Ubuntu 12.04
Sponsored Link

OpenStack Havana - Configure Keystone#1
2013/11/22
 
Install and Configure OpenStack Identity Service (Keystone).
[1] Install Keystone

root@dlp:~#
aptitude -y install keystone python-mysqldb
[2] Add a User and DB for Keystone to MySQL.
root@dlp:~#
mysql -u root -p

Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 37
Server version: 5.5.34-0ubuntu0.12.04.1 (Ubuntu)

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

# set any password for 'password' section

mysql>
create database keystone character set utf8;

Query OK, 1 row affected (0.00 sec)
mysql>
grant all privileges on keystone.* to keystone@'%' identified by 'password';

Query OK, 0 rows affected (0.00 sec)
mysql>
flush privileges;

Query OK, 0 rows affected (0.00 sec)
mysql>
exit

Bye
[3] Configure Keystone
root@dlp:~#
vi /etc/keystone/keystone.conf
# line 3 : uncomment and change

admin_token =
admintoken
# line 6 : uncomment

bind_host = 0.0.0.0
# line 9 : uncomment

public_port = 5000
# line 12 : uncomment

admin_port = 35357
# line 20 : uncomment

compute_port = 8774
# line 143 : change ( the one added in MySQL )

connection =
mysql://keystone:password@10.0.0.30/keystone
# line 311 : uncomment and add

token_format =
PKI
# line 312 : uncomment all and chnage to your locations like below

certfile = /etc/keystone/pki/certs/signing_cert.pem
keyfile = /etc/keystone/pki/private/signing_key.pem
ca_certs = /etc/keystone/pki/certs/cacert.pem
ca_key = /etc/keystone/pki/private/cakey.pem
key_size = 2048
valid_days = 3650
cert_subject =
/C=JP/ST=Hiroshima/L=Hiroshima/O=Server_World/CN=dlp.srv.world
root@dlp:~#
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone

2013-11-21 15:56:59.857 6100 INFO keystone.common.openssl [-] openssl req 
-key /etc/keystone/pki/private/signing_key.pem -new -out /etc/keystone/pki/certs/req.pem 
-config /etc/keystone/pki/certs/openssl.conf 
-subj /C=JP/ST=Hiroshima/L=Hiroshima/O=Server_World/CN=dlp.srv.world
2013-11-21 15:56:59.867 6100 INFO keystone.common.openssl [-] openssl ca 
-batch -out /etc/keystone/pki/certs/signing_cert.pem 
-config /etc/keystone/pki/certs/openssl.conf -days 3650d 
-cert /etc/keystone/pki/certs/cacert.pem -keyfile /etc/keystone/pki/private/cakey.pem 
-infiles /etc/keystone/pki/certs/req.pem
Using configuration from /etc/keystone/pki/certs/openssl.conf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'JP'
stateOrProvinceName   :ASN.1 12:'Hiroshima'
localityName          :ASN.1 12:'Hiroshima'
organizationName      :ASN.1 12:'Server_World'
commonName            :ASN.1 12:'dlp.srv.world'
Certificate is to be certified until Nov 19 06:56:59 2023 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated

root@dlp:~#
keystone-manage db_sync

root@dlp:~#
service keystone restart

keystone stop/waiting
keystone start/running, process 1567
 
Tweet