If the OpenStack controller node was affected by a host or network outage and was unable to communicate with other nodes of the cluster, you may occasionally receive 401 Unauthorized errors from Keystone. To resolve the issue, synchronize the Keystone fernet tokens and credentials with other OpenStack controller nodes of the cluster.
To synchronize the Keystone fernet tokens and credentials:
Log in to the affected OpenStack controller node.
Synchronize the Keystone fernet tokens:
su -c "/var/lib/keystone/keystone_keys_rotate.sh -s -t fernet" keystone
If the OpenStack controller node was unavailable at 12:00 a.m., also synchronize the Keystone credentials:
su -c "/var/lib/keystone/keystone_keys_rotate.sh -s -t credential" keystone