Keystone does not seem to be able to resolve DNS, if endpoints were configured with hostname instead of IP.
MariaDB [keystone]> select * from endpoint where url like '%500%' or '%3535%';;
+----------------------------------+----------------------------------+-----------+----------------------------------+--------------------------------------+-------+---------+-----------+
| id | legacy_endpoint_id | interface | service_id | url | extra | enabled | region_id |
+----------------------------------+----------------------------------+-----------+----------------------------------+--------------------------------------+-------+---------+-----------+
| 39cf5bb25fef4f01a1bc2b83f76ce8dd | 99c316ae7cbd449ebccfd6efe1c5d03c | admin | 439e97af7e4b43f9a3b0ee82e33751fe | http://vrrp01:35357/v2.0 | {} | 1 | RegionOne |
| 8a75236613354776b50b56c527fe3a75 | 99c316ae7cbd449ebccfd6efe1c5d03c | public | 439e97af7e4b43f9a3b0ee82e33751fe | http://vrrp01:5000/v2.0 | {} | 1 | RegionOne |
+----------------------------------+----------------------------------+-----------+----------------------------------+--------------------------------------+-------+---------+-----------+
root@ctl10:/var/log/apache2# keystone --debug user-list
DEBUG:keystoneclient.auth.identity.v2:Making authentication request to http://vrrp01:35357/v2.0/tokens
INFO:urllib3.connectionpool:Starting new HTTP connection (1): vrrp01
DEBUG:urllib3.connectionpool:Setting read timeout to 600.0
DEBUG:urllib3.connectionpool:"POST /v2.0/tokens HTTP/1.1" 200 1699
DEBUG:keystoneclient.session:REQ: curl -g -i -X GET http://vrrp01:35357/v2.0/users -H "User-Agent: python-keystoneclient" -H "Accept: application/json" -H "X-Auth-Token: {SHA1}cfd888a32a64ee77e42524a2c15cb4547ab9d534"
No connection adapters were found for ' http://vrrp01:35357/v2.0/users'
Change endpoints to use IPs and keystone works normally.
MariaDB [keystone]> select * from endpoint where url like '%500%' or '%3535%';
+----------------------------------+----------------------------------+-----------+----------------------------------+----------------------------+-------+---------+-----------+
| id | legacy_endpoint_id | interface | service_id | url | extra | enabled | region_id |
+----------------------------------+----------------------------------+-----------+----------------------------------+----------------------------+-------+---------+-----------+
| 8a75236613354776b50b56c527fe3a75 | 99c316ae7cbd449ebccfd6efe1c5d03c | public | 439e97af7e4b43f9a3b0ee82e33751fe | http://10.11.3.4:5000/v2.0 | {} | 1 | RegionOne |
| c4e486c0ebc241659f76c37b3917eaec | 99c316ae7cbd449ebccfd6efe1c5d03c | internal | 439e97af7e4b43f9a3b0ee82e33751fe | http://10.11.3.4:5000/v2.0 | {} | 1 | RegionOne |
+----------------------------------+----------------------------------+-----------+----------------------------------+----------------------------+-------+---------+-----------+
root@ctl10:/var/log/apache2# keystone --debug token-get
DEBUG:keystoneclient.auth.identity.v2:Making authentication request to http://vrrp01:35357/v2.0/tokens
INFO:urllib3.connectionpool:Starting new HTTP connection (1): vrrp01
DEBUG:urllib3.connectionpool:Setting read timeout to 600.0
DEBUG:urllib3.connectionpool:"POST /v2.0/tokens HTTP/1.1" 200 1699
+-----------+----------------------------------+
| Property | Value |
+-----------+----------------------------------+
| expires | 2015-10-15T19:36:25Z |
| id | 25789066641c4caf80be4173a96ae0b8 |
| tenant_id | 02f8e769e5e3430ca1e77582ba0d73e0 |
| user_id | 0815385ac2d044a6b524d8e05839b824 |
> ' http:// vrrp01: 35357/v2. 0/users'
It seems that there is a space symbol in front of the url and it prevents the client from understanding the schema. You need to remove this space symbol.