Here is the documentation page I followed: https://docs.openstack.org/keystone/queens/install/keystone-install-ubuntu.html
On Mon, Apr 16, 2018 at 3:14 PM, Shyam Prasad N <nspmangal...@gmail.com> wrote: > Hi Eugen, > > Ignore the different IPs. I had tried keystone install on two different > systems. The old admin-rc script was from the other node. > > As per the port numbers, I followed what was in the documentation: > Bootstrap the Identity service: > # keystone-manage bootstrap --bootstrap-password ADMIN_PASS \ > --bootstrap-admin-url http://controller:5000/v3/ \ > --bootstrap-internal-url http://controller:5000/v3/ \ > --bootstrap-public-url http://controller:5000/v3/ \ > --bootstrap-region-id RegionOne > > Regards, > Shyam > > On Mon, Apr 16, 2018 at 2:57 PM, Eugen Block <ebl...@nde.ag> wrote: > >> Hi, >> >> I found some differences between your bootstrap command and your admin-rc >> credentials: >> >> export OS_AUTH_URL=http://20.20.20.7:35357/v3 >>> --bootstrap-admin-url http://20.20.20.8:5000/v3/ >>> >> >> You use two different IPs for your controller node, this can't work. >> Another thing is, you usually have to create one admin endpoint (port >> 35357) and a public endpoint (port 5000), you use the public port for both >> endpoints. This could work, of course, although not recommended. But then >> you have to change your admin-rc credentials respectively. They should >> reflect the configuration you bootstrapped with keystone-manage. >> >> Change your admin-rc to point to the correct IP and the correct port, >> then retry the domain list command after sourcing the credentials. >> >> >> >> Zitat von Shyam Prasad N <nspmangal...@gmail.com>: >> >> Hi, >>> >>> Sorry for the late reply. Was out for a while. >>> >>> # openstack domain list >>> The request you have made requires authentication. (HTTP 401) >>> (Request-ID: >>> req-fd20ec4d-9000-4cfa-9a5c-ba547a11c4c4) >>> >>> # tail /var/log/keystone/keystone-manage.log >>> # >>> >>> # keystone-manage bootstrap --bootstrap-password PASSWORD >>> --bootstrap-admin-url http://20.20.20.8:5000/v3/ >>> --bootstrap-internal-url >>> http://20.20.20.8:5000/v3/ --bootstrap-public-url >>> http://20.20.20.8:5000/v3/ >>> --bootstrap-region-id RegionOne >>> 2018-04-15 22:29:39.456 18518 WARNING keystone.assignment.core [-] >>> Deprecated: Use of the identity driver config to automatically configure >>> the same assignment driver has been deprecated, in the "O" release, the >>> assignment driver will need to be expicitly configured if different than >>> the default (SQL). >>> 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default >>> already exists, skipping creation. >>> 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin >>> already >>> exists, skipping creation. >>> 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already >>> exists, skipping creation. >>> 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin exists, >>> skipping creation. >>> 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already >>> has >>> admin on admin. >>> 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne >>> exists, skipping creation. >>> 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin >>> endpoint as already created >>> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal >>> endpoint as already created >>> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public >>> endpoint as already created >>> # tail /var/log/keystone/keystone-manage.log2018-04-15 22:29:39.456 >>> 18518 >>> WARNING keystone.assignment.core [-] Deprecated: Use of the identity >>> driver >>> config to automatically configure the same assignment driver has been >>> deprecated, in the "O" release, the assignment driver will need to be >>> expicitly configured if different than the default (SQL). >>> 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default >>> already exists, skipping creation. >>> 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin >>> already >>> exists, skipping creation. >>> 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already >>> exists, skipping creation. >>> 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin exists, >>> skipping creation. >>> 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already >>> has >>> admin on admin. >>> 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne >>> exists, skipping creation. >>> 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin >>> endpoint as already created >>> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal >>> endpoint as already created >>> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public >>> endpoint as already created >>> # >>> >>> >>> On Fri, Apr 13, 2018 at 11:54 AM, Eugen Block <ebl...