Red Hat Bugzilla – Bug 971465
18.104.22.168. Creating the Public Key Infrastructure Files - Creates log file owned by root.
Last modified: 2013-07-01 16:25:01 EDT
Section Number and Name:
22.214.171.124. Creating the Public Key Infrastructure Files
Describe the issue:
keystone-manage pki_setup is run as root. This results in the /var/log/keystone/keystone.log being created and owned by root. As a result when the openstack-keystone service is started it comes up as OK but silently fails in he background:
[root@localhost ~]# service openstack-keystone start
Starting keystone: [ OK ]
[root@localhost ~]# service openstack-keystone status
keystone dead but pid file exists
[root@localhost ~]# tail /var/log/keystone/keystone.log
This isn't immediately apparent to the user until the attempt to create the service:
# keystone service-create --name=keystone --type=identity \
> --description="Keystone Identity Service"
[Errno 111] Connection refused
Suggestions for improvement:
Run keystone-manager pki_setup as the keystone user:
su keystone -s /bin/sh -c "keystone-manage pki_setup --keystone-user=keystone --keystone-group=keystone"
Remove /var/log/keystone/keystone.log or change ownership to keystone user.