Bug 971465 - 5.4.3.2. Creating the Public Key Infrastructure Files - Creates log file owned by root.
Summary: 5.4.3.2. Creating the Public Key Infrastructure Files - Creates log file owne...
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: doc-Installation_and_Configuration_Guide   
(Show other bugs)
Version: 3.0
Hardware: Unspecified Unspecified
high
high
Target Milestone: ---
: 3.0
Assignee: Stephen Gordon
QA Contact: ecs-bugs
URL:
Whiteboard:
Keywords: Documentation
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-06-06 15:15 UTC by Stephen Gordon
Modified: 2013-07-01 20:25 UTC (History)
0 users

Fixed In Version: Red_Hat_OpenStack-Installation_and_Configuration_Guide-3-en-US-3-17
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-07-01 20:25:01 UTC
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Stephen Gordon 2013-06-06 15:15:34 UTC
Document URL: 

https://access.redhat.com/site/documentation//en-US/Red_Hat_OpenStack/3/html/Installation_and_Configuration_Guide/Creating_the_Public_Key_Infrastructure_Files.html

Section Number and Name: 

5.4.3.2. Creating the Public Key Infrastructure Files

Describe the issue: 

keystone-manage pki_setup is run as root. This results in the /var/log/keystone/keystone.log being created and owned by root. As a result when the openstack-keystone service is started it comes up as OK but silently fails in he background:

[root@localhost ~]# service openstack-keystone start
Starting keystone:                                         [  OK  ]
[root@localhost ~]# service openstack-keystone status
keystone dead but pid file exists
[root@localhost ~]# tail /var/log/keystone/keystone.log 
[root@localhost ~]# 

This isn't immediately apparent to the user until the attempt to create the service:

# keystone service-create --name=keystone --type=identity \
>         --description="Keystone Identity Service" 
[Errno 111] Connection refused

Suggestions for improvement: 

Run keystone-manager pki_setup as the keystone user:

su keystone -s /bin/sh -c "keystone-manage pki_setup --keystone-user=keystone --keystone-group=keystone"

Workaround:

Remove /var/log/keystone/keystone.log or change ownership to keystone user.


Note You need to log in before you can comment on or make changes to this bug.