug 17, 2012 at 3:26 PM, Xin Zhao > wrote:


Hello,

I newly install keystone on the RHEL6 machine, but it is not
working. The following command fails:

$ keystone --token 
--endpoint http://:35357/v2.0
tenant-create --name openstackDemo --description "Default Tenant"
--enabled true

Unable to communicate with identity service: (403, 'Forbidden').
(HTTP 400)

There is no relevant log in the keystone.log file.

Here is the instruction I follow:

http://docs.openstack.org/essex/openstack-compute/install/yum/content/setting-up-tenants-users-and-roles.html

This is done on the controller node itself. I can telnet to
:35357. I can also
log into mysql DB as keystone user, although there is no
 entry in any of the keystone tables.

Any idea what is going wrong here?

Thanks,
Xin


___
Mailing list: https://launchpad.net/~openstack

Post to : openstack@lists.launchpad.net

Unsubscribe : https://launchpad.net/~openstack

More help   : https://help.launchpad.net/ListHelp




___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] keystone initialization problem

2012-08-17 Thread Dolph Mathews

The admin_token value from keystone.conf is not a real token; it exists as
a string in memory and has no context, user or actual roles associated with
it (hence it does not appear in your token table).

As for your actual issue, I don't see anything obviously wrong with what's
below. Is logging enabled & working, otherwise? Have you tried "verbose =
True" and "debug = True"? Have you tried running that command from the
compute node itself, rather than over the internet IP? What happens when
you curl / GET / whatever http://:35357/v2.0 and/or http://127.0.0.1:35357/v2.0 ?

-Dolph

On Fri, Aug 17, 2012 at 3:26 PM, Xin Zhao  wrote:

> Hello,
>
> I newly install keystone on the RHEL6 machine, but it is not working. The
> following command fails:
>
> $ keystone --token  --endpoint
> http://:35357/v2.0 tenant-create
> --name openstackDemo --description "Default Tenant" --enabled true
>
> Unable to communicate with identity service: (403, 'Forbidden'). (HTTP 400)
>
> There is no relevant log in the keystone.log file.
>
> Here is the instruction I follow:
> http://docs.openstack.org/**essex/openstack-compute/**
> install/yum/content/setting-**up-tenants-users-and-roles.**html
>
> This is done on the controller node itself. I can telnet to  of the controller node>:35357. I can also
> log into mysql DB as keystone user, although there is no 
> entry in any of the keystone tables.
>
> Any idea what is going wrong here?
>
> Thanks,
> Xin
>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] keystone initialization problem

2012-08-17 Thread Xin Zhao


Hello,

I newly install keystone on the RHEL6 machine, but it is not working. 
The following command fails:


$ keystone --token  --endpoint 
http://:35357/v2.0 tenant-create 
--name openstackDemo --description "Default Tenant" --enabled true


Unable to communicate with identity service: (403, 'Forbidden'). (HTTP 400)

There is no relevant log in the keystone.log file.

Here is the instruction I follow:
http://docs.openstack.org/essex/openstack-compute/install/yum/content/setting-up-tenants-users-and-roles.html

This is done on the controller node itself. I can telnet to of the controller node>:35357. I can also
log into mysql DB as keystone user, although there is no  
entry in any of the keystone tables.


Any idea what is going wrong here?

Thanks,
Xin



smime.p7s
Description: S/MIME Cryptographic Signature
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] keystone initialization problem

Re: [Openstack] keystone initialization problem

Re: [Openstack] keystone initialization problem

[Openstack] keystone initialization problem

4 matches

Site Navigation

Mail list logo

Footer information