74c1d5aa34
Now that most of the operator docs are consolidated into the admin guide, it is huge and hard to find things. This patch breaks the guide into groups to make it a little easier to navigate: 1. Getting started: basics of keystone and initializing a deployment. 2. Configuration: not a replacement for the main config docs but a grouping of all discussions on the various config options. 3. Operations: maintenance workflows like upgrading and cleanups 4. Tokens: an important part of keystone 5. RBAC: gets a section to itself 6. Advanced keystone features: grouping of lesser-known/lesser-used, not-required features. 7. Authentication mechanisms: various auth methods besides password, including the federation guide Change-Id: I9039b7023d843349154d28ee0ee2c7b9a9eb97ab
23 lines
865 B
ReStructuredText
23 lines
865 B
ReStructuredText
Troubleshoot the Identity service
|
|
=================================
|
|
|
|
To troubleshoot the Identity service, review the logs in the
|
|
``/var/log/keystone/keystone.log`` file.
|
|
|
|
Use the ``/etc/keystone/logging.conf`` file to configure the
|
|
location of log files.
|
|
|
|
.. note::
|
|
|
|
The ``insecure_debug`` flag is unique to the Identity service.
|
|
If you enable ``insecure_debug``, error messages from the API change
|
|
to return security-sensitive information. For example, the error message
|
|
on failed authentication includes information on why your authentication
|
|
failed.
|
|
|
|
The logs show the components that have come in to the WSGI request, and
|
|
ideally show an error that explains why an authorization request failed.
|
|
If you do not see the request in the logs, run keystone with the
|
|
``--debug`` parameter. Pass the ``--debug`` parameter before the
|
|
command parameters.
|