Getting MySQL to work in F18 With Openstack Keystone

Adam Young ayoung at
Wed Mar 6 22:13:05 UTC 2013

It looks like the access model for MySQL has changed between F17 and F18.

I tried the recent fedora-updates-testing version of Keystone on F18.  
Here's what I found:

Running Packstack with minimal services enabled seems to fail.  I need a 
sterilized machine to determine what exactly failed, but I was looking 
to install just Keystone, so I moved on to doing a manual install.

1. OpenSSL not installed means the pki setup is broken.  That needs to 
be an RPM dependency. Filed a bug for that:

Once that is in , run as root

keystone-manage pki_setup

And change perms on the directory so Keystone can read it.

So far so good.

2. openstack-db fails with a permission on the root user.  However, the 
following works:
      A. su - keystone (I suspect the openstack-db call made the 
keystone user, or maybe that is done by the RPM install?)
      B.  mysql  (no params, using the default identification, which I 
assume is PAM based?)
      C.  create  user named keystone:

      create user 'keystone'@'localhost' identified by 'keystone';

grant that user perms to create a db

     grant all  PRIVILEGES on *.* to 'keystone'@'localhost';

exit mysql and log in as that user:

     mysql --user=keystone --password=keystone

Create the keystone database:

  create database keystone;

Log out and run the dbsync

  keystone-manage db_sync

Obviously, this leaves the DB User with too many permissions, but it is 
a start.

If I now try to run the command
  openstack-db --service glance --init

Please enter the password for the 'root' MySQL user:

Even setting the password in MySQL doesn;t work

UPDATE mysql.user SET Password=PASSWORD('keystone') WHERE User='root' 
AND Host='localhost';

[root at f18-keystone mysql]# openstack-db --service glance --init
Please enter the password for the 'root' MySQL user:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using 
password: YES)
Failed to connect to the MySQL server.  Please check your root user 

I tried it with the unix password as well.

Note that I can connect using the following SQL Alchemy URL:
connection = 

I think this is preferable to exposing TCP sockets around in the case 
that the Keystone server and MySQL server are co-located.

More information about the cloud mailing list