i'm also running into this issue. I'm running a 3 controller 3 compute cluster, when keystone is restarted it gets stuck in a restart loop with the same error found in the docker logs above. The only way I get get keystone to start up is the change /etc/kolla/keystone/keystone-startup.sh token age to 8640000 (yes, 100 days because my deployment is older than Tomas' deployment). I'm running most recent version of master, so I picked up the keystone changes from about 28 days ago. I manually ran the farnet-rotate.sh script the cronjob runs and it seemed to complete ok. Each control node keystone and keystone_fernet container has 3 keys in /etc/keystone/farnet-keys folder so it appears the rsync is running ok.
it just seems like keystone is using one of the older keys even know a newer one is present.
on a side note, when I pulled the updated git repo (from 350 to 380) I pip installed ./kolla and ./kolla-ansible then I ran kolla-ansible deploy to see if the keystone changes in the newer master 380 would fix the issue. has not for me. Not sure if I should be running deploy or upgrade so that could be part of the issue of why keystone changes did not seem to fix.
i'm also running into this issue. I'm running a 3 controller 3 compute cluster, when keystone is restarted it gets stuck in a restart loop with the same error found in the docker logs above. The only way I get get keystone to start up is the change /etc/kolla/ keystone/ keystone- startup. sh token age to 8640000 (yes, 100 days because my deployment is older than Tomas' deployment). I'm running most recent version of master, so I picked up the keystone changes from about 28 days ago. I manually ran the farnet-rotate.sh script the cronjob runs and it seemed to complete ok. Each control node keystone and keystone_fernet container has 3 keys in /etc/keystone/ farnet- keys folder so it appears the rsync is running ok.
``` fernet) [root@ddc- control- 3 /]# ls -ahl /etc/keystone/ fernet- keys/
(keystone-
total 20K
drwxrwx--- 2 keystone keystone 4.0K Sep 25 12:32 .
drwxr-xr-x 1 keystone keystone 4.0K Sep 25 13:08 ..
-rw------- 1 keystone keystone 44 Sep 25 12:32 0
-rw------- 1 keystone keystone 44 Aug 27 14:23 1
-rw------- 1 keystone keystone 44 Aug 27 14:23 2
```
it just seems like keystone is using one of the older keys even know a newer one is present.
on a side note, when I pulled the updated git repo (from 350 to 380) I pip installed ./kolla and ./kolla-ansible then I ran kolla-ansible deploy to see if the keystone changes in the newer master 380 would fix the issue. has not for me. Not sure if I should be running deploy or upgrade so that could be part of the issue of why keystone changes did not seem to fix.