Troubleshooting Keystone and authentication
Nothing is more frustrating than not being able to log in to your cluster to see what is going on. Thankfully, OpenStack offers an authentication override to bypass authentication and allow you to make Keystone calls to see services, endpoints, and other Keystone resources. This is called using the Keystone admin service token. In Chapter 2, Identity Management, we looked at creating a keystonerc file. To use this service token to override authentication, you need to use a similar methodology.
Note
If you encounter trouble using your admin token to override authentication, check the file /usr/share/keystone/keystone-dist-paste.ini and look in the sections [pipeline:public_api], [pipeline:admin_api], and [pipeline:api_v3] for admin_token_auth. If the key admin_token_auth is missing then this method of authentication has been disabled.
Start by getting the current service token value from the keystone.conf file:
$ grep admin_token /etc/keystone/keystone...