@nde.ag> wrote: >>> >>> Hi, >>>> >>>> the bug I reported is invalid because the keystone-bootstrap command is >>>> supposed to create the default domain. Since we created our cloud in >>>> Liberty release the default domain already existed in our environment. >>>> Well, I guess we're back to square one. ;-) >>>> >>>> Can you paste the output of >>>> >>>> control:~ # openstack domain list >>>> >>>> If the keystone bootstrap command worked, it should at least show the >>>> default domain. If it doesn't take a look into >>>> /var/log/keystone/keystone-manage.log and check for errors. If this >>>> doesn't reveal anything try running it again and check the logs again. >>>> >>>> >>>> Zitat von Eugen Block <ebl...@nde.ag>: >>>> >>>> >>>> The missing command has been in Newton, Ocata and Pike release. They >>>> fixed >>>> >>>>> it in Queens again. >>>>> >>>>> I filed a bug report: https://bugs.launchpad.net/keystone/+bug/1763297 >>>>> >>>>> Regards >>>>> >>>>> >>>>> Zitat von Shyam Prasad N <nspmangal...@gmail.com>: >>>>> >>>>> Thanks Eugen. It'll be great if you can do it. (I haven't yet gone >>>>> through >>>>> >>>>>> the bug reporting documentation) >>>>>> Please add me to the bug's CC list. That way if some info is needed >>>>>> from >>>>>> me, I can provide it. >>>>>> >>>>>> Regards, >>>>>> Shyam >>>>>> >>>>>> On Thu, Apr 12, 2018 at 12:48 PM, Eugen Block <ebl...@nde.ag> wrote: >>>>>> >>>>>> I believe there's something missing in Ocata and Pike docs. If you >>>>>> read >>>>>> >>>>>>> Mitaka install guide [1] you'll find the first step to be creating >>>>>>> the >>>>>>> default domain before all other steps regarding projects and users. >>>>>>> >>>>>>> You should run >>>>>>> >>>>>>> openstack domain create --description "Default Domain" default >>>>>>> >>>>>>> and then the next steps should work, at least I hope so. >>>>>>> >>>>>>> Do you want to report this as a bug? I can also report it, I have >>>>>>> already >>>>>>> filed several reports. >>>>>>> >>>>>>> Regards >>>>>>> >>>>>>> >>>>>>> [1] https://docs.openstack.org/mitaka/install-guide-obs/keystone >>>>>>> -users.html >>>>>>> >>>>>>> >>>>>>> >>>>>>> Zitat von Shyam Prasad N <nspmangal...@gmail.com>: >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> >>>>>>>> Please read my replies inline below... >>>>>>>> >>>>>>>> On Thu, Apr 12, 2018 at 12:10 PM, Eugen Block <ebl...@nde.ag> >>>>>>>> wrote: >>>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> >>>>>>>>> can you paste the credentials you're using? >>>>>>>>> >>>>>>>>> # cat admin-rc >>>>>>>>> >>>>>>>>> export OS_USERNAME=admin >>>>>>>> export OS_PASSWORD=abcdef >>>>>>>> export OS_PROJECT_NAME=admin >>>>>>>> export OS_USER_DOMAIN_NAME=Default >>>>>>>> export OS_PROJECT_DOMAIN_NAME=Default >>>>>>>> export OS_AUTH_URL=http://20.20.20.7:35357/v3 >>>>>>>> export OS_IDENTITY_API_VERSION=3 >>>>>>>> >>>>>>>> The config values (e.g. domain) are case sensitive, the ID of the >>>>>>>> default >>>>>>>> >>>>>>>> domain is usually "domain", its name is "Default". But if you're >>>>>>>> >>>>>>>>> sourcing >>>>>>>>> the credentials with ID "Default" this would go wrong, although I'm >>>>>>>>> not >>>>>>>>> sure if this would be the expected error message. >>>>>>>>> >>>>>>>>> Just a couple of weeks ago there was someone on ask.openstack.org >>>>>>>>> who >>>>>>>>> ignored case-sensitive options and failed to operate his cloud. >>>>>>>>> >>>>>>>>> Did the keystone-manage bootstrap command work? >>>>>>>>> >>>>>>>>> Yes. It did not throw any errors. >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> Regards >>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Zitat von Shyam Prasad N <nspmangal...