Is there a way to undo the keystone config and start over again? I want to
start afresh.
The easiest way is probably to drop the keystone database and recreate
it, then do the bootstrapping again. I believe this should suffice
since keystone is essential to all other services, so you wouldn't do
too much damage.
Another way would be to login to your database and change the
respective values, but since I don't know what exactly the bootstrap
command does I would not recommend this option.
Zitat von Shyam Prasad N <nspmangal...@gmail.com>:
Hi Eugen,
I tried pike initially. When that didn't work, I thought I'll use the
documentation for queens.
Is there a way to undo the keystone config and start over again? I want to
start afresh.
On Mon, Apr 16, 2018 at 3:24 PM, Eugen Block <ebl...@nde.ag> wrote:
Your first email pionted to the pike install guide which mentions
admin-url port 35357.
I'm trying to install keystone for my swift cluster.
I followed this document for install and configuration:
https://docs.openstack.org/keystone/pike/install/
So now you're trying to install queens release? You should stay consistent
and use only one guide to follow, although it seems like the ubuntu guide
is wrong at this point. The other guides for Q (RedHat and SUSE) point to
the admin-url port 35357, not port 5000. And the ubuntu guide for Pike
release also points to 35357 again, so this is probably a bug.
You should fix this prior to any further steps.
Zitat von Shyam Prasad N <nspmangal...@gmail.com>:
Here is the documentation page I followed:
https://docs.openstack.org/keystone/queens/install/keystone-
install-ubuntu.html
On Mon, Apr 16, 2018 at 3:14 PM, Shyam Prasad N <nspmangal...@gmail.com>
wrote:
Hi Eugen,
Ignore the different IPs. I had tried keystone install on two different
systems. The old admin-rc script was from the other node.
As per the port numbers, I followed what was in the documentation:
Bootstrap the Identity service:
# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
Regards,
Shyam
On Mon, Apr 16, 2018 at 2:57 PM, Eugen Block <ebl...@nde.ag> wrote:
Hi,
I found some differences between your bootstrap command and your
admin-rc
credentials:
export OS_AUTH_URL=http://20.20.20.7:35357/v3
--bootstrap-admin-url http://20.20.20.8:5000/v3/
You use two different IPs for your controller node, this can't work.
Another thing is, you usually have to create one admin endpoint (port
35357) and a public endpoint (port 5000), you use the public port for
both
endpoints. This could work, of course, although not recommended. But
then
you have to change your admin-rc credentials respectively. They should
reflect the configuration you bootstrapped with keystone-manage.
Change your admin-rc to point to the correct IP and the correct port,
then retry the domain list command after sourcing the credentials.
Zitat von Shyam Prasad N <nspmangal...@gmail.com>:
Hi,
Sorry for the late reply. Was out for a while.
# openstack domain list
The request you have made requires authentication. (HTTP 401)
(Request-ID:
req-fd20ec4d-9000-4cfa-9a5c-ba547a11c4c4)
# tail /var/log/keystone/keystone-manage.log
#
# keystone-manage bootstrap --bootstrap-password PASSWORD
--bootstrap-admin-url http://20.20.20.8:5000/v3/
--bootstrap-internal-url
http://20.20.20.8:5000/v3/ --bootstrap-public-url
http://20.20.20.8:5000/v3/
--bootstrap-region-id RegionOne
2018-04-15 22:29:39.456 18518 WARNING keystone.assignment.core [-]
Deprecated: Use of the identity driver config to automatically
configure
the same assignment driver has been deprecated, in the "O" release, the
assignment driver will need to be expicitly configured if different
than
the default (SQL).
2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default
already exists, skipping creation.
2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin
already
exists, skipping creation.
2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin
already
exists, skipping creation.
2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin
exists,
skipping creation.
2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin
already
has
admin on admin.
2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne
exists, skipping creation.
2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin
endpoint as already created
2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal
endpoint as already created
2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public
endpoint as already created
# tail /var/log/keystone/keystone-manage.log2018-04-15 22:29:39.456
18518
WARNING keystone.assignment.core [-] Deprecated: Use of the identity
driver
config to automatically configure the same assignment driver has been
deprecated, in the "O" release, the assignment driver will need to be
expicitly configured if different than the default (SQL).
2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default
already exists, skipping creation.
2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin
already
exists, skipping creation.
2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin
already
exists, skipping creation.
2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin
exists,
skipping creation.
2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin
already
has
admin on admin.
2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne
exists, skipping creation.
2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin
endpoint as already created
2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal
endpoint as already created
2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public
endpoint as already created
#
On Fri, Apr 13, 2018 at 11:54 AM, Eugen Block <ebl...@nde.ag> wrote:
Hi,
the bug I reported is invalid because the keystone-bootstrap command
is
supposed to create the default domain. Since we created our cloud in
Liberty release the default domain already existed in our environment.
Well, I guess we're back to square one. ;-)
Can you paste the output of
control:~ # openstack domain list
If the keystone bootstrap command worked, it should at least show the
default domain. If it doesn't take a look into
/var/log/keystone/keystone-manage.log and check for errors. If this
doesn't reveal anything try running it again and check the logs again.
