Thanks all, specially Rahul, I solved the problem temporarily by disabling selinux.
On 3 November 2015 at 07:43, 张家龙 <zhan...@awcloud.com> wrote: > Maybe, you should do like follows: > > chown -R keystone:keystone /etc/keystone > > Then, restart the keystone service: > > systemctl restart openstack-keystone > > > > > > ------------------ > Best Regards > > ZhangJialong > > > > ------------------ Original ------------------ > *From: * "Adam Young"<ayo...@redhat.com>; > *Date: * Tue, Nov 3, 2015 11:01 AM > *To: * "openstack"<openstack@lists.openstack.org>; > *Subject: * Re: [Openstack] Keystone Fernet Token > > On 10/28/2015 02:23 PM, Reza Bakhshayeshi wrote: > > Hi all, > > I'm going to use fernet token on OpenStack Kilo (only Keystone service is > installed), > I've configured keystone.conf like: > > [token] > provider = keystone.token.providers.fernet.Provider > > when I'm running: > keystone-manage fernet_setup --keystone-user keystone --keystone-group > keystone > > keys creating successfully in /etc/keystone/fernet-keys directory. > But when I'm going to creating a token I receive the following error, here > is the complete log: > > 2015-10-28 21:22:14.680 65218 INFO keystone.common.wsgi [-] GET /? > 2015-10-28 23:50:25.343 9377 INFO keystone.token.providers.fernet.utils > [-] [fernet_tokens] key_repository does not appear to exist; attempting to > create it > 2015-10-28 23:50:25.344 9377 INFO keystone.token.providers.fernet.utils > [-] Created a new key: /etc/keystone/fernet-keys/0 > 2015-10-28 23:50:25.344 9377 INFO keystone.token.providers.fernet.utils > [-] Starting key rotation with 1 key files: ['/etc/keystone/fernet-keys/0'] > 2015-10-28 23:50:25.344 9377 INFO keystone.token.providers.fernet.utils > [-] Current primary key is: 0 > 2015-10-28 23:50:25.345 9377 INFO keystone.token.providers.fernet.utils > [-] Next primary key will be: 1 > 2015-10-28 23:50:25.345 9377 INFO keystone.token.providers.fernet.utils > [-] Promoted key 0 to be the primary: 1 > 2015-10-28 23:50:25.345 9377 INFO keystone.token.providers.fernet.utils > [-] Created a new key: /etc/keystone/fernet-keys/0 > 2015-10-28 23:50:25.345 9377 INFO keystone.token.providers.fernet.utils > [-] Excess keys to purge: [] > 2015-10-28 23:50:52.632 8059 INFO keystone.common.wsgi [-] POST /tokens? > 2015-10-28 23:50:52.889 8059 ERROR keystone.token.providers.fernet.utils > [-] Either [fernet_tokens] key_repository does not exist or Keystone does > not have sufficient permission to access it: /etc/keystone/fernet-keys/ > 2015-10-28 23:50:52.890 8059 WARNING keystone.common.wsgi [-] No > encryption keys found; run keystone-manage fernet_setup to bootstrap one. > > while the permissions seem to be correct: > > # ls -lah /etc/keystone/ > total 104K > drwxr-x---. 3 root keystone 4.0K Oct 28 23:50 . > drwxr-xr-x. 143 root root 12K Oct 28 12:56 .. > -rw-r-----. 1 root keystone 1.5K Jul 29 00:21 > default_catalog.templates > drwx------. 2 keystone keystone 4.0K Oct 28 23:50 fernet-keys > -rw-r-----. 1 root keystone 57K Oct 28 23:48 keystone.conf > -rw-r-----. 1 root keystone 1.1K Jul 29 00:21 logging.conf > -rw-r-----. 1 keystone keystone 8.6K Jul 29 00:21 policy.json > -rw-r-----. 1 keystone keystone 665 Jul 29 00:21 > sso_callback_template.html > > What am I missing? > > > No idea. When I get into these situations, I use rpdb; > > http://adam.younglogic.com/2015/02/debugging-openstack-with-rpdb/ > > > Is there anything in /etc/keystone/fernet-keys ? > > > > > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
