HPE Community
Software Defined Networking
1753826 Members
8520 Online
108805 Solutions
New Discussion

Cannot Log in with Keystone User After Changing Truststore & Keystore

 
GoodiesHQ
Occasional Contributor

‎05-15-2015 08:33 AM - edited ‎05-15-2015 08:40 AM

‎05-15-2015 08:33 AM - edited ‎05-15-2015 08:40 AM

Cannot Log in with Keystone User After Changing Truststore & Keystore

When I first set up the SDN controller, I was completely unable to access the web interface. I'd gotten an SSL error that was different from the ones I'd seen. Here is the error:

http://i.imgur.com/zrbfByS.png

 

 

After a few minutes of research, I was told to generate a new  keystore and truststore file. I did this by running:

 

/opt/sdn/admin/generateKey.sh

##### Also, a few commands with keytool found in the installation guide

 but first storing keystore and truststore as .OLD files.

 

After that, I added in two users since there were 0 in the keystone server; both users have a password of "skyline" though I cannot log into the https://server:8443/sdn/ui with those credentials.

 

Here are a few outputs from the current configuration

 

keystone --debug --token=ADMIN --endpoint=http://127.0.0.1:\35357/v2.0 user-list

send: 'GET /v2.0/users HTTP/1.1\r\nHost: 127.0.0.1:35357\r\nx-auth-token: ADMIN\r\naccept-encoding: gzip, deflate\r\nuser-agent: python-keystoneclient\r\n\r\n'
reply: 'HTTP/1.1 200 OK\r\n'
header: Content-Type: application/json
header: Vary: X-Auth-Token
header: Date: Fri, 15 May 2015 15:29:41 GMT
header: Transfer-Encoding: chunked
+----------------------------------+---------+-------+-------+
|                id                | enabled | email |  name |
+----------------------------------+---------+-------+-------+
| b1d35107aeff4ef89943a115f603350e | True    | None  | admin |
| c98a233f21894d7ab50768f1f333d1d7 | True    | None  | sdn   |
+----------------------------------+---------+-------+-------+

 

keystone --debug --token=ADMIN --endpoint=http://127.0.0.1:\35357/v2.0 role-list

send: 'GET /v2.0/OS-KSADM/roles HTTP/1.1\r\nHost: 127.0.0.1:35357\r\nx-auth-token: ADMIN\r\naccept-encoding: gzip, deflate\r\nuser-agent: python-keystoneclient\r\n\r\n'
reply: 'HTTP/1.1 200 OK\r\n'
header: Content-Type: application/json
header: Vary: X-Auth-Token
header: Date: Fri, 15 May 2015 15:27:59 GMT
header: Transfer-Encoding: chunked
+----------------------------------+----------+
|                id                |   name   |
+----------------------------------+----------+
| 71a1c7b73aba4659a80e040c9e3c1ce2 | SDN Role |
+----------------------------------+----------+

keystone --debug --token=ADMIN --endpoint=http://127.0.0.1:\35357/v2.0 tenant-list

send: 'GET /v2.0/tenants HTTP/1.1\r\nHost: 127.0.0.1:35357\r\nx-auth-token: ADMIN\r\naccept-encoding: gzip, deflate\r\nuser-agent: python-keystoneclient\r\n\r\n'
reply: 'HTTP/1.1 200 OK\r\n'
header: Content-Type: application/json
header: Vary: X-Auth-Token
header: Date: Fri, 15 May 2015 15:28:42 GMT
header: Transfer-Encoding: chunked
+----------------------------------+---------+---------+
|                id                |   name  | enabled |
+----------------------------------+---------+---------+
| f09f070c25b44aa18ad9521ec835ba63 | Project | True    |
+----------------------------------+---------+---------+

Yet, when I log in with the credentials, I get this error:

http://i.imgur.com/1L5KyWG.png

 

I'd reall like to get this solved. Thanks!

0 Kudos
1 REPLY 1
GoodiesHQ
Occasional Contributor

‎05-15-2015 11:14 AM - edited ‎05-15-2015 11:15 AM

‎05-15-2015 11:14 AM - edited ‎05-15-2015 11:15 AM

Re: Cannot Log in with Keystone User After Changing Truststore & Keystore

I have located a new issue; it is the Keystone server itself. Every time I start it, it rapidly changes process ID's (restarting) and dies after a few seconds. All I've done is mess with the SSL certificates.

 

http://i.imgur.com/z7U9abX.png

 

Does anyone have a fix with this? I'm a decent Linux user, but I am a network engineer, not a server admin, and this is beyond my skillset.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.