keystone-manage fernet_setup fails silently
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
This from the Newton build openstack-
I created a /etc/keystone/
[root@newton1 fernet-keys]# keystone-manage fernet_setup
usage: keystone-manage [bootstrap|
[-h] --keystone-user KEYSTONE_USER --keystone-group KEYSTONE_GROUP
keystone-manage [bootstrap|
Two issues, the first is that it's asking for a --keystone-user, and --keystone-group switch, which is probably not meant to be required switches for this command.
If I supply some value for these switches, the command executes but does nothing (does not generate startup keys in the directory). I am unable to testout fernet tokens.
> Two issues, the first is that it's asking for a --keystone-user, and --keystone-group switch, which is probably not meant to be required switches for this command.
They are meant to be. You need to supply the user who will run keystone. The keys have permission 700 when they are created. It might be www-data or the user you are running apache with.
> If I supply some value for these switches, the command executes but does nothing (does not generate startup keys in the directory). I am unable to testout fernet tokens.
That's actually a bug :) It should probably fail loud.