Brad, The following to turn off SSL and PKI.
Mark ------------------------- [ssl] enable = False #certfile = /etc/keystone/ssl/certs/keystone.pem #keyfile = /etc/keystone/ssl/private/keystonekey.pem #ca_certs = /etc/keystone/ssl/certs/ca.pem #cert_required = True [signing] token_format = UUID #token_format = PKI #certfile = /etc/keystone/ssl/certs/signing_cert.pem #keyfile = /etc/keystone/ssl/private/signing_key.pem #ca_certs = /etc/keystone/ssl/certs/ca.pem #key_size = 1024 #valid_days = 3650 #ca_password = None -----Original Message----- From: openstack-bounces+mark.m.miller=hp....@lists.launchpad.net [mailto:openstack-bounces+mark.m.miller=hp....@lists.launchpad.net] On Behalf Of Brad Knowles Sent: Tuesday, March 05, 2013 10:45 AM To: Koert van der Veer Cc: <openstack@lists.launchpad.net> Subject: Re: [Openstack] keystone help! keystone stop/waiting On Mar 5, 2013, at 12:32 PM, Koert van der Veer <ko...@cloudvps.com> quoted Mballo Cherif: >> $ sudo service keystone start >> keystone start/running, process 15335 >> $ sudo service keystone status >> keystone stop/waiting >> >> How can I fix this? I'm having a similar problem with a grizzly front-end that I'm trying to get running. Turning up the logging detail with debug and verbose in /etc/keystone/keystone.conf, I can see that ssl is turned off but signing is turned on. Here's slices from /var/log/keystone/keystone.log: > 2013-03-05 12:20:16 DEBUG [keystone-all] ssl.ca_certs = > None > 2013-03-05 12:20:16 DEBUG [keystone-all] ssl.cert_required = > False > 2013-03-05 12:20:16 DEBUG [keystone-all] ssl.certfile = > None > 2013-03-05 12:20:16 DEBUG [keystone-all] ssl.enable = > False > 2013-03-05 12:20:16 DEBUG [keystone-all] ssl.keyfile = > None > > [ ... deletia ... ] > > 2013-03-05 12:20:16 DEBUG [keystone-all] signing.ca_certs = > /etc/keystone/ssl/certs/ca.pem > 2013-03-05 12:20:16 DEBUG [keystone-all] signing.ca_password = > None > 2013-03-05 12:20:16 DEBUG [keystone-all] signing.certfile = > /etc/keystone/ssl/certs/signing_cert.pem > 2013-03-05 12:20:16 DEBUG [keystone-all] signing.key_size = > 1024 > 2013-03-05 12:20:16 DEBUG [keystone-all] signing.keyfile = > /etc/keystone/ssl/private/signing_key.pem > 2013-03-05 12:20:16 DEBUG [keystone-all] signing.token_format = > PKI > 2013-03-05 12:20:16 DEBUG [keystone-all] signing.valid_days = > 3650 In contrast, here are the corresponding sections from /etc/keystone/keystone.conf: > [ssl] > #enable = True > #certfile = /etc/keystone/ssl/certs/keystone.pem > #keyfile = /etc/keystone/ssl/private/keystonekey.pem > #ca_certs = /etc/keystone/ssl/certs/ca.pem > #cert_required = True > > [signing] > #token_format = PKI > #certfile = /etc/keystone/ssl/certs/signing_cert.pem > #keyfile = /etc/keystone/ssl/private/signing_key.pem > #ca_certs = /etc/keystone/ssl/certs/ca.pem > #key_size = 1024 > #valid_days = 3650 > #ca_password = None So, it looks to me like both ssl and signing are commented out (and turned off) in /etc/keystone/keystone.conf, but the log file is telling me that signing is actually turned on. I'm sure you can imagine the problems that result from having signing turned on, but no /etc/keystone/ssl directory, much less anything under that hierarchy. So, have I missed something obvious? Is there any other debugging info that I can provide that would be useful? -- Brad Knowles <bknow...@momentumsi.com> Senior Consultant _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
