OpenStack Identity (keystone)

Create a domain, projects, users, and roles in keystone

Bug #1936429 reported by Dalton Cézane
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Expired
Undecided
Unassigned

Bug Description

Trying to communicate with Openstack, I am getting the following error:
openstack domain list
Failed to discover available identity versions when contacting http://controller:5000/v3. Attempting to parse version from URL.
Unable to establish connection to http://controller:5000/v3/auth/tokens: HTTPConnectionPool(host='controller', port=5000): Max retries exceeded with url: /v3/auth/tokens (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fbfb4c2cd00>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'))

This bug tracker is for errors with the documentation, use the following as a template and remove or add fields as you see fit. Convert [ ] into [x] to check boxes:

- [X] This doc is inaccurate in this way: after following the tutorial to install the Keystone, the service cannot establish a connection.
- [ ] This is a doc addition request.
- [ ] I have a fix to the document that I can paste below including example: input and output.

If you have a troubleshooting or support issue, use the following resources:

 - The mailing list: https://lists.openstack.org
 - IRC: 'openstack' channel on Freenode

-----------------------------------
Release: 19.0.1.dev1 on 2017-08-28 16:23:56
SHA: f510c806de3e20cdedd55291cd58dafa59398bec
Source: https://opendev.org/openstack/keystone/src/doc/source/install/keystone-users-ubuntu.rst
URL: https://docs.openstack.org/keystone/wallaby/install/keystone-users-ubuntu.html

Revision history for this message
Gage Hugo (gagehugo) wrote :

Your host doesn't know what IP address "controller" translates to. You can either add it to your hosts file or replace "controller" with the ip of keystone.

Changed in keystone:
status: New → Incomplete
Revision history for this message
Dalton Cézane (daltoncezane) wrote :

Thanks, Gage. I forgot that I had changed the name to "openstack-controller" instead of just "controller". But I updated the files/commands and the problem persists...

/etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@openstack-controller/keystone

/etc/apache2/apache2.conf
ServerName openstack-controller

keystone-manage bootstrap --bootstrap-password 'ADMIN_PASS' --bootstrap-admin-url http://openstack-controller:5000/v3/ --bootstrap-internal-url http://openstack-controller:5000/v3/ --bootstrap-public-url http://openstack-controller:5000/v3/ --bootstrap-region-id RegionOne

Problem:
openstack domain list
Failed to discover available identity versions when contacting http://controller:5000/v3. Attempting to parse version from URL.
Unable to establish connection to http://controller:5000/v3/auth/tokens: HTTPConnectionPool(host='controller', port=5000): Max retries exceeded with url: /v3/auth/tokens (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f9ede233d60>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'))

Do you have any suggestion?

Revision history for this message
Dalton Cézane (daltoncezane) wrote :

Thank you, Gage. I forgot I had changed the name to "openstack-controller" instead of just "controller". But I updated the files/commands and the problem persists...

etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@openstack-controller/keystone

keystone-manage bootstrap --bootstrap-password 'ADMIN_PASS' --bootstrap-admin-url http://openstack-controller:5000/v3/ --bootstrap-internal-url http://openstack-controller:5000/v3/ --bootstrap-public-url http://openstack-controller:5000/v3/ --bootstrap-region-id RegionOne

/etc/apache2/apache2.conf
ServerName openstack-controller

Problem:
openstack domain list
Failed to discover available identity versions when contacting http://controller:5000/v3. Attempting to parse version from URL.
Unable to establish connection to http://controller:5000/v3/auth/tokens: HTTPConnectionPool(host='controller', port=5000): Max retries exceeded with url: /v3/auth/tokens (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7ff2018afd00>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'))

Do you have any suggestion?

Revision history for this message
Dalton Cézane (daltoncezane) wrote :

By the way, given the problem, I removed the keystone (apt remove keystone) and deleted the /etc/keystone folder, in order to try the installation process again. But now, after successfully installing the keystone (apt install keystone), the folder /etc/keystone is not created... any suggestion regarding this process too?

Revision history for this message
Gage Hugo (gagehugo) wrote :

You will need to add "openstack-controller" to your /etc/hosts file pointing to the IP address of keystone. The term "controller" here is to represent the domain name of the server/node running keystone. From the guide: "This section describes how to install and configure the OpenStack Identity service, code-named keystone, on the controller node."

You can run "mkdir /etc/keystone" to recreate it if you deleted it.

Revision history for this message
Dalton Cézane (daltoncezane) wrote (last edit ):

Hello, Gage. But my /etc/hosts already had that information. The hostname was already configured as openstack-controller. When you said, I remembered I was using openstack-controller instead of controller. Then, I updated the places mentioned in the previous comment, but the problem persisted. So, I decided to start the installation process again, removing the keystone and its folders (/etc/keystone). Now, when I am installing the keystone again, the folder /etc/keystone is not created anymore.

I can manually create the folder, but how about the files that should exist in this folder, including the keystone.conf with the standard settings?

In my opinion, the /etc/keystone folder should be created during the Keystone installation (apt instal keystone). Please correct me if I am wrong.

Revision history for this message
Gage Hugo (gagehugo) wrote :

I haven't installed keystone using apt in a long time so I am not entirely sure that it creates those. Was it created on the first install?

The error you posted in the description is due to your host not resolving "openstack-compute", which is usually a DNS or host file issue.

Revision history for this message
Dalton Cézane (daltoncezane) wrote :

Yes, Gage. In the first installation process, the /etc/keystone folder existed and was already populated with some files.

Regarding the previous problem, even updating the configuration files and commands with the correct name, openstack-controlller, I could not solve it.

Revision history for this message
Dalton Cézane (daltoncezane) wrote :

I found the problem. Regarding the installation, we need to uninstall with the "purge" option, and then install again. After this process, the folder is created and populated with the files... Regarding the first problem, I had updated the configuration files with the correct hostname, but I forgot to update the file with the "export OS_AUTH_URL": export OS_AUTH_URL=http://openstack-controller:5000/v3

After correctly updated, the service worked. Thank you.

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for OpenStack Identity (keystone) because there has been no activity for 60 days.]

Changed in keystone:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.