Description of problem: Keystone dies Version-Release number of selected component (if applicable): RHOS 5.0 on RHEL 7 How reproducible: Sporatically Steps to Reproduce: 1. 2. 3. Actual results: openstack_auth.backend Authorization Failed: Unable to establish connection to http://10.72.0.6:5000/v2.0/tokens 2014-08-11 14:34:01,997 29824 WARNING openstack_auth.forms Login failed for user "<snip>" systemctl status openstack-keystone.service openstack-keystone.service - OpenStack Identity Service (code-named Keystone) Loaded: loaded (/usr/lib/systemd/system/openstack-keystone.service; enabled) Active: failed (Result: start-limit) since Mon 2014-08-11 11:00:42 EDT; 1s ago Process: 7442 ExecStart=/usr/bin/keystone-all (code=exited, status=1/FAILURE) Main PID: 7442 (code=exited, status=1/FAILURE) Aug 11 11:00:42 oscontrol1 systemd[1]: openstack-keystone.service: main process exited, code=exited, status=1/FAILURE Aug 11 11:00:42 oscontrol1 systemd[1]: Failed to start OpenStack Identity Service (code-named Keystone). Aug 11 11:00:42 oscontrol1 systemd[1]: Unit openstack-keystone.service entered failed state. Aug 11 11:00:42 oscontrol1 systemd[1]: openstack-keystone.service holdoff time over, scheduling restart. Aug 11 11:00:42 oscontrol1 systemd[1]: Stopping OpenStack Identity Service (code-named Keystone)... Aug 11 11:00:42 oscontrol1 systemd[1]: Starting OpenStack Identity Service (code-named Keystone)... Aug 11 11:00:42 oscontrol1 systemd[1]: openstack-keystone.service start request repeated too quickly, refusing to start. Aug 11 11:00:42 oscontrol1 systemd[1]: Failed to start OpenStack Identity Service (code-named Keystone). Aug 11 11:00:42 oscontrol1 systemd[1]: Unit openstack-keystone.service entered failed state." Expected results: Successful authentication, keystone starting up successfully. Additional info: It's a conflict between Neutron and Keystone Please backport http://pkgs.fedoraproject.org/cgit/openstack-keystone.git/commit/?id=216d357efd425c90507bae0b304dc614f9886220
Created attachment 935418 [details] spec patch
This was added to /lib/sysctl.d/openstack-keystone.conf: # By default, keystone starts a service on IANA-assigned port 35357 # http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt net.ipv4.ip_local_reserved_ports = 35357 Checked in openstack-keystone-2014.1.2.1-2.el7ost.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-1347.html