Zitat von Eugen Block <ebl...@nde.ag>:
The missing command has been in Newton, Ocata and Pike release. They
fixed
it in Queens again.
I filed a bug report: https://bugs.launchpad.net/key
stone/+bug/1763297
Regards
Zitat von Shyam Prasad N <nspmangal...@gmail.com>:
Thanks Eugen. It'll be great if you can do it. (I haven't yet gone
through
the bug reporting documentation)
Please add me to the bug's CC list. That way if some info is needed
from
me, I can provide it.
Regards,
Shyam
On Thu, Apr 12, 2018 at 12:48 PM, Eugen Block <ebl...@nde.ag>
wrote:
I believe there's something missing in Ocata and Pike docs. If you
read
Mitaka install guide [1] you'll find the first step to be creating
the
default domain before all other steps regarding projects and users.
You should run
openstack domain create --description "Default Domain" default
and then the next steps should work, at least I hope so.
Do you want to report this as a bug? I can also report it, I have
already
filed several reports.
Regards
[1] https://docs.openstack.org/mitaka/install-guide-obs/keystone
-users.html
Zitat von Shyam Prasad N <nspmangal...@gmail.com>:
Hi,
Please read my replies inline below...
On Thu, Apr 12, 2018 at 12:10 PM, Eugen Block <ebl...@nde.ag>
wrote:
Hi,
can you paste the credentials you're using?
# cat admin-rc
export OS_USERNAME=admin
export OS_PASSWORD=abcdef
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://20.20.20.7:35357/v3
export OS_IDENTITY_API_VERSION=3
The config values (e.g. domain) are case sensitive, the ID of the
default
domain is usually "domain", its name is "Default". But if you're
sourcing
the credentials with ID "Default" this would go wrong, although
I'm
not
sure if this would be the expected error message.
Just a couple of weeks ago there was someone on
ask.openstack.org
who
ignored case-sensitive options and failed to operate his cloud.
Did the keystone-manage bootstrap command work?
Yes. It did not throw any errors.
Regards
Zitat von Shyam Prasad N <nspmangal...@gmail.com>:
Hi,
I'm trying to install keystone for my swift cluster.
I followed this document for install and configuration:
https://docs.openstack.org/keystone/pike/install/
However, I'm getting this error for a command:
# openstack user create --domain default --password-prompt swift
The request you have made requires authentication. (HTTP 401)
(Request-ID:
req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8)
# tail /var/log/keystone/keystone.log
2018-04-11 22:45:10.895 29335 INFO keystone.common.wsgi
[req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] GET
http://20.20.20.7:35357/v3/
2018-04-11 22:45:10.898 29335 INFO eventlet.wsgi.server
[req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] 20.20.20.7
- -
[11/Apr/2018 22:45:10] "GET /v3 HTTP/1.1" 200 493 0.062545
2018-04-11 22:45:10.908 29335 INFO keystone.common.wsgi
[req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] POST
http://20.20.20.7:35357/v3/auth/tokens
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
[req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Could not
find
domain:
Default
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
Traceback
(most recent call last):
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
File
"/usr/lib/python2.7/dist-packages/keystone/auth/controllers.
py",
line
185,
in _lookup_domain
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
domain_name)
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
File
"/usr/lib/python2.7/dist-packages/keystone/common/manager.py",
line
124,
in
wrapped
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
__ret_val
= __f(*args, **kwargs)
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
File
"/usr/lib/python2.7/dist-packages/dogpile/cache/region.py",
line
1053,
in
decorate
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
should_cache_fn)
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
File
"/usr/lib/python2.7/dist-packages/dogpile/cache/region.py",
line
657,
in
get_or_create
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
async_creator) as value:
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
File
"/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py",
line
158,
in
__enter__
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
return
self._enter()
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
File
"/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py",
line
98, in
_enter
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
generated
= self._enter_create(createdtime)
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
File
"/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py",
line
149,
in
_enter_create
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
created
=
self.creator()
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
File
"/usr/lib/python2.7/dist-packages/dogpile/cache/region.py",
line
625,
in
gen_value
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
created_value = creator()
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
File
"/usr/lib/python2.7/dist-packages/dogpile/cache/region.py",
line
1049,
in
creator
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
return
fn(*arg, **kw)
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
File
"/usr/lib/python2.7/dist-packages/keystone/resource/core.py",
line
720,
in
get_domain_by_name
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
raise
exception.DomainNotFound(domain_id=domain_name)
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
DomainNotFound: Could not find domain: Default
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
2018-04-11 22:45:11.016 29335 WARNING keystone.common.wsgi
[req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -]
Authorization
failed.
The request you have made requires authentication. from
20.20.20.7
2018-04-11 22:45:11.018 29335 INFO eventlet.wsgi.server
[req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] 20.20.20.7
- -
[11/Apr/2018 22:45:11] "POST /v3/auth/tokens HTTP/1.1" 401 425
0.113822
Can someone please tell me what's going on?
Thanks in advance for your replies.
--
-Shyam
--
-Shyam
--
-Shyam
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
