Hi Eugen, I tried pike initially. When that didn't work, I thought I'll use the documentation for queens. Is there a way to undo the keystone config and start over again? I want to start afresh.
On Mon, Apr 16, 2018 at 3:24 PM, Eugen Block <ebl...@nde.ag> wrote: > Your first email pionted to the pike install guide which mentions > admin-url port 35357. > > I'm trying to install keystone for my swift cluster. >> I followed this document for install and configuration: >> https://docs.openstack.org/keystone/pike/install/ >> > > So now you're trying to install queens release? You should stay consistent > and use only one guide to follow, although it seems like the ubuntu guide > is wrong at this point. The other guides for Q (RedHat and SUSE) point to > the admin-url port 35357, not port 5000. And the ubuntu guide for Pike > release also points to 35357 again, so this is probably a bug. > > You should fix this prior to any further steps. > > > > Zitat von Shyam Prasad N <nspmangal...@gmail.com>: > > Here is the documentation page I followed: >> https://docs.openstack.org/keystone/queens/install/keystone- >> install-ubuntu.html >> >> On Mon, Apr 16, 2018 at 3:14 PM, Shyam Prasad N <nspmangal...@gmail.com> >> wrote: >> >> Hi Eugen, >>> >>> Ignore the different IPs. I had tried keystone install on two different >>> systems. The old admin-rc script was from the other node. >>> >>> As per the port numbers, I followed what was in the documentation: >>> Bootstrap the Identity service: >>> # keystone-manage bootstrap --bootstrap-password ADMIN_PASS \ >>> --bootstrap-admin-url http://controller:5000/v3/ \ >>> --bootstrap-internal-url http://controller:5000/v3/ \ >>> --bootstrap-public-url http://controller:5000/v3/ \ >>> --bootstrap-region-id RegionOne >>> >>> Regards, >>> Shyam >>> >>> On Mon, Apr 16, 2018 at 2:57 PM, Eugen Block <ebl...@nde.ag> wrote: >>> >>> Hi, >>>> >>>> I found some differences between your bootstrap command and your >>>> admin-rc >>>> credentials: >>>> >>>> export OS_AUTH_URL=http://20.20.20.7:35357/v3 >>>> >>>>> --bootstrap-admin-url http://20.20.20.8:5000/v3/ >>>>> >>>>> >>>> You use two different IPs for your controller node, this can't work. >>>> Another thing is, you usually have to create one admin endpoint (port >>>> 35357) and a public endpoint (port 5000), you use the public port for >>>> both >>>> endpoints. This could work, of course, although not recommended. But >>>> then >>>> you have to change your admin-rc credentials respectively. They should >>>> reflect the configuration you bootstrapped with keystone-manage. >>>> >>>> Change your admin-rc to point to the correct IP and the correct port, >>>> then retry the domain list command after sourcing the credentials. >>>> >>>> >>>> >>>> Zitat von Shyam Prasad N <nspmangal...@gmail.com>: >>>> >>>> Hi, >>>> >>>>> >>>>> Sorry for the late reply. Was out for a while. >>>>> >>>>> # openstack domain list >>>>> The request you have made requires authentication. (HTTP 401) >>>>> (Request-ID: >>>>> req-fd20ec4d-9000-4cfa-9a5c-ba547a11c4c4) >>>>> >>>>> # tail /var/log/keystone/keystone-manage.log >>>>> # >>>>> >>>>> # keystone-manage bootstrap --bootstrap-password PASSWORD >>>>> --bootstrap-admin-url http://20.20.20.8:5000/v3/ >>>>> --bootstrap-internal-url >>>>> http://20.20.20.8:5000/v3/ --bootstrap-public-url >>>>> http://20.20.20.8:5000/v3/ >>>>> --bootstrap-region-id RegionOne >>>>> 2018-04-15 22:29:39.456 18518 WARNING keystone.assignment.core [-] >>>>> Deprecated: Use of the identity driver config to automatically >>>>> configure >>>>> the same assignment driver has been deprecated, in the "O" release, the >>>>> assignment driver will need to be expicitly configured if different >>>>> than >>>>> the default (SQL). >>>>> 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default >>>>> already exists, skipping creation. >>>>> 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin >>>>> already >>>>> exists, skipping creation. >>>>> 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin >>>>> already >>>>> exists, skipping creation. >>>>> 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin >>>>> exists, >>>>> skipping creation. >>>>> 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin >>>>> already >>>>> has >>>>> admin on admin. >>>>> 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne >>>>> exists, skipping creation. >>>>> 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin >>>>> endpoint as already created >>>>> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal >>>>> endpoint as already created >>>>> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public >>>>> endpoint as already created >>>>> # tail /var/log/keystone/keystone-manage.log2018-04-15 22:29:39.456 >>>>> 18518 >>>>> WARNING keystone.assignment.core [-] Deprecated: Use of the identity >>>>> driver >>>>> config to automatically configure the same assignment driver has been >>>>> deprecated, in the "O" release, the assignment driver will need to be >>>>> expicitly configured if different than the default (SQL). >>>>> 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default >>>>> already exists, skipping creation. >>>>> 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin >>>>> already >>>>> exists, skipping creation. >>>>> 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin >>>>> already >>>>> exists, skipping creation. >>>>> 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin >>>>> exists, >>>>> skipping creation. >>>>> 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin >>>>> already >>>>> has >>>>> admin on admin. >>>>> 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne >>>>> exists, skipping creation. >>>>> 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin >>>>> endpoint as already created >>>>> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal >>>>> endpoint as already created >>>>> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli >>>>> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public >>>>> endpoint as already created >>>>> # >>>>> >>>>> >>>>> On Fri, Apr 13, 2018 at 11:54 AM, Eugen Block <ebl...@nde.ag> wrote: >>>>> >>>>> Hi, >>>>> >>>>>> >>>>>> the bug I reported is invalid because the keystone-bootstrap command >>>>>> is >>>>>> supposed to create the default domain. Since we created our cloud in >>>>>> Liberty release the default domain already existed in our environment. >>>>>> Well, I guess we're back to square one. ;-) >>>>>> >>>>>> Can you paste the output of >>>>>> >>>>>> control:~ # openstack domain list >>>>>> >>>>>> If the keystone bootstrap command worked, it should at least show the >>>>>> default domain. If it doesn't take a look into >>>>>> /var/log/keystone/keystone-manage.log and check for errors. If this >>>>>> doesn't reveal anything try running it again and check the logs again. >>>>>> >>>>>> >>>>>> Zitat von Eugen Block <ebl...@nde.ag>: >>>>>> >>>>>> >>>>>> The missing command has been in Newton, Ocata and Pike release. They >>>>>> fixed >>>>>> >>>>>> it in Queens again. >>>>>>> >>>>>>> I filed a bug report: https://bugs.launchpad.net/key >>>>>>> stone/+bug/1763297 >>>>>>> >>>>>>> Regards >>>>>>> >>>>>>> >>>>>>> Zitat von Shyam Prasad N <nspmangal...@gmail.com>: >>>>>>> >>>>>>> Thanks Eugen. It'll be great if you can do it. (I haven't yet gone >>>>>>> through >>>>>>> >>>>>>> the bug reporting documentation) >>>>>>>> Please add me to the bug's CC list. That way if some info is needed >>>>>>>> from >>>>>>>> me, I can provide it. >>>>>>>> >>>>>>>> Regards, >>>>>>>> Shyam >>>>>>>> >>>>>>>> On Thu, Apr 12, 2018 at 12:48 PM, Eugen Block <ebl...@nde.ag> >>>>>>>> wrote: >>>>>>>> >>>>>>>> I believe there's something missing in Ocata and Pike docs. If you >>>>>>>> read >>>>>>>> >>>>>>>> Mitaka install guide [1] you'll find the first step to be creating >>>>>>>>> the >>>>>>>>> default domain before all other steps regarding projects and users. >>>>>>>>> >>>>>>>>> You should run >>>>>>>>> >>>>>>>>> openstack domain create --description "Default Domain" default >>>>>>>>> >>>>>>>>> and then the next steps should work, at least I hope so. >>>>>>>>> >>>>>>>>> Do you want to report this as a bug? I can also report it, I have >>>>>>>>> already >>>>>>>>> filed several reports. >>>>>>>>> >>>>>>>>> Regards >>>>>>>>> >>>>>>>>> >>>>>>>>> [1] https://docs.openstack.org/mitaka/install-guide-obs/keystone >>>>>>>>> -users.html >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Zitat von Shyam Prasad N <nspmangal...@gmail.com>: >>>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> >>>>>>>>> Please read my replies inline below... >>>>>>>>>> >>>>>>>>>> On Thu, Apr 12, 2018 at 12:10 PM, Eugen Block <ebl...@nde.ag> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> can you paste the credentials you're using? >>>>>>>>>>> >>>>>>>>>>> # cat admin-rc >>>>>>>>>>> >>>>>>>>>>> export OS_USERNAME=admin >>>>>>>>>>> >>>>>>>>>> export OS_PASSWORD=abcdef >>>>>>>>>> export OS_PROJECT_NAME=admin >>>>>>>>>> export OS_USER_DOMAIN_NAME=Default >>>>>>>>>> export OS_PROJECT_DOMAIN_NAME=Default >>>>>>>>>> export OS_AUTH_URL=http://20.20.20.7:35357/v3 >>>>>>>>>> export OS_IDENTITY_API_VERSION=3 >>>>>>>>>> >>>>>>>>>> The config values (e.g. domain) are case sensitive, the ID of the >>>>>>>>>> default >>>>>>>>>> >>>>>>>>>> domain is usually "domain", its name is "Default". But if you're >>>>>>>>>> >>>>>>>>>> sourcing >>>>>>>>>>> the credentials with ID "Default" this would go wrong, although >>>>>>>>>>> I'm >>>>>>>>>>> not >>>>>>>>>>> sure if this would be the expected error message. >>>>>>>>>>> >>>>>>>>>>> Just a couple of weeks ago there was someone on >>>>>>>>>>> ask.openstack.org >>>>>>>>>>> who >>>>>>>>>>> ignored case-sensitive options and failed to operate his cloud. >>>>>>>>>>> >>>>>>>>>>> Did the keystone-manage bootstrap command work? >>>>>>>>>>> >>>>>>>>>>> Yes. It did not throw any errors. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> Regards >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Zitat von Shyam Prasad N <nspmangal...@gmail.com>: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Hi, >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> I'm trying to install keystone for my swift cluster. >>>>>>>>>>> >>>>>>>>>>>> I followed this document for install and configuration: >>>>>>>>>>>> https://docs.openstack.org/keystone/pike/install/ >>>>>>>>>>>> >>>>>>>>>>>> However, I'm getting this error for a command: >>>>>>>>>>>> # openstack user create --domain default --password-prompt swift >>>>>>>>>>>> The request you have made requires authentication. (HTTP 401) >>>>>>>>>>>> (Request-ID: >>>>>>>>>>>> req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8) >>>>>>>>>>>> >>>>>>>>>>>> # tail /var/log/keystone/keystone.log >>>>>>>>>>>> 2018-04-11 22:45:10.895 29335 INFO keystone.common.wsgi >>>>>>>>>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] GET >>>>>>>>>>>> http://20.20.20.7:35357/v3/ >>>>>>>>>>>> 2018-04-11 22:45:10.898 29335 INFO eventlet.wsgi.server >>>>>>>>>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] 20.20.20.7 >>>>>>>>>>>> - - >>>>>>>>>>>> [11/Apr/2018 22:45:10] "GET /v3 HTTP/1.1" 200 493 0.062545 >>>>>>>>>>>> 2018-04-11 22:45:10.908 29335 INFO keystone.common.wsgi >>>>>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] POST >>>>>>>>>>>> http://20.20.20.7:35357/v3/auth/tokens >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Could not >>>>>>>>>>>> find >>>>>>>>>>>> domain: >>>>>>>>>>>> Default >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> Traceback >>>>>>>>>>>> (most recent call last): >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> File >>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/auth/controllers. >>>>>>>>>>>> py", >>>>>>>>>>>> line >>>>>>>>>>>> 185, >>>>>>>>>>>> in _lookup_domain >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> domain_name) >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> File >>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/common/manager.py", >>>>>>>>>>>> line >>>>>>>>>>>> 124, >>>>>>>>>>>> in >>>>>>>>>>>> wrapped >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> __ret_val >>>>>>>>>>>> = __f(*args, **kwargs) >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> File >>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", >>>>>>>>>>>> line >>>>>>>>>>>> 1053, >>>>>>>>>>>> in >>>>>>>>>>>> decorate >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> should_cache_fn) >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> File >>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", >>>>>>>>>>>> line >>>>>>>>>>>> 657, >>>>>>>>>>>> in >>>>>>>>>>>> get_or_create >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> async_creator) as value: >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> File >>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", >>>>>>>>>>>> line >>>>>>>>>>>> 158, >>>>>>>>>>>> in >>>>>>>>>>>> __enter__ >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> return >>>>>>>>>>>> self._enter() >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> File >>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", >>>>>>>>>>>> line >>>>>>>>>>>> 98, in >>>>>>>>>>>> _enter >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> generated >>>>>>>>>>>> = self._enter_create(createdtime) >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> File >>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", >>>>>>>>>>>> line >>>>>>>>>>>> 149, >>>>>>>>>>>> in >>>>>>>>>>>> _enter_create >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> created >>>>>>>>>>>> = >>>>>>>>>>>> self.creator() >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> File >>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", >>>>>>>>>>>> line >>>>>>>>>>>> 625, >>>>>>>>>>>> in >>>>>>>>>>>> gen_value >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> created_value = creator() >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> File >>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", >>>>>>>>>>>> line >>>>>>>>>>>> 1049, >>>>>>>>>>>> in >>>>>>>>>>>> creator >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> return >>>>>>>>>>>> fn(*arg, **kw) >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> File >>>>>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/resource/core.py", >>>>>>>>>>>> line >>>>>>>>>>>> 720, >>>>>>>>>>>> in >>>>>>>>>>>> get_domain_by_name >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> raise >>>>>>>>>>>> exception.DomainNotFound(domain_id=domain_name) >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> DomainNotFound: Could not find domain: Default >>>>>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers >>>>>>>>>>>> 2018-04-11 22:45:11.016 29335 WARNING keystone.common.wsgi >>>>>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] >>>>>>>>>>>> Authorization >>>>>>>>>>>> failed. >>>>>>>>>>>> The request you have made requires authentication. from >>>>>>>>>>>> 20.20.20.7 >>>>>>>>>>>> 2018-04-11 22:45:11.018 29335 INFO eventlet.wsgi.server >>>>>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] 20.20.20.7 >>>>>>>>>>>> - - >>>>>>>>>>>> [11/Apr/2018 22:45:11] "POST /v3/auth/tokens HTTP/1.1" 401 425 >>>>>>>>>>>> 0.113822 >>>>>>>>>>>> >>>>>>>>>>>> Can someone please tell me what's going on? >>>>>>>>>>>> Thanks in advance for your replies. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>> >>>> >>> >>> -- >>> -Shyam >>> >>> >> >> >> -- >> -Shyam >> > > > > -- -Shyam
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
