No handlers could be found for logger "keystoneclient.client"

Asked by Andrew Holway


I cant do anything with Keystone due to "No handlers could be found for logger "keystoneclient.client""

Any ideas whats going on here?

root@openstack:~# keystone --debug user-list
connect: (, 5000)
connect fail: ('', 5000)
No handlers could be found for logger "keystoneclient.client"
Traceback (most recent call last):
  File "/usr/bin/keystone", line 9, in <module>
    load_entry_point('python-keystoneclient==0.1.3', 'console_scripts', 'keystone')()
  File "/usr/lib/python2.7/dist-packages/keystoneclient/", line 410, in main
  File "/usr/lib/python2.7/dist-packages/keystoneclient/", line 351, in main
  File "/usr/lib/python2.7/dist-packages/keystoneclient/v2_0/", line 80, in __init__
  File "/usr/lib/python2.7/dist-packages/keystoneclient/v2_0/", line 110, in authenticate
    "%s" % e)
keystoneclient.exceptions.AuthorizationFailure: Authorization Failed: Unable to communicate with identity service: [Errno 111] Connection refused. (HTTP 400)

Question information

English Edit question
OpenStack Compute (nova) Edit question
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Andrew Holway (a-holway) said :

root@openstack:/etc/keystone# cat keystone.conf
# A "shared secret" between keystone and other openstack services
admin_token = 92e139f7876bc89d12f6

# The IP address of the network interface to listen on
# bind_host =

# The port number which the public service listens on
public_port = 5000

# The port number which the public admin listens on
admin_port = 35357

# The port number which the OpenStack Compute service listens on
# compute_port = 8774

# === Logging Options ===
# Print debugging output
verbose = True

# Print more verbose output
# (includes plaintext request logging, potentially including passwords)
debug = True

# Name of log file to output to. If not set, logging will go to stdout.
log_file = keystone.log

# The directory to keep log files in (will be prepended to --logfile)
log_dir = /var/log/keystone

# Use syslog for logging.
#use_syslog = True

# syslog facility to receive log lines
#syslog_log_facility = LOG_USER

# If this option is specified, the logging configuration file specified is
# used and overrides any other logging options specified. Please see the
# Python logging module documentation for details on logging configuration
# files.
log_config = /etc/keystone/logging.conf

# A logging.Formatter log message format string which may use any of the
# available logging.LogRecord attributes.
log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s

# Format string for %(asctime)s in log records.
log_date_format = %Y-%m-%d %H:%M:%S

# onready allows you to send a notification when the process is ready to serve
# For example, to have it notify using systemd, one could set shell command:
# onready = systemd-notify --ready
# or a module with notify() method:
# onready = keystone.common.systemd

# The SQLAlchemy connection string used to connect to the database
#connection = sqlite:////var/lib/keystone/keystone.db
connection = mysql://keystone:ubuntu@localhost/keystone

# the timeout before idle sql connections are reaped
# idle_timeout = 200

driver = keystone.identity.backends.sql.Identity

# dynamic, sql-based backend (supports API/CLI-based management commands)
driver = keystone.catalog.backends.sql.Catalog

# static, file-based backend (does *NOT* support any management commands)
# driver = keystone.catalog.backends.templated.TemplatedCatalog

# template_file = default_catalog.templates

driver = keystone.token.backends.sql.Token

# Amount of time a token should remain valid (in seconds)
# expiration = 86400

driver = keystone.policy.backends.rules.Policy

driver = keystone.contrib.ec2.backends.sql.Ec2

#enable = True
#certfile = /etc/keystone/ssl/certs/keystone.pem
#keyfile = /etc/keystone/ssl/private/keystonekey.pem
#ca_certs = /etc/keystone/ssl/certs/ca.pem
#cert_required = True

#token_format = UUID
#certfile = /etc/keystone/ssl/certs/signing_cert.pem
#keyfile = /etc/keystone/ssl/private/signing_key.pem
#ca_certs = /etc/keystone/ssl/certs/ca.pem
#key_size = 1024
#valid_days = 3650
#ca_password = None
#token_format = PKI

# url = ldap://localhost
# user = dc=Manager,dc=example,dc=com
# password = None
# suffix = cn=example,cn=com
# use_dumb_member = False

# user_tree_dn = ou=Users,dc=example,dc=com
# user_objectclass = inetOrgPerson
# user_id_attribute = cn
# user_name_attribute = sn

# tenant_tree_dn = ou=Groups,dc=example,dc=com
# tenant_objectclass = groupOfNames
# tenant_id_attribute = cn
# tenant_member_attribute = member
# tenant_name_attribute = ou

# role_tree_dn = ou=Roles,dc=example,dc=com
# role_objectclass = organizationalRole
# role_id_attribute = cn
# role_member_attribute = roleOccupant

paste.filter_factory = keystone.common.wsgi:Debug.factory

paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory

paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory

paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory

paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory

paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory

paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory

paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory

paste.filter_factory = keystone.contrib.s3:S3Extension.factory

paste.filter_factory = keystone.middleware:NormalizingFilter.factory

paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory

paste.filter_factory = keystone.contrib.stats:StatsExtension.factory

paste.app_factory = keystone.service:public_app_factory

paste.app_factory = keystone.service:admin_app_factory

pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service

pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension crud_extension admin_service

paste.app_factory = keystone.service:public_version_app_factory

paste.app_factory = keystone.service:admin_version_app_factory

pipeline = stats_monitoring url_normalize xml_body public_version_service

pipeline = stats_monitoring url_normalize xml_body admin_version_service

use = egg:Paste#urlmap
/v2.0 = public_api
/ = public_version_api

use = egg:Paste#urlmap
/v2.0 = admin_api
/ = admin_version_api

Revision history for this message
Andrew Holway (a-holway) said :

root@openstack:/etc/keystone# cat logging.conf




args=(('localhost', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER)

args=('/var/log/keystone/keystone.log', 'a')


format=%(asctime)s %(levelname)s %(message)s

format=(%(name)s): %(asctime)s %(levelname)s %(message)s

format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s %(message)s

Revision history for this message
Khanh Nguyen (ndquockhanh) said :

Make sure that you can connect successfully to keystone services on port :35357 and 5000 .
From your log file, the keystone client can't access to the keystone admin service on port 5000.

you can check by using the command below:

curl -i -X GET -H "User-Agent: python-keystoneclient" -H "X-Auth-Token: 92e139f7876bc89d12f6"

Can you help with this problem?

Provide an answer of your own, or ask Andrew Holway for more information if necessary.

To post a message you must log in.