Product SiteDocumentation Site

Chapter 2. Keystone (Identity)

2.1. Installation and Initial Configuration
2.2. Creating Users
Now we are going to install and configure Keystone, the Identity service.

2.1. Installation and Initial Configuration

Start by running the command that installs the openstack-keystone package.
$ sudo yum install openstack-keystone
Keystone uses a MySQL database. Use the openstack-db utility to create and initialize the tables for Keystone. If MySQL has not yet been installed on this server, the script will handle that, as well.
$ sudo openstack-db --init --service keystone
In order to administrate keystone, we will need to bootstrap the keystone client with the SERVICE_TOKEN and SERVICE_ENDPOINT environment variables. We will also save the value of SERVICE_TOKEN in a file for later use.
$ export SERVICE_TOKEN=$(openssl rand -hex 10)
$ echo $SERVICE_TOKEN > /tmp/ks_admin_token
The SERVICE_TOKEN needs to match the value of the admin_token option in the Keystone configuration file, /etc/keystone/keystone.conf. Set the admin_token option using this command:
$ sudo openstack-config --set /etc/keystone/keystone.conf \
Now start the Keystone service:
$ sudo service openstack-keystone start
$ sudo chkconfig openstack-keystone on
Finally, verify that the Keystone service running and that no errors are present in the Keystone log file.
$ ps -ef | grep -i keystone-all
keystone  8254     1  6 14:26 ?        00:00:00 /usr/bin/python /usr/bin/keystone-all --config-file /etc/keystone/keystone.conf
osuser    8263  7795  0 14:26 pts/0    00:00:00 grep -i keystone-all
$ grep ERROR /var/log/keystone/keystone.log
The following diagram gives an overview of what we have installed, configured, and running so far: