Start from fresh! I would suggest to check into RDO, PackStack or Tripleo.
My 2 cents. Remo > On Apr 16, 2018, at 1:16 PM, Shyam Prasad N <[email protected]> wrote: > > Hi Eugen, > I tried pike initially. When that didn't work, I thought I'll use the > documentation for queens. > Is there a way to undo the keystone config and start over again? I want to > start afresh. > > On Mon, Apr 16, 2018 at 3:24 PM, Eugen Block <[email protected] > <mailto:[email protected]>> wrote: > Your first email pionted to the pike install guide which mentions admin-url > port 35357. > > I'm trying to install keystone for my swift cluster. > I followed this document for install and configuration: > https://docs.openstack.org/keystone/pike/install/ > <https://docs.openstack.org/keystone/pike/install/> > > So now you're trying to install queens release? You should stay consistent > and use only one guide to follow, although it seems like the ubuntu guide is > wrong at this point. The other guides for Q (RedHat and SUSE) point to the > admin-url port 35357, not port 5000. And the ubuntu guide for Pike release > also points to 35357 again, so this is probably a bug. > > You should fix this prior to any further steps. > > > > Zitat von Shyam Prasad N <[email protected] > <mailto:[email protected]>>: > > Here is the documentation page I followed: > https://docs.openstack.org/keystone/queens/install/keystone-install-ubuntu.html > > <https://docs.openstack.org/keystone/queens/install/keystone-install-ubuntu.html> > > On Mon, Apr 16, 2018 at 3:14 PM, Shyam Prasad N <[email protected] > <mailto:[email protected]>> > wrote: > > Hi Eugen, > > Ignore the different IPs. I had tried keystone install on two different > systems. The old admin-rc script was from the other node. > > As per the port numbers, I followed what was in the documentation: > Bootstrap the Identity service: > # keystone-manage bootstrap --bootstrap-password ADMIN_PASS \ > --bootstrap-admin-url http://controller:5000/v3/ <http://controller:5000/v3/> > \ > --bootstrap-internal-url http://controller:5000/v3/ > <http://controller:5000/v3/> \ > --bootstrap-public-url http://controller:5000/v3/ > <http://controller:5000/v3/> \ > --bootstrap-region-id RegionOne > > Regards, > Shyam > > On Mon, Apr 16, 2018 at 2:57 PM, Eugen Block <[email protected] > <mailto:[email protected]>> wrote: > > Hi, > > I found some differences between your bootstrap command and your admin-rc > credentials: > > export OS_AUTH_URL=http://20.20.20.7:35357/v3 <http://20.20.20.7:35357/v3> > --bootstrap-admin-url http://20.20.20.8:5000/v3/ <http://20.20.20.8:5000/v3/> > > > You use two different IPs for your controller node, this can't work. > Another thing is, you usually have to create one admin endpoint (port > 35357) and a public endpoint (port 5000), you use the public port for both > endpoints. This could work, of course, although not recommended. But then > you have to change your admin-rc credentials respectively. They should > reflect the configuration you bootstrapped with keystone-manage. > > Change your admin-rc to point to the correct IP and the correct port, > then retry the domain list command after sourcing the credentials. > > > > Zitat von Shyam Prasad N <[email protected] > <mailto:[email protected]>>: > > Hi, > > Sorry for the late reply. Was out for a while. > > # openstack domain list > The request you have made requires authentication. (HTTP 401) > (Request-ID: > req-fd20ec4d-9000-4cfa-9a5c-ba547a11c4c4) > > # tail /var/log/keystone/keystone-manage.log > # > > # keystone-manage bootstrap --bootstrap-password PASSWORD > --bootstrap-admin-url http://20.20.20.8:5000/v3/ <http://20.20.20.8:5000/v3/> > --bootstrap-internal-url > http://20.20.20.8:5000/v3/ <http://20.20.20.8:5000/v3/> --bootstrap-public-url > http://20.20.20.8:5000/v3/ <http://20.20.20.8:5000/v3/> > --bootstrap-region-id RegionOne > 2018-04-15 22:29:39.456 18518 WARNING keystone.assignment.core [-] > Deprecated: Use of the identity driver config to automatically configure > the same assignment driver has been deprecated, in the "O" release, the > assignment driver will need to be expicitly configured if different than > the default (SQL). > 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default > already exists, skipping creation. > 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin > already > exists, skipping creation. > 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already > exists, skipping creation. > 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin exists, > skipping creation. > 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already > has > admin on admin. > 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne > exists, skipping creation. > 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin > endpoint as already created > 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal > endpoint as already created > 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public > endpoint as already created > # tail /var/log/keystone/keystone-manage.log2018-04-15 22:29:39.456 > 18518 > WARNING keystone.assignment.core [-] Deprecated: Use of the identity > driver > config to automatically configure the same assignment driver has been > deprecated, in the "O" release, the assignment driver will need to be > expicitly configured if different than the default (SQL). > 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default > already exists, skipping creation. > 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin > already > exists, skipping creation. > 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already > exists, skipping creation. > 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin exists, > skipping creation. > 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already > has > admin on admin. > 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne > exists, skipping creation. > 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin > endpoint as already created > 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal > endpoint as already created > 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli > [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public > endpoint as already created > # > > > On Fri, Apr 13, 2018 at 11:54 AM, Eugen Block <[email protected] > <mailto:[email protected]>> wrote: > > Hi, > > the bug I reported is invalid because the keystone-bootstrap command is > supposed to create the default domain. Since we created our cloud in > Liberty release the default domain already existed in our environment. > Well, I guess we're back to square one. ;-) > > Can you paste the output of > > control:~ # openstack domain list > > If the keystone bootstrap command worked, it should at least show the > default domain. If it doesn't take a look into > /var/log/keystone/keystone-manage.log and check for errors. If this > doesn't reveal anything try running it again and check the logs again. > > > Zitat von Eugen Block <[email protected] <mailto:[email protected]>>: > > > The missing command has been in Newton, Ocata and Pike release. They > fixed > > it in Queens again. > > I filed a bug report: https://bugs.launchpad.net/keystone/+bug/1763297 > <https://bugs.launchpad.net/keystone/+bug/1763297> > > Regards > > > Zitat von Shyam Prasad N <[email protected] > <mailto:[email protected]>>: > > Thanks Eugen. It'll be great if you can do it. (I haven't yet gone > through > > the bug reporting documentation) > Please add me to the bug's CC list. That way if some info is needed > from > me, I can provide it. > > Regards, > Shyam > > On Thu, Apr 12, 2018 at 12:48 PM, Eugen Block <[email protected] > <mailto:[email protected]>> wrote: > > I believe there's something missing in Ocata and Pike docs. If you > read > > Mitaka install guide [1] you'll find the first step to be creating > the > default domain before all other steps regarding projects and users. > > You should run > > openstack domain create --description "Default Domain" default > > and then the next steps should work, at least I hope so. > > Do you want to report this as a bug? I can also report it, I have > already > filed several reports. > > Regards > > > [1] https://docs.openstack.org/mitaka/install-guide-obs/keystone > <https://docs.openstack.org/mitaka/install-guide-obs/keystone> > -users.html > > > > Zitat von Shyam Prasad N <[email protected] > <mailto:[email protected]>>: > > Hi, > > > Please read my replies inline below... > > On Thu, Apr 12, 2018 at 12:10 PM, Eugen Block <[email protected] > <mailto:[email protected]>> > wrote: > > Hi, > > > can you paste the credentials you're using? > > # cat admin-rc > > export OS_USERNAME=admin > export OS_PASSWORD=abcdef > export OS_PROJECT_NAME=admin > export OS_USER_DOMAIN_NAME=Default > export OS_PROJECT_DOMAIN_NAME=Default > export OS_AUTH_URL=http://20.20.20.7:35357/v3 <http://20.20.20.7:35357/v3> > export OS_IDENTITY_API_VERSION=3 > > The config values (e.g. domain) are case sensitive, the ID of the > default > > domain is usually "domain", its name is "Default". But if you're > > sourcing > the credentials with ID "Default" this would go wrong, although I'm > not > sure if this would be the expected error message. > > Just a couple of weeks ago there was someone on ask.openstack.org > <http://ask.openstack.org/> > who > ignored case-sensitive options and failed to operate his cloud. > > Did the keystone-manage bootstrap command work? > > Yes. It did not throw any errors. > > > > Regards > > > > Zitat von Shyam Prasad N <[email protected] > <mailto:[email protected]>>: > > > Hi, > > > I'm trying to install keystone for my swift cluster. > I followed this document for install and configuration: > https://docs.openstack.org/keystone/pike/install/ > <https://docs.openstack.org/keystone/pike/install/> > > However, I'm getting this error for a command: > # openstack user create --domain default --password-prompt swift > The request you have made requires authentication. (HTTP 401) > (Request-ID: > req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8) > > # tail /var/log/keystone/keystone.log > 2018-04-11 22:45:10.895 29335 INFO keystone.common.wsgi > [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] GET > http://20.20.20.7:35357/v3/ <http://20.20.20.7:35357/v3/> > 2018-04-11 22:45:10.898 29335 INFO eventlet.wsgi.server > [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] 20.20.20.7 > - - > [11/Apr/2018 22:45:10] "GET /v3 HTTP/1.1" 200 493 0.062545 > 2018-04-11 22:45:10.908 29335 INFO keystone.common.wsgi > [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] POST > http://20.20.20.7:35357/v3/auth/tokens > <http://20.20.20.7:35357/v3/auth/tokens> > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Could not > find > domain: > Default > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > Traceback > (most recent call last): > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > File > "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", > line > 185, > in _lookup_domain > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > domain_name) > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > File > "/usr/lib/python2.7/dist-packages/keystone/common/manager.py", > line > 124, > in > wrapped > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > __ret_val > = __f(*args, **kwargs) > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > File > "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line > 1053, > in > decorate > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > should_cache_fn) > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > File > "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line > 657, > in > get_or_create > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > async_creator) as value: > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > File > "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line > 158, > in > __enter__ > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > return > self._enter() > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > File > "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line > 98, in > _enter > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > generated > = self._enter_create(createdtime) > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > File > "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line > 149, > in > _enter_create > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > created > = > self.creator() > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > File > "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line > 625, > in > gen_value > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > created_value = creator() > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > File > "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line > 1049, > in > creator > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > return > fn(*arg, **kw) > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > File > "/usr/lib/python2.7/dist-packages/keystone/resource/core.py", > line > 720, > in > get_domain_by_name > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > raise > exception.DomainNotFound(domain_id=domain_name) > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > DomainNotFound: Could not find domain: Default > 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers > 2018-04-11 22:45:11.016 29335 WARNING keystone.common.wsgi > [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] > Authorization > failed. > The request you have made requires authentication. from 20.20.20.7 > 2018-04-11 22:45:11.018 29335 INFO eventlet.wsgi.server > [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] 20.20.20.7 > - - > [11/Apr/2018 22:45:11] "POST /v3/auth/tokens HTTP/1.1" 401 425 > 0.113822 > > Can someone please tell me what's going on? > Thanks in advance for your replies. > > > > > > > -- > -Shyam > > > > > -- > -Shyam > > > > > > > -- > -Shyam > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : [email protected] > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