@gmail.com>: >>>>>>>>> >>>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> >>>>>>>>> I'm trying to install keystone for my swift cluster. >>>>>>>>>> I followed this document for install and configuration: >>>>>>>>>> https://docs.openstack.org/keystone/pike/install/ >>>>>>>>>> >>>>>>>>>> However, I'm getting this error for a command: >>>>>>>>>> # openstack user create --domain default --password-prompt swift >>>>>>>>>> The request you have made requires authentication. (HTTP 401) >>>>>>>>>> (Request-ID: >>>>>>>>>> req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8) >>>>>>>>>> >>>>>>>>>> # tail /var/log/keystone/keystone.log >>>>>>>>>> 2018-04-11 22:45:10.895 29335 INFO keystone.common.wsgi >>>>>>>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] GET >>>>>>>>>> http://20.20.20.7:35357/v3/ >>>>>>>>>> 2018-04-11 22:45:10.898 29335 INFO eventlet.wsgi.server >>>>>>>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] 20.20.20.7 >>>>>>>>>> - - >>>>>>>>>> [11/Apr/2018 22:45:10] "GET /v3 HTTP/1.1" 200 493 0.062545 >>>>>>>>>> 2018-04-11 22:45:10.908 29335 INFO keystone.common.wsgi >>>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] POST >>>>>>>>>> http://20.20.20.7:35357/v3/auth/tokens >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Could not >>>>>>>>>> find >>>>>>>>>> domain: >>>>>>>>>> Default >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> Traceback >>>>>>>>>> (most recent call last): >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> File >>>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", >>>>>>>>>> line >>>>>>>>>> 185, >>>>>>>>>> in _lookup_domain >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> domain_name) >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> File >>>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/common/manager.py", >>>>>>>>>> line >>>>>>>>>> 124, >>>>>>>>>> in >>>>>>>>>> wrapped >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> __ret_val >>>>>>>>>> = __f(*args, **kwargs) >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> File >>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>>>>> 1053, >>>>>>>>>> in >>>>>>>>>> decorate >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> should_cache_fn) >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> File >>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>>>>> 657, >>>>>>>>>> in >>>>>>>>>> get_or_create >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> async_creator) as value: >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> File >>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line >>>>>>>>>> 158, >>>>>>>>>> in >>>>>>>>>> __enter__ >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> return >>>>>>>>>> self._enter() >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> File >>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line >>>>>>>>>> 98, in >>>>>>>>>> _enter >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> generated >>>>>>>>>> = self._enter_create(createdtime) >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> File >>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line >>>>>>>>>> 149, >>>>>>>>>> in >>>>>>>>>> _enter_create >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> created >>>>>>>>>> = >>>>>>>>>> self.creator() >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> File >>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>>>>> 625, >>>>>>>>>> in >>>>>>>>>> gen_value >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> created_value = creator() >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> File >>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line >>>>>>>>>> 1049, >>>>>>>>>> in >>>>>>>>>> creator >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> return >>>>>>>>>> fn(*arg, **kw) >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> File >>>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/resource/core.py", >>>>>>>>>> line >>>>>>>>>> 720, >>>>>>>>>> in >>>>>>>>>> get_domain_by_name >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> raise >>>>>>>>>> exception.DomainNotFound(domain_id=domain_name) >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> DomainNotFound: Could not find domain: Default >>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>> 2018-04-11 22:45:11.016 29335 WARNING keystone.common.wsgi >>>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] >>>>>>>>>> Authorization >>>>>>>>>> failed. >>>>>>>>>> The request you have made requires authentication. from 20.20.20.7 >>>>>>>>>> 2018-04-11 22:45:11.018 29335 INFO eventlet.wsgi.server >>>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] 20.20.20.7 >>>>>>>>>> - - >>>>>>>>>> [11/Apr/2018 22:45:11] "POST /v3/auth/tokens HTTP/1.1" 401 425 >>>>>>>>>> 0.113822 >>>>>>>>>> >>>>>>>>>> Can someone please tell me what's going on? >>>>>>>>>> Thanks in advance for your replies. >>>>>>>>>> >>>>>>>>>> >> >> > > > -- > -Shyam > -- -Shyam
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
