Hi Eugen
I have admin_token set, but token_provider isn't set.
Can I run "su -s /bin/sh -c "keystone-manage db_sync" keystone" without
loosing any data (current users, roles, permissions, etc)??
J.
On 20/05/16 12:42, Eugen Block wrote:
Hi,
I had a similar issue, in Liberty I used uuid tokens, then I upgraded
to Mitaka and also switched to fernet tokens. Because of some kind of
inconsistency I wanted to switch back to uuid.
Do you have an admin_token set in your keystone.conf?
I compared my current conf file to the liberty conf and I can't see
another difference except admin_token and token_provider.
I followed [1] to get keystone to work with uuid tokens in Liberty. If
I understand correctly, you'll have to populate the keystone database
"su -s /bin/sh -c "keystone-manage db_sync" keystone" and enable the
required services.
In my case, I managed to switch back to uuid, but in the meantime I'm
back to fernet tokens.
Hope this helps!
[1]
http://docs.openstack.org/liberty/install-guide-obs/keystone-install.html#install-and-configure-components
Regards,
Eugen
Zitat von magicb...@hotmail.com:
Hi
I've deployed FUEL 8.0 (liberty) on my lab and noticed that FUEL
works with fernet tokens. Because I have an old app which only works
with UUID, I have changed /etc/keyston/keyston.conf
from:
[token]
provider = keystone.token.providers.fernet.Provider
to:
[token]
provider = keystone.token.providers.uuid.Provider
But now, I'm facing a strange behavior:
as admin user, executing a simple "keystone user-list" doesn't work
and shows this error:
/.................
RESP BODY: {"error": {"message": "Non-default domain is not supported
(Disable debug mode to suppress these details.)", "code": 401,
"title": "Unauthorized"}}
//.................//
/Executing "openstack user list" also gets the same error:
/Non-default domain is not supported (Disable debug mode to suppress
these details.) (HTTP 401) (Request-ID:
req-8285b64d-353a-4188-949f-679bbfaa1114)/
Also from Horizon dashboard, I cannot retrieve the user list.....
But the funny/strange thing is that executing the same command
through V3 indentity admin interface (/export
OS_IDENTITY_API_VERSION=3/) it works:
/root@node-1:~# openstack user list
+----------------------------------+-------------------+
| ID | Name |
+----------------------------------+-------------------+
| 06c80b0440034f49a674bd0ef56385e1 | heat_admin |
| 1b5ae288f1494efd91aa67cadd290939 | sahara |
| 2c71b7342bfe421abdb1af34a05988ac | heat-cfn |
| 4722750675d6416082be67a7cf9b03c3 | murano |
| 6b020f2c8328430b9bc71400e8a8b661 | cinder |
| 958dd93f02614f38b4575c05833b0884 | heat |
| 97c015a3d9b2432090992027fdb16e44 | ceilometer |
| 9fb385d757324bc0a62b502f4c3ae67c | swift |
| cc1395223fd74ea2aa59242fccb279de | admin |
| dc325906c9b6446a801a9d4914472b51 | neutron |
| df265ea710294923991a5d10006dd9cb | nova |
| ebcf0d3439c143d098d95212fa587b6a | glance |
| fc804ae3614349ea80f844bc7f102a59 | fuel_stats_user |
+----------------------------------+-------------------+
/
Anyone could help me?
thanks in advance.
J
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
