Chapter 2. Keystone (Identity)
2.1. Installation and Initial Configuration
Start by running the command that installs the openstack-keystone
package.
$
sudo yum install openstack-keystone
Keystone uses a MySQL database. Use the openstack-db
utility to create and initialize the tables for Keystone. If MySQL has not yet been installed on this server, the script will handle that, as well.
$
sudo openstack-db --init --service keystone
In order to administrate keystone, we will need to bootstrap the keystone client with the SERVICE_TOKEN
and SERVICE_ENDPOINT
environment variables. We will also save the value of SERVICE_TOKEN
in a file for later use.
$
export SERVICE_TOKEN=$(openssl rand -hex 10)
$
export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0
$
echo $SERVICE_TOKEN > /tmp/ks_admin_token
The SERVICE_TOKEN
needs to match the value of the admin_token
option in the Keystone configuration file, /etc/keystone/keystone.conf
. Set the admin_token
option using this command:
$
sudo openstack-config --set /etc/keystone/keystone.conf \
DEFAULT admin_token $SERVICE_TOKEN
Now start the Keystone service:
$
sudo service openstack-keystone start
$
sudo chkconfig openstack-keystone on
Finally, verify that the Keystone service running and that no errors are present in the Keystone log file.
$
ps -ef | grep -i keystone-all
keystone 8254 1 6 14:26 ? 00:00:00 /usr/bin/python /usr/bin/keystone-all --config-file /etc/keystone/keystone.conf
osuser 8263 7795 0 14:26 pts/0 00:00:00 grep -i keystone-all
$
grep ERROR /var/log/keystone/keystone.log
The following diagram gives an overview of what we have installed, configured, and running so far: