[Yahoo-eng-team] [Bug 1288506] Re: issue when I using PKI for token format

Mon, 10 Mar 2014 18:26:30 -0700 

Yes, after run keystone-manage pki_setup`  and change the correct
directory in [signing] , the issue is gone.

** Changed in: keystone
       Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1288506

Title:
  issue when I using PKI for token format

Status in OpenStack Identity (Keystone):
  Invalid

Bug description:
  Hi,

  I'm working under CentOS 6.4 + Havana, my keystone version is:
            openstack-keystone.noarch                         2013.2.2-1.el6  
@openstack-havana

  When I run command "keystone user-list", I get error:
           Authorization Failed: Unable to sign token. (HTTP 500)

  I can get error information in both "keystone-startup.log" and
  "keystone.log":

  2014-03-06 09:31:29.999 18693 ERROR keystone.common.cms [-] Signing error: 
Unable to load certificate - ensure you've configured PKI with 'keystone-manage 
pki_setup'
  2014-03-06 09:31:29.999 18693 ERROR keystone.token.providers.pki [-] Unable 
to sign token
  2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki Traceback 
(most recent call last):
  2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki   File 
"/usr/lib/python2.6/site-packages/keystone/token/providers/pki.py", line 39, in 
_get_token_id
  2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki     
CONF.signing.keyfile)
  2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki   File 
"/usr/lib/python2.6/site-packages/keystone/common/cms.py", line 144, in 
cms_sign_token
  2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki     output = 
cms_sign_text(text, signing_cert_file_name, signing_key_file_name)
  2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki   File 
"/usr/lib/python2.6/site-packages/keystone/common/cms.py", line 139, in 
cms_sign_text
  2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki     raise 
environment.subprocess.CalledProcessError(retcode, "openssl")
  2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki 
CalledProcessError: Command 'openssl' returned non-zero exit status 3
  2014-03-06 09:31:29.999 18693 TRACE keystone.token.providers.pki
  2014-03-06 09:31:30.000 18693 WARNING keystone.common.wsgi [-] Unable to sign 
token.
  ~


  Anyone know why this happened ???

  
  Thanks.
  -chen

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1288506/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to