This issue is caused by keystone listening globally for the public url (port 5000) but only on localhost for 35357. I poked a little more and found the cause.
Setting SERVICE_HOST in localrc causes devstack to produce these values in keystone.conf: admin_bind_host = dkranz-devstack admin_endpoint = http://dkranz-devstack:%(admin_port)s/ public_endpoint = http://dkranz-devstack:%(public_port)s/ I thought the purpose of this env variable was to make the catalog expose endpoints that are accessible from outside the devstack machine so it is surprising this also sets the bind host which makes it not accessible off the local machine. Is this behaviour intentional? ** Also affects: devstack Importance: Undecided Status: New ** Changed in: keystone Status: New => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1283803 Title: keystone listens locally on admin port Status in devstack - openstack dev environments: New Status in OpenStack Identity (Keystone): Invalid Bug description: I installed a vanilla devstack except for setting SERVICE_HOST in localrc so I could run tempest from another machine. Tempest fails trying to connect to adminURL and it seems to be because port 35357 is only open locally. The conf file comment says: # The base admin endpoint URL for keystone that are advertised # to clients (NOTE: this does NOT affect how keystone listens # for connections) (string value) #admin_endpoint=http://localhost:%(admin_port)s/ But this from netstat. I would expect 35357 to be the same as the others. It is also possible this is a devstack issue but I'm not sure so starting here. Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:iscsi-target *:* LISTEN tcp 0 0 *:40956 *:* LISTEN tcp 0 0 localhost:35357 *:* LISTEN tcp 0 0 *:6080 *:* LISTEN tcp 0 0 *:6081 *:* LISTEN tcp 0 0 *:3333 *:* LISTEN tcp 0 0 *:8773 *:* LISTEN tcp 0 0 *:8774 *:* LISTEN tcp 0 0 *:8775 *:* LISTEN tcp 0 0 *:9191 *:* LISTEN tcp 0 0 *:8776 *:* LISTEN tcp 0 0 *:5000 *:* LISTEN ... elided ... And catalog:+-------------+-----------------------------------+ | Property | Value | +-------------+-----------------------------------+ | adminURL | http://dkranz-devstack:35357/v2.0 | | id | 39932d3dcf4340a98727294ed5ec71b8 | | internalURL | http://dkranz-devstack:5000/v2.0 | | publicURL | http://dkranz-devstack:5000/v2.0 | | region | RegionOne | +-------------+-----------------------------------+ To manage notifications about this bug go to: https://bugs.launchpad.net/devstack/+bug/1283803/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
