Description of problem: /etc/init.d/openstack-keystone relies on the use of the `keystone discover` command to check that the service is available. This command does not work correctly against SSL endpoints, nonstandard keystone ports or SSL endpoints with self-signed certificates. This causes the init script to hang on a service start, trying to check the connectivity of an endpoint which does not exist. The `keystone discover` command either needs to be patched to check SSL endpoints insecurely, or the use of it needs to be removed from the script. Version-Release number of selected component (if applicable): openstack-keystone OpenStack Havana 2013.2.1-1.el6 How reproducible: Configure keystone to use SSL or a non-standard port and then restart the keystone service Steps to Reproduce: 1. Change the public and admin port numbers in /etc/keystone/keystone.conf or 2. Restart the keystone service via `service openstack-keystone restart` or `/etc/init.d/openstack-keystone restart` Actual results: Aborting wait for keystone to start or init script hangs for a long time, leading to abort to be used if invoked by a user directly. Expected results: Init script should check local keystone configuration for ports and ssl settings and then attempt to connect itself. Additional info: The discover command is not planned to be implemented in the openstack common cli. https://wiki.openstack.org/wiki/OpenStackClient/Commands#.3Cother.3E
We could solve this problem by dumping "keystone discover" and just using curl in the keystone_available function, like this: ssl_enabled=$(crudini --get /etc/keystone/keystone.conf ssl enable 2> /dev/null || echo False) public_port=$(crudini --get /etc/keystone/keystone.conf DEFAULT public_port) if [ "$ssl_enabled" = True ]; then schema=https else schema=http fi keystone_url="${schema}://localhost:${public_port}/" keystone_available() { curl -sfk $keystone_url > /dev/null }
This can also be fixed by the changes to "keystone discovehttps://bugzilla.redhat.com/show_bug.cgi?id=1058291#c15r" referenced in
http://pkgs.fedoraproject.org/cgit/openstack-keystone.git/commit/?h=el6-havana&id=de327d38ca6cfbbcbf4560ea3fa73daec60e9132
http://koji.fedoraproject.org/koji/buildinfo?buildID=498406