Cannot download ec2 style pems with 'nova x509-create-cert '

Asked by Aimon Bustardo on 2012-05-09

All ec2/euca tools are working. However cannot download pem files to run nova smoketests. Command I am using:

--------------------------------------------------------------------------------------------------------------------------------------------
 nova --debug x509-create-cert priv.pem x509.pem
connect: (MASKED, 35357)
send: 'POST /v2.0/tokens HTTP/1.1\r\nHost: MASKED:35357\r\nContent-Length: 101\r\ncontent-type: application/json\r\naccept-encoding: gzip, deflate\r\naccept: application/json\r\nuser-agent: python-novaclient\r\n\r\n{"auth": {"tenantName": "admin", "passwordCredentials": {"username": "admin", "password": "MASKED"}}}'
reply: 'HTTP/1.1 200 OK\r\n'
header: Content-Type: application/json
header: Vary: X-Auth-Token
header: Date: Wed, 09 May 2012 05:14:20 GMT
header: Transfer-Encoding: chunked
connect: (MASKED, 8774)
send: u'POST /v2/5770424f513d4a60bd2f3d91fe89336f/os-certificates HTTP/1.1\r\nHost: MASKED:8774\r\nContent-Length: 2\r\nx-auth-project-id: admin\r\naccept-encoding: gzip, deflate\r\naccept: application/json\r\nx-auth-token: a509a9470f454a429c6338dfe7b50b7f\r\nuser-agent: python-novaclient\r\ncontent-type: application/json\r\n\r\n{}'
reply: 'HTTP/1.1 500 Internal Server Error\r\n'
header: Content-Length: 128
header: Content-Type: application/json; charset=UTF-8
header: X-Compute-Request-Id: req-16108f7e-d8a5-4a67-ba26-036536cc3c49
header: Date: Wed, 09 May 2012 05:15:20 GMT
DEBUG (shell:416) The server has either erred or is incapable of performing the requested operation. (HTTP 500)
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/novaclient/shell.py", line 413, in main
    OpenStackComputeShell().main(sys.argv[1:])
  File "/usr/lib/python2.7/dist-packages/novaclient/shell.py", line 364, in main
    args.func(self.cs, args)
  File "/usr/lib/python2.7/dist-packages/novaclient/v1_1/shell.py", line 1449, in do_x509_create_cert
    certs = cs.certs.create()
  File "/usr/lib/python2.7/dist-packages/novaclient/v1_1/certs.py", line 42, in create
    return self._create('/os-certificates', {}, 'certificate')
  File "/usr/lib/python2.7/dist-packages/novaclient/base.py", line 157, in _create
    resp, body = self.api.client.post(url, body=body)
  File "/usr/lib/python2.7/dist-packages/novaclient/client.py", line 139, in post
    return self._cs_request(url, 'POST', **kwargs)
  File "/usr/lib/python2.7/dist-packages/novaclient/client.py", line 124, in _cs_request
    **kwargs)
  File "/usr/lib/python2.7/dist-packages/novaclient/client.py", line 107, in request
    raise exceptions.from_response(resp, body)
ClientException: The server has either erred or is incapable of performing the requested operation. (HTTP 500)
ERROR: The server has either erred or is incapable of performing the requested operation. (HTTP 500)
--------------------------------------------------------------------------------------------------------------------------------------------

It hangs for long time before erroring out. Keystone log shows:
--------------------------------------------------------------------------------------------------------------------------------------------

