Migrate OpenStack Keystone to a different IP address

This hack describes how to change openstack service end-points after there is a change in the host IP address.

When you initially install and provision OpenStack, Keystone (the identity service) creates a set of end-points for all the services. You can get the list of service end-points by typing

# keystone endpoint-list

Particularly of interest are the “publicurl”s. A typical publicurl of a service end-point would look like$(tenant_id)s

If the IP address of the host changes, the end-points aren’t migrated automatically. This may cause quite a lot of dependent services to stop working.

One such service is “Horizon” which is the web interface and dashboard for OpenStack. Once the IP address is changed, you won’t be able to login to the admin dashboard as well.

To fix this, the service end-points needs to be updated. Unfortunately, the keystone tool supports only creation of end-points at this time. You’ll have to manually update the end-point URLs in the database.

In this example, I’m using mysql as the database and I have changed the host IP from to

Login to mysql (probably as root), select the keystone database and query the URLs.

# mysql -u root -p keystone
Enter password:
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> select id, url from endpoint where interface='public';
| id | url |
| 384ee4e74ad19a71bc56bff55e18e25c |$(tenant_id)s |
| 675affbfacf34c0899a994d72eea7d57 | |
| 34818b5b99394e4d9894e932403696cf | |
| 8b363857ce294150567571dfc476a83 |$(tenant_id)s |
| b4041634dc614f8876baa119769e784e | |
| c6edf51290e34b84995bccacbc2a2454 | |
6 rows in set (0.00 sec)

Now that we know what to change, update the URLs (as suggested below)

mysql> update endpoint set url='' where id='c6edf51290e34b84995bccacbc2a2454';

Now doing a keystone endpoint-list should show your new URL.

To change the IP address in the configurations do the following;

# cd /etc/
# find {keystone,nova,cinder,quantum,glance} -type f -exec grep -nH {} \;
# find {keystone,nova,cinder,quantum,glance} -type f -exec sed -i s/ {} \;

Restart apache2, memcached and try logging into Horizon.
Of course, YMMV!