Maybe, you should do like follows:
chown -R keystone:keystone /etc/keystone
Then, restart the keystone service:
systemctl restart openstack-keystone
------------------
Best Regards
ZhangJialong
------------------ Original ------------------
From: "Adam Young"<ayo...@redhat.com>;
Date: Tue, Nov 3, 2015 11:01 AM
To: "openstack"<openstack@lists.openstack.org>;
Subject: Re: [Openstack] Keystone Fernet Token
On 10/28/2015 02:23 PM, Reza Bakhshayeshi wrote:
Hi all,
I'm going to use fernet token on OpenStack Kilo (only Keystone
service is installed),
I've configured keystone.conf like:
[token]
provider = keystone.token.providers.fernet.Provider
when I'm running:
keystone-manage fernet_setup --keystone-user keystone
--keystone-group keystone
keys creating successfully in /etc/keystone/fernet-keys
directory.
But when I'm going to creating a token I receive the following
error, here is the complete log:
2015-10-28 21:22:14.680 65218 INFO keystone.common.wsgi [-]
GET /?
2015-10-28 23:50:25.343 9377 INFO
keystone.token.providers.fernet.utils [-] [fernet_tokens]
key_repository does not appear to exist; attempting to create it
2015-10-28 23:50:25.344 9377 INFO
keystone.token.providers.fernet.utils [-] Created a new key:
/etc/keystone/fernet-keys/0
2015-10-28 23:50:25.344 9377 INFO
keystone.token.providers.fernet.utils [-] Starting key rotation with
1 key files: ['/etc/keystone/fernet-keys/0']
2015-10-28 23:50:25.344 9377 INFO
keystone.token.providers.fernet.utils [-] Current primary key is: 0
2015-10-28 23:50:25.345 9377 INFO
keystone.token.providers.fernet.utils [-] Next primary key will be: 1
2015-10-28 23:50:25.345 9377 INFO
keystone.token.providers.fernet.utils [-] Promoted key 0 to be the
primary: 1
2015-10-28 23:50:25.345 9377 INFO
keystone.token.providers.fernet.utils [-] Created a new key:
/etc/keystone/fernet-keys/0
2015-10-28 23:50:25.345 9377 INFO
keystone.token.providers.fernet.utils [-] Excess keys to purge: []
2015-10-28 23:50:52.632 8059 INFO keystone.common.wsgi [-]
POST /tokens?
2015-10-28 23:50:52.889 8059 ERROR
keystone.token.providers.fernet.utils [-] Either [fernet_tokens]
key_repository does not exist or Keystone does not have sufficient
permission to access it: /etc/keystone/fernet-keys/
2015-10-28 23:50:52.890 8059 WARNING keystone.common.wsgi [-]
No encryption keys found; run keystone-manage fernet_setup to
bootstrap one.
while the permissions seem to be correct:
# ls -lah /etc/keystone/
total 104K
drwxr-x---. 3 root keystone 4.0K Oct 28 23:50 .
drwxr-xr-x. 143 root root 12K Oct 28 12:56 ..
-rw-r-----. 1 root keystone 1.5K Jul 29 00:21
default_catalog.templates
drwx------. 2 keystone keystone 4.0K Oct 28 23:50
fernet-keys
-rw-r-----. 1 root keystone 57K Oct 28 23:48
keystone.conf
-rw-r-----. 1 root keystone 1.1K Jul 29 00:21
logging.conf
-rw-r-----. 1 keystone keystone 8.6K Jul 29 00:21
policy.json
-rw-r-----. 1 keystone keystone 665 Jul 29 00:21
sso_callback_template.html
What am I missing?
No idea. When I get into these situations, I use rpdb;
http://adam.younglogic.com/2015/02/debugging-openstack-with-rpdb/
Is there anything in /etc/keystone/fernet-keys ?
_______________________________________________ Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to :
openstack@lists.openstack.org Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