2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] ******************** REQUEST ENVIRON ********************
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] SCRIPT_NAME = /v2.0
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] webob.adhoc_attrs = {'response': <Response at 0x23d2410 200 OK>}
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] REQUEST_METHOD = POST
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] PATH_INFO = /tokens
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] SERVER_PROTOCOL = HTTP/1.0
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] CONTENT_LENGTH = 101
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] HTTP_USER_AGENT = python-novaclient
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] eventlet.posthooks = []
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] SERVER_NAME = 127.0.1.1
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] REMOTE_ADDR = 127.0.0.1
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] eventlet.input = <eventlet.wsgi.Input object at 0x23c3a50>
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] wsgi.url_scheme = http
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] webob._body_file = (<LimitedLengthFile(<eventlet.wsgi.Input object at 0x23c3a50>, maxlen=101)>, <eventlet.wsgi.Input object at 0x23c3a50>)
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] SERVER_PORT = 35357
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] wsgi.input = <_io.BytesIO object at 0x275be30>
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] HTTP_HOST = MASKED:35357
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] wsgi.multithread = True
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] openstack.params = {u'auth': {u'tenantName': u'admin', u'passwordCredentials': {u'username': u'admin', u'password': u'MASKED'}}}
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] HTTP_ACCEPT = application/json
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] wsgi.version = (1, 0)
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] openstack.context = {'token_id': None, 'is_admin': False}
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] GATEWAY_INTERFACE = CGI/1.1
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] wsgi.run_once = False
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] wsgi.errors = <open file '<stderr>', mode 'w' at 0x7f986f94b270>
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] wsgi.multiprocess = False
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] webob.is_body_seekable = True
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] CONTENT_TYPE = application/json
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] HTTP_ACCEPT_ENCODING = gzip, deflate
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi]
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] ******************** REQUEST BODY ********************
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] {"auth": {"tenantName": "admin", "passwordCredentials": {"username": "admin", "password": "MASKED"}}}
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi]
2012-05-09 05:21:35 DEBUG [routes.middleware] Matched POST /tokens
2012-05-09 05:21:35 DEBUG [routes.middleware] Route path: '{path_info:.*}', defaults: {'controller': <keystone.contrib.admin_crud.core.CrudExtension object at 0x234a4d0>}
2012-05-09 05:21:35 DEBUG [routes.middleware] Match dict: {'controller': <keystone.contrib.admin_crud.core.CrudExtension object at 0x234a4d0>, 'path_info': '/tokens'}
2012-05-09 05:21:35 DEBUG [routes.middleware] Matched POST /tokens
2012-05-09 05:21:35 DEBUG [routes.middleware] Route path: '{path_info:.*}', defaults: {'controller': <keystone.service.AdminRouter object at 0x17315d0>}
2012-05-09 05:21:35 DEBUG [routes.middleware] Match dict: {'controller': <keystone.service.AdminRouter object at 0x17315d0>, 'path_info': '/tokens'}
2012-05-09 05:21:35 DEBUG [routes.middleware] Matched POST /tokens
2012-05-09 05:21:35 DEBUG [routes.middleware] Route path: '/tokens', defaults: {'action': u'authenticate', 'controller': <keystone.service.TokenController object at 0x18aa190>}
2012-05-09 05:21:35 DEBUG [routes.middleware] Match dict: {'action': u'authenticate', 'controller': <keystone.service.TokenController object at 0x18aa190>}
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] arg_dict: {}
2012-05-09 05:21:35 DEBUG [root] TOKEN_REF {'id': '79e0a9c3828e431796fccdc5b88dcec5', 'expires': datetime.datetime(2012, 5, 10, 5, 21, 35, 596396), 'user': {u'tenantId': None, u'enabled': True, u'email': None, 'name': u'admin', 'id': u'd2a9a3e93eb148ee930b342246024b93'}, 'tenant': {u'description': None, u'enabled': True, 'id': u'5770424f513d4a60bd2f3d91fe89336f', 'name': u'admin'}, 'metadata': {u'roles': [u'6fce250e56c2469983f15b132d9ef238', u'b7ef8d5e473447e5bc394d46ce120b17', u'97b040fcfc8a46798709668c6af862f3']}}
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] ******************** RESPONSE HEADERS ********************
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] Content-Type = application/json
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] Vary = X-Auth-Token
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] Content-Length = 2194
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi]
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] ******************** RESPONSE BODY ********************
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] {"access": {"token": {"expires": "2012-05-10T05:21:35Z", "id": "79e0a9c3828e431796fccdc5b88dcec5", "tenant": {"description": null, "enabled": true, "id": "5770424f513d4a60bd2f3d91fe89336f", "name": "admin"}}, "serviceCatalog": [{"endpoints": [{"adminURL": "http://MASKED:8776/v1/5770424f513d4a60bd2f3d91fe89336f", "region": "RegionOne", "publicURL": "http://MASKED:8776/v1/5770424f513d4a60bd2f3d91fe89336f", "internalURL": "http://MASKED:8776/v1/5770424f513d4a60bd2f3d91fe89336f"}], "endpoints_links": [], "type": "volume", "name": "'Volume Service'"}, {"endpoints": [{"adminURL": "http://MASKED:9292/v1", "region": "RegionOne", "publicURL": "http://MASKED:9292/v1", "internalURL": "http://MASKED:9292/v1"}], "endpoints_links": [], "type": "image", "name": "'Image Service'"}, {"endpoints": [{"adminURL": "http://MASKED:8774/v2/5770424f513d4a60bd2f3d91fe89336f", "region": "RegionOne", "publicURL": "http://MASKED:8774/v2/5770424f513d4a60bd2f3d91fe89336f", "internalURL": "http://MASKED:8774/v2/5770424f513d4a60bd2f3d91fe89336f"}], "endpoints_links": [], "type": "compute", "name": "'Compute Service'"}, {"endpoints": [{"adminURL": "http://MASKED:8773/services/Admin", "region": "RegionOne", "publicURL": "http://MASKED:8773/services/Cloud", "internalURL": "http://MASKED:8773/services/Cloud"}], "endpoints_links": [], "type": "ec2", "name": "'EC2 Service'"}, {"endpoints": [{"adminURL": "http://MASKED:35357/v2.0", "region": "RegionOne", "publicURL": "http://MASKED:5000/v2.0", "internalURL": "http://MASKED:5000/v2.0"}], "endpoints_links": [], "type": "identity", "name": "'Identity Service'"}], "user": {"username": "admin", "roles_links": [], "id": "d2a9a3e93eb148ee930b342246024b93", "roles": [{"id": "6fce250e56c2469983f15b132d9ef238", "name": "admin"}, {"id": "b7ef8d5e473447e5bc394d46ce120b17", "name": "KeystoneAdmin"}, {"id": "97b040fcfc8a46798709668c6af862f3", "name": "KeystoneServiceAdmin"}], "name": "admin"}}}
2012-05-09 05:21:35 DEBUG [eventlet.wsgi.server] 127.0.0.1 - - [09/May/2012 05:21:35] "POST /v2.0/tokens HTTP/1.1" 200 2342 0.079269

