74c1d5aa34
Now that most of the operator docs are consolidated into the admin guide, it is huge and hard to find things. This patch breaks the guide into groups to make it a little easier to navigate: 1. Getting started: basics of keystone and initializing a deployment. 2. Configuration: not a replacement for the main config docs but a grouping of all discussions on the various config options. 3. Operations: maintenance workflows like upgrading and cleanups 4. Tokens: an important part of keystone 5. RBAC: gets a section to itself 6. Advanced keystone features: grouping of lesser-known/lesser-used, not-required features. 7. Authentication mechanisms: various auth methods besides password, including the federation guide Change-Id: I9039b7023d843349154d28ee0ee2c7b9a9eb97ab
865 B
865 B
Troubleshoot the Identity service
To troubleshoot the Identity service, review the logs in the
/var/log/keystone/keystone.log file.
Use the /etc/keystone/logging.conf file to configure the
location of log files.
Note
The insecure_debug flag is unique to the Identity
service. If you enable insecure_debug, error messages from
the API change to return security-sensitive information. For example,
the error message on failed authentication includes information on why
your authentication failed.
The logs show the components that have come in to the WSGI request,
and ideally show an error that explains why an authorization request
failed. If you do not see the request in the logs, run keystone with the
--debug parameter. Pass the --debug parameter
before the command parameters.