Chapter 2. Keystone (Identity)

2.1. Installation and Initial Configuration
2.2. Creating Users

Now we are going to install and configure Keystone, the Identity service.

2.1. Installation and Initial Configuration

Start by running the command that installs the openstack-keystone package.

$ sudo yum install openstack-keystone

Keystone uses a MySQL database. Use the openstack-db utility to create and initialize the tables for Keystone. If MySQL has not yet been installed on this server, the script will handle that, as well.

$ sudo openstack-db --init --service keystone

In order to administrate keystone, we will need to bootstrap the keystone client with the SERVICE_TOKEN and SERVICE_ENDPOINT environment variables. We will also save the value of SERVICE_TOKEN in a file for later use.

$ export SERVICE_TOKEN=$(openssl rand -hex 10)
$ export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0
$ echo $SERVICE_TOKEN > /tmp/ks_admin_token

The SERVICE_TOKEN needs to match the value of the admin_token option in the Keystone configuration file, /etc/keystone/keystone.conf. Set the admin_token option using this command:

$ sudo openstack-config --set /etc/keystone/keystone.conf \
  DEFAULT admin_token $SERVICE_TOKEN

Now start the Keystone service:

$ sudo service openstack-keystone start
$ sudo chkconfig openstack-keystone on

Finally, verify that the Keystone service running and that no errors are present in the Keystone log file.

$ ps -ef | grep -i keystone-all
keystone  8254     1  6 14:26 ?        00:00:00 /usr/bin/python /usr/bin/keystone-all --config-file /etc/keystone/keystone.conf
osuser    8263  7795  0 14:26 pts/0    00:00:00 grep -i keystone-all
$ grep ERROR /var/log/keystone/keystone.log

The following diagram gives an overview of what we have installed, configured, and running so far: