Public bug reported:
Running devstack in fresh Ubuntu 12.04 virtual machine with:
$ cat local_rc
KEYSTONE_TOKEN_FORMAT=UUID
...fails to start Keystone. Despite being configured for the UUID
provider, keystone attempts to read
`/etc/keystone/ssl/certs/signing_cert.pem` and fails (because it doesn't
exist):
2014-04-25 10:36:25.289 INFO eventlet.wsgi.server [-] 192.168.121.46 - -
[25/Apr/2014 10:36:25] "GET /v2.0/tokens/69da781ae31c405e9aaa7adbf8f6f806
HTTP/1.1" 200 3988 0.009096
2014-04-25 10:36:25.294 DEBUG keystone.middleware.core [-] RBAC: auth_context:
{'project_id': u'7fab1d7a9ba741208bd748749a394902', 'user_id':
u'8d21c5353bdd4eb7a1a805cb3b7fd1b2', 'roles': [u'_member_', u'service
']} from (pid=13334) process_request
/opt/stack/keystone/keystone/middleware/core.py:281
2014-04-25 10:36:25.296 DEBUG keystone.common.wsgi [-] arg_dict: {} from
(pid=13334) __call__ /opt/stack/keystone/keystone/common/wsgi.py:181
2014-04-25 10:36:25.296 DEBUG keystone.common.controller [-] RBAC: Authorizing
identity:revocation_list() from (pid=13334) _build_policy_check_credentials
/opt/stack/keystone/keystone/common/controller.py:54
2014-04-25 10:36:25.297 DEBUG keystone.common.controller [-] RBAC: using auth
context from the request environment from (pid=13334)
_build_policy_check_credentials /opt/stack/keystone/keystone/common/controller.
py:59
2014-04-25 10:36:25.297 DEBUG keystone.policy.backends.rules [-] enforce
identity:revocation_list: {'project_id': u'7fab1d7a9ba741208bd748749a394902',
'user_id': u'8d21c5353bdd4eb7a1a805cb3b7fd1b2', 'roles': [u'
_member_', u'service']} from (pid=13334) enforce
/opt/stack/keystone/keystone/policy/backends/rules.py:101
2014-04-25 10:36:25.297 DEBUG keystone.openstack.common.policy [-] Rule
identity:revocation_list will be now enforced from (pid=13334) enforce
/opt/stack/keystone/keystone/openstack/common/policy.py:287
2014-04-25 10:36:25.298 DEBUG keystone.common.controller [-] RBAC:
Authorization granted from (pid=13334) inner
/opt/stack/keystone/keystone/common/controller.py:151
2014-04-25 10:36:25.309 ERROR keystoneclient.common.cms [-] Signing error:
Error opening signer certificate /etc/keystone/ssl/certs/signing_cert.pem
140424564475552:error:02001002:system library:fopen:No such file or
directory:bss_file.c:398:fopen('/etc/keystone/ssl/certs/signing_cert.pem','r')
140424564475552:error:20074002:BIO routines:FILE_CTRL:system
lib:bss_file.c:400:
unable to load certificate
2014-04-25 10:36:25.310 ERROR keystone.common.wsgi [-] Command 'openssl'
returned non-zero exit status 3
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi Traceback (most recent call
last):
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi File
"/opt/stack/keystone/keystone/common/wsgi.py", line 207, in __call__
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi result = method(context,
**params)
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi File
"/opt/stack/keystone/keystone/common/controller.py", line 152, in inner
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi return f(self, context,
*args, **kwargs)
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi File
"/opt/stack/keystone/keystone/token/controllers.py", line 436, in
revocation_list
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi CONF.signing.keyfile)
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi File
"/opt/stack/python-keystoneclient/keystoneclient/common/cms.py", line 251, in
cms_sign_text
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi raise
subprocess.CalledProcessError(retcode, 'openssl')
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi CalledProcessError: Command
'openssl' returned non-zero exit status 3
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi
2014-04-25 10:36:25.316 INFO eventlet.wsgi.server [-] 192.168.121.46 - -
[25/Apr/2014 10:36:25] "GET /v2.0/tokens/revoked HTTP/1.1" 500 341 0.024887
https://asciinema.org/a/9116
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1312858
Title:
Keystone + Devstack fail when KEYSTONE_TOKEN_FORMAT=UUID