2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] ******************** REQUEST ENVIRON ********************
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] SCRIPT_NAME = /v2.0
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] webob.adhoc_attrs = {'response': <Response at 0x2759fd0 200 OK>}
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] REQUEST_METHOD = GET
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] PATH_INFO = /tokens/79e0a9c3828e431796fccdc5b88dcec5
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] SERVER_PROTOCOL = HTTP/1.0
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] HTTP_X_AUTH_TOKEN = 1j23923yuc908140213je0i02rhaosdh0u3rep
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] eventlet.posthooks = []
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] SERVER_NAME = 172.16.255.100
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] REMOTE_ADDR = 172.16.255.100
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] eventlet.input = <eventlet.wsgi.Input object at 0x23cac50>
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] wsgi.url_scheme = http
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] SERVER_PORT = 35357
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] wsgi.input = <eventlet.wsgi.Input object at 0x23cac50>
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] HTTP_HOST = 172.16.255.100:35357
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] wsgi.multithread = True
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] HTTP_ACCEPT = application/json
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] wsgi.version = (1, 0)
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] openstack.context = {'token_id': '1j23923yuc908140213je0i02rhaosdh0u3rep', 'is_admin': True}
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] GATEWAY_INTERFACE = CGI/1.1
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] wsgi.run_once = False
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] wsgi.errors = <open file '<stderr>', mode 'w' at 0x7f986f94b270>
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] wsgi.multiprocess = False
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] CONTENT_TYPE = application/json
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] HTTP_ACCEPT_ENCODING = identity
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi]
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] ******************** REQUEST BODY ********************
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi]
2012-05-09 05:21:35 DEBUG [routes.middleware] Matched GET /tokens/79e0a9c3828e431796fccdc5b88dcec5
2012-05-09 05:21:35 DEBUG [routes.middleware] Route path: '{path_info:.*}', defaults: {'controller': <keystone.contrib.admin_crud.core.CrudExtension object at 0x234a4d0>}
2012-05-09 05:21:35 DEBUG [routes.middleware] Match dict: {'controller': <keystone.contrib.admin_crud.core.CrudExtension object at 0x234a4d0>, 'path_info': '/tokens/79e0a9c3828e431796fccdc5b88dcec5'}
2012-05-09 05:21:35 DEBUG [routes.middleware] Matched GET /tokens/79e0a9c3828e431796fccdc5b88dcec5
2012-05-09 05:21:35 DEBUG [routes.middleware] Route path: '{path_info:.*}', defaults: {'controller': <keystone.service.AdminRouter object at 0x17315d0>}
2012-05-09 05:21:35 DEBUG [routes.middleware] Match dict: {'controller': <keystone.service.AdminRouter object at 0x17315d0>, 'path_info': '/tokens/79e0a9c3828e431796fccdc5b88dcec5'}
2012-05-09 05:21:35 DEBUG [routes.middleware] Matched GET /tokens/79e0a9c3828e431796fccdc5b88dcec5
2012-05-09 05:21:35 DEBUG [routes.middleware] Route path: '/tokens/{token_id}', defaults: {'action': u'validate_token', 'controller': <keystone.service.TokenController object at 0x18aa190>}
2012-05-09 05:21:35 DEBUG [routes.middleware] Match dict: {'action': u'validate_token', 'token_id': u'79e0a9c3828e431796fccdc5b88dcec5', 'controller': <keystone.service.TokenController object at 0x18aa190>}
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] arg_dict: {'token_id': u'79e0a9c3828e431796fccdc5b88dcec5'}
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] ******************** RESPONSE HEADERS ********************
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] Content-Type = application/json
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] Vary = X-Auth-Token
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] Content-Length = 535
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi]
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] ******************** RESPONSE BODY ********************
2012-05-09 05:21:35 DEBUG [keystone.common.wsgi] {"access": {"token": {"expires": "2012-05-10T05:21:35Z", "id": "79e0a9c3828e431796fccdc5b88dcec5", "tenant": {"enabled": true, "description": null, "name": "admin", "id": "5770424f513d4a60bd2f3d91fe89336f"}}, "user": {"username": "admin", "roles_links": [], "id": "d2a9a3e93eb148ee930b342246024b93", "roles": [{"id": "6fce250e56c2469983f15b132d9ef238", "name": "admin"}, {"id": "b7ef8d5e473447e5bc394d46ce120b17", "name": "KeystoneAdmin"}, {"id": "97b040fcfc8a46798709668c6af862f3", "name": "KeystoneServiceAdmin"}], "name": "admin"}}}
2012-05-09 05:21:35 DEBUG [eventlet.wsgi.server] 172.16.255.100 - - [09/May/2012 05:21:35] "GET /v2.0/tokens/79e0a9c3828e431796fccdc5b88dcec5 HTTP/1.1" 200 683 0.012079
--------------------------------------------------------------------------------------------------------------------------------------------

