Hi. I am having this same issue with 3 controllers+mongo, and 4 compute+ceph nodes. deploying juno with Fuel 6.0 deployment.
<11>Mar 4 20:51:33 node-50 keystone-all Signing error: Unable to load certificate - ensure you have configured PKI with "keystone-manage pki_setup" -- 2015-03-04 20:51:33.227 6723 TRACE keystone.common.wsgi raise subprocess.CalledProcessError(retcode, 'openssl') 2015-03-04 20:51:33.227 6723 TRACE keystone.common.wsgi CalledProcessError: Command 'openssl' returned non-zero exit status 3 <11>Mar 4 20:52:33 node-50 keystone-all Signing error: Error opening signer certificate /etc/keystone/ssl/certs/signing_cert.pem 140441757452104:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/keystone/ssl/certs/signing_cert.pem','r') 140441757452104:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400: <11>Mar 4 20:52:33 node-50 keystone-all Signing error: Unable to load certificate - ensure you have configured PKI with "keystone-manage pki_setup" -- ...repeats every 60 seconds.
Should I attempt to create a signing certificate and enable it with ceph as explained here: https://bugzilla.redhat.com/show_bug.cgi?id=1141615#c10
Or, should i just set the revocation timeout in /etc/ceph.conf to somthing ridiculously high, and ignore it until the next update?
Hi. I am having this same issue with 3 controllers+mongo, and 4 compute+ceph nodes. deploying juno with Fuel 6.0 deployment.
<11>Mar 4 20:51:33 node-50 keystone-all Signing error: Unable to load certificate - ensure you have configured PKI with "keystone-manage pki_setup" common. wsgi raise subprocess. CalledProcessEr ror(retcode, 'openssl') common. wsgi CalledProcessError: Command 'openssl' returned non-zero exit status 3 ssl/certs/ signing_ cert.pem :error: 02001002: system library:fopen:No such file or directory: bss_file. c:398:fopen( '/etc/keystone/ ssl/certs/ signing_ cert.pem' ,'r') :error: 20074002: BIO routines: FILE_CTRL: system lib:bss_file.c:400:
--
2015-03-04 20:51:33.227 6723 TRACE keystone.
2015-03-04 20:51:33.227 6723 TRACE keystone.
<11>Mar 4 20:52:33 node-50 keystone-all Signing error: Error opening signer certificate /etc/keystone/
140441757452104
140441757452104
<11>Mar 4 20:52:33 node-50 keystone-all Signing error: Unable to load certificate - ensure you have configured PKI with "keystone-manage pki_setup"
--
...repeats every 60 seconds.
Should I attempt to create a signing certificate and enable it with ceph as explained here: https:/ /bugzilla. redhat. com/show_ bug.cgi? id=1141615# c10
Or, should i just set the revocation timeout in /etc/ceph.conf to somthing ridiculously high, and ignore it until the next update?