"message": "Unable to sign token."

Troubleshooting Identity (Keystone)

If you see an error opening the signing key file, it's possible the person who ran keystone-manage pki_setup to generate certificates and keys isn't using the correct user. When you run keystone-manage pki_setup, keystone generates a set of certificates and keys in /etc/keystone/ssl* which is owned by root:root.

This is problematic when trying to then run the Keystone daemon under the 'keystone' user account (nologin) when trying to run PKI. Unless you manually chown the files keystone:keystone or run keystone-manage pki_setup with --keystone-user and --keystone-group you'll get an error like this:

2012-07-31 11:10:53 ERROR [keystone.common.cms] Error opening signing key file /etc/keystone/ssl/private/signing_key.pem
        140380567730016:error:0200100D:system library:fopen:Permission denied:bss_file.c:398:fopen('/etc/keystone/ssl/private/signing_key.pem','r')
        140380567730016:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
        unable to load signing key file
cat /var/log/keystone/keystone.log
2013-08-05 11:08:07  WARNING [keystone.common.wsgi] Unable to sign token.
2013-08-05 11:08:22    ERROR [keystone.common.cms] Signing error: Unable to load certificate - ensure you've configured PKI with 'keystone-manage pki_setup'
[root@localhost ~]# ps aux | grep keystone
keystone  2907  0.5  2.5 371544 45096 ?        S    14:51   0:00 /usr/bin/python /usr/bin/keystone-all --config-file /etc/keystone/keystone.conf 
 
 
 
keystone-manage pki_setup
chown keystone -R /etc/keystone/ssl/

keystone-manage pki_setup --keystone-user keystone --keystone-group keystone 

你可能感兴趣的:("message": "Unable to sign token.")