Question information

Language:
English Edit question
Status:
Expired
For:
Nova Edit question
Assignee:
No assignee Edit question
Last query:
2012-05-09
Last reply:
2012-05-25
Aimon Bustardo (aimonb) said : #1

Versions:
dpkg --list |grep -e nova -e keystone -e glance
ii glance 2012.1-0ubuntu2 OpenStack Image Registry and Delivery Service - Daemons
ii glance-api 2012.1-0ubuntu2 OpenStack Image Registry and Delivery Service - API
ii glance-client 2012.1-0ubuntu2 OpenStack Image Registry and Delivery Service - Registry
ii glance-common 2012.1-0ubuntu2 OpenStack Image Registry and Delivery Service - Common
ii glance-registry 2012.1-0ubuntu2 OpenStack Image Registry and Delivery Service - Registry
ii keystone 2012.1-0ubuntu1 OpenStack identity service - Daemons
ii nova-ajax-console-proxy 2012.1-0ubuntu2.1 OpenStack Compute - AJAX console proxy - transitional package
ii nova-api 2012.1-0ubuntu2.1 OpenStack Compute - API frontend
ii nova-common 2012.1-0ubuntu2.1 OpenStack Compute - common files
ii nova-console 2012.1-0ubuntu2.1 OpenStack Compute - Console
ii nova-consoleauth 2012.1-0ubuntu2.1 OpenStack Compute - Console Authenticator
ii nova-scheduler 2012.1-0ubuntu2.1 OpenStack Compute - virtual machine scheduler
ii nova-volume 2012.1-0ubuntu2.1 OpenStack Compute - storage
ii python-glance 2012.1-0ubuntu2 OpenStack Image Registry and Delivery Service - Python library
ii python-keystone 2012.1-0ubuntu1 OpenStack identity service - Python library
ii python-keystoneclient 2012.1-0ubuntu1 Client libary for Openstack Keystone API
ii python-nova 2012.1-0ubuntu2.1 OpenStack Compute Python libraries
ii python-novaclient 2012.1-0ubuntu1 client library for OpenStack Compute API
root@mc:/opt/creds#