Status in OpenStack Identity (Keystone):
New
Bug description:
Running devstack in fresh Ubuntu 12.04 virtual machine with:
$ cat local_rc
KEYSTONE_TOKEN_FORMAT=UUID
...fails to start Keystone. Despite being configured for the UUID
provider, keystone attempts to read
`/etc/keystone/ssl/certs/signing_cert.pem` and fails (because it
doesn't exist):
2014-04-25 10:36:25.289 INFO eventlet.wsgi.server [-] 192.168.121.46 - -
[25/Apr/2014 10:36:25] "GET /v2.0/tokens/69da781ae31c405e9aaa7adbf8f6f806
HTTP/1.1" 200 3988 0.009096
2014-04-25 10:36:25.294 DEBUG keystone.middleware.core [-] RBAC:
auth_context: {'project_id': u'7fab1d7a9ba741208bd748749a394902', 'user_id':
u'8d21c5353bdd4eb7a1a805cb3b7fd1b2', 'roles': [u'_member_', u'service
']} from (pid=13334) process_request
/opt/stack/keystone/keystone/middleware/core.py:281
2014-04-25 10:36:25.296 DEBUG keystone.common.wsgi [-] arg_dict: {} from
(pid=13334) __call__ /opt/stack/keystone/keystone/common/wsgi.py:181
2014-04-25 10:36:25.296 DEBUG keystone.common.controller [-] RBAC:
Authorizing identity:revocation_list() from (pid=13334)
_build_policy_check_credentials
/opt/stack/keystone/keystone/common/controller.py:54
2014-04-25 10:36:25.297 DEBUG keystone.common.controller [-] RBAC: using auth
context from the request environment from (pid=13334)
_build_policy_check_credentials /opt/stack/keystone/keystone/common/controller.
py:59
2014-04-25 10:36:25.297 DEBUG keystone.policy.backends.rules [-] enforce
identity:revocation_list: {'project_id': u'7fab1d7a9ba741208bd748749a394902',
'user_id': u'8d21c5353bdd4eb7a1a805cb3b7fd1b2', 'roles': [u'
_member_', u'service']} from (pid=13334) enforce
/opt/stack/keystone/keystone/policy/backends/rules.py:101
2014-04-25 10:36:25.297 DEBUG keystone.openstack.common.policy [-] Rule
identity:revocation_list will be now enforced from (pid=13334) enforce
/opt/stack/keystone/keystone/openstack/common/policy.py:287
2014-04-25 10:36:25.298 DEBUG keystone.common.controller [-] RBAC:
Authorization granted from (pid=13334) inner
/opt/stack/keystone/keystone/common/controller.py:151
2014-04-25 10:36:25.309 ERROR keystoneclient.common.cms [-] Signing error:
Error opening signer certificate /etc/keystone/ssl/certs/signing_cert.pem
140424564475552:error:02001002:system library:fopen:No such file or
directory:bss_file.c:398:fopen('/etc/keystone/ssl/certs/signing_cert.pem','r')
140424564475552:error:20074002:BIO routines:FILE_CTRL:system
lib:bss_file.c:400:
unable to load certificate
2014-04-25 10:36:25.310 ERROR keystone.common.wsgi [-] Command 'openssl'
returned non-zero exit status 3
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi Traceback (most recent
call last):
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi File
"/opt/stack/keystone/keystone/common/wsgi.py", line 207, in __call__
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi result =
method(context, **params)
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi File
"/opt/stack/keystone/keystone/common/controller.py", line 152, in inner
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi return f(self,
context, *args, **kwargs)
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi File
"/opt/stack/keystone/keystone/token/controllers.py", line 436, in
revocation_list
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi CONF.signing.keyfile)
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi File
"/opt/stack/python-keystoneclient/keystoneclient/common/cms.py", line 251, in
cms_sign_text
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi raise
subprocess.CalledProcessError(retcode, 'openssl')
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi CalledProcessError:
Command 'openssl' returned non-zero exit status 3
2014-04-25 10:36:25.310 TRACE keystone.common.wsgi
2014-04-25 10:36:25.316 INFO eventlet.wsgi.server [-] 192.168.121.46 - -
[25/Apr/2014 10:36:25] "GET /v2.0/tokens/revoked HTTP/1.1" 500 341 0.024887
https://asciinema.org/a/9116
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1312858/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
