The default PackStack configuration of Keystone generates UUID tokens. Administrators wishing to generate and use PKI tokens must:
1) Generate the PKI files using the keystone-manage command:
# keystone-manage pki_setup \
--keystone-user keystone \
--keystone-group keystone
2) Ensure that Keystone has ownership of the files in the /etc/keystone/ssl/ and /var/log/keystone/ directories:
# chown -R keystone:keystone /etc/keystone/ssl/ /var/log/keystone/
3) Update the value of the token_format configuration key in /etc/keystone/keystone.conf to PKI:
# openstack-config --set /etc/keystone/keystone.conf \
token_format PKI
4) Restart the openstack-keystone service:
# service openstack-keystone restart
Description of problem:
in Grizzly the default token_format changed from UUID to PKI; we want that to be configured back to PKI by packstack
Version-Release number of selected component (if applicable):
openstack-packstack-2013.1.1-0.17.dev631.el6ost.noarch
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
http://rhn.redhat.com/errata/RHBA-2013-0968.html