Aimon Bustardo (aimonb) said : #2

OS: Ubuntu 12.04 LTS
Arch: x86_64

Aimon Bustardo (aimonb) said : #3

Nova.conf:
#DATABASE
--sql_connection=postgresql://nova:nova@172.16.255.100/nova

# LOGS/STATE
#--verbose
--dhcpbridge_flagfile=/etc/nova/nova.conf
--dhcpbridge=/usr/bin/nova-dhcpbridge
--logdir=/var/log/nova
--state_path=/var/lib/nova
--lock_path=/var/lock/nova
--ca_path=/var/lib/nova/CA
--keys_path=/var/lib/nova/keys
--networks_path=/var/lib/nova/networks
--instances_path=/var/lib/nova/instances
--images_path=/var/lib/nova/images
--buckets_path=/var/lib/nova/buckets
--use_syslog=True

# RABBITMQ
--rabbit_password=guest
--rabbit_port=5672
--rabbit_host=172.16.255.100

# SCHEDULER
--scheduler_driver=nova.scheduler.simple.SimpleScheduler

# NETWORK
--network_manager=nova.network.manager.FlatDHCPManager
--fixed_range=10.1.0.0/16
--flat_network_dhcp_start=10.1.0.1
--flat_network_bridge=br100
#--vlan_interface=eth1
--flat_interface=eth1
--public_interface=eth2
#--flat_injected=False
--multi_host=true

# GLANCE
--glance_api_servers=172.16.255.100:9292
--image_service=nova.image.glance.GlanceImageService

# COMPUTE
--compute_manager=nova.compute.manager.ComputeManager
--libvirt_type=qemu
--connection_type=libvirt
--cc_host=172.16.255.100
--allow_resize_to_same_host=true

# VNCPROXY
--vncproxy_url=http://MASKED:6080
--vncproxy_wwwroot=/var/lib/nova/noVNC/
--novncproxy_base_url=http://MASKED:6080/vnc_auto.html
--xvpvncproxy_base_url=http://MASKED:6081/console

--vnc_enabled=true

# MISC
--use_deprecated_auth=true
--allow_admin_api=true
--enable_zone_routing=true
--daemonize=1
--FAKE_subdomain=ec2
--my_ip=172.16.255.100

--instance_name_template=instance-%08x
--api_paste_config=/etc/nova/api-paste.ini
--force_dhcp_release=True
--firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver

# KEYSTONE
--auth_strategy=keystone
--keystone_ec2_url=http://172.16.255.100:5000/v2.0/ec2tokens

# APIS
--osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions
--s3_host=172.16.255.100
--ec2_dmz_host=172.16.255.100

# VOLUME
--volume_name_template=volume-nova-volumes%08x
--volume_group=nova-volumes

--iscsi_helper=tgtadm
# This must be a substring of the IP address for virtual environments otherwise volumes will not work
--iscsi_ip_prefix=172.16.255

Aimon Bustardo (aimonb) said : #4

keystone.conf:
[DEFAULT]
bind_host = 0.0.0.0
public_port = 5000
admin_port = 35357
admin_token = 1j23923yuc908140213je0i02rhaosdh0u3rep
compute_port = 8774
verbose = True
debug = True
#log_config = /etc/keystone/logging.conf
log_dir = /var/log/keystone
log_file = keystone.log

# ================= Syslog Options ============================
# Send logs to syslog (/dev/log) instead of to file specified
# by `log-file`
use_syslog = False

# Facility to use. If unset defaults to LOG_USER.
# syslog_log_facility = LOG_LOCAL0

[sql]
connection = postgresql://keystone:keystone@172.16.255.100/keystone
idle_timeout = 200
min_pool_size = 5
max_pool_size = 10
pool_timeout = 200

[ldap]
#url = ldap://localhost
#tree_dn = dc=example,dc=com
#user_tree_dn = ou=Users,dc=example,dc=com
#role_tree_dn = ou=Roles,dc=example,dc=com
#tenant_tree_dn = ou=Groups,dc=example,dc=com
#user = dc=Manager,dc=example,dc=com
#password = freeipa4all
#suffix = cn=example,cn=com

[identity]
driver = keystone.identity.backends.sql.Identity

[catalog]
driver = keystone.catalog.backends.templated.TemplatedCatalog
template_file = /etc/keystone/default_catalog.templates

[token]
driver = keystone.token.backends.sql.Token

# Amount of time a token should remain valid (in seconds)
expiration = 86400

[policy]
driver = keystone.policy.backends.rules.Policy

[ec2]
driver = keystone.contrib.ec2.backends.sql.Ec2

[filter:debug]
paste.filter_factory = keystone.common.wsgi:Debug.factory

[filter:token_auth]
paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory

[filter:admin_token_auth]
paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory

[filter:xml_body]
paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory

[filter:json_body]
paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory

[filter:crud_extension]
paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory

[filter:ec2_extension]
paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory

[app:public_service]
paste.app_factory = keystone.service:public_app_factory

[app:admin_service]
paste.app_factory = keystone.service:admin_app_factory

[pipeline:public_api]
pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension public_service

[pipeline:admin_api]
pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension crud_extension admin_service

[app:public_version_service]
paste.app_factory = keystone.service:public_version_app_factory

[app:admin_version_service]
paste.app_factory = keystone.service:admin_version_app_factory

[pipeline:public_version_api]
pipeline = xml_body public_version_service

[pipeline:admin_version_api]
pipeline = xml_body admin_version_service

[composite:main]
use = egg:Paste#urlmap
/v2.0 = public_api
/ = public_version_api

[composite:admin]
use = egg:Paste#urlmap
/v2.0 = admin_api
/ = admin_version_api

Aimon Bustardo (aimonb) said : #5

default_catalog.templates:
# config for TemplatedCatalog, using camelCase because I don't want to do
# translations for keystone compat
catalog.RegionOne.identity.publicURL = http://MASKED:5000/v2.0
catalog.RegionOne.identity.adminURL = http://MASKED:35357/v2.0
catalog.RegionOne.identity.internalURL = http://MASKED:5000/v2.0
catalog.RegionOne.identity.name = 'Identity Service'

# fake compute service for now to help novaclient tests work
catalog.RegionOne.compute.publicURL = http://MASKED:8774/v2/$(tenant_id)s
catalog.RegionOne.compute.adminURL = http://MASKED:8774/v2/$(tenant_id)s
catalog.RegionOne.compute.internalURL = http://MASKED:8774/v2/$(tenant_id)s
catalog.RegionOne.compute.name = 'Compute Service'

catalog.RegionOne.volume.publicURL = http://MASKED:8776/v1/$(tenant_id)s
catalog.RegionOne.volume.adminURL = http://MASKED:8776/v1/$(tenant_id)s
catalog.RegionOne.volume.internalURL = http://MASKED:8776/v1/$(tenant_id)s
catalog.RegionOne.volume.name = 'Volume Service'

catalog.RegionOne.ec2.publicURL = http://MASKED:8773/services/Cloud
catalog.RegionOne.ec2.adminURL = http://MASKED:8773/services/Admin
catalog.RegionOne.ec2.internalURL = http://MASKED:8773/services/Cloud
catalog.RegionOne.ec2.name = 'EC2 Service'

catalog.RegionOne.image.publicURL = http://MASKED:9292/v1
catalog.RegionOne.image.adminURL = http://MASKED:9292/v1
catalog.RegionOne.image.internalURL = http://MASKED:9292/v1
catalog.RegionOne.image.name = 'Image Service'

Aimon Bustardo (aimonb) said : #6

Let me know if I can provide any more info.

Aimon Bustardo (aimonb) said : #7

I have tried both:
--keystone_ec2_url=http://172.16.255.100:5000/v2.0/ec2tokens
and:
--keystone_ec2_url=http://172.16.255.100:5000/v2.0/tokens

Aimon Bustardo (aimonb) said : #8

.. Moved this to the broader topic of Nova-Project since it involves nova and keystone.

Launchpad Janitor (janitor) said : #9

This question was expired because it remained in the 'Open' state without activity for the last 15 days.