|
OpenStack Havana - Configure Keystone#1
2013/11/22 |
|
Install and Configure OpenStack Identity Service (Keystone).
|
|
| [1] | Install Keystone |
|
# add OpenStack Havana repository first root@dlp:~# aptitude -y install keystone python-mysqldb
|
| [2] | Add a User and DB for Keystone to MySQL. |
|
root@dlp:~# mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 37 Server version: 5.5.34-0ubuntu0.12.04.1 (Ubuntu) Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. # set any password for 'password' section
mysql>
create database keystone character set utf8; Query OK, 1 row affected (0.00 sec)
mysql>
grant all privileges on keystone.* to keystone@'%' identified by 'password'; Query OK, 0 rows affected (0.00 sec)
mysql>
mysql> flush privileges; Query OK, 0 rows affected (0.00 sec) exit Bye |
| [3] | Configure Keystone |
|
root@dlp:~#
vi /etc/keystone/keystone.conf # line 3 : uncomment and change admin_token = admintoken
# line 6 : uncomment bind_host = 0.0.0.0 # line 9 : uncomment public_port = 5000 # line 12 : uncomment admin_port = 35357 # line 20 : uncomment compute_port = 8774 # line 143 : change ( the one added in MySQL ) connection = mysql://keystone:password@10.0.0.30/keystone
# line 311 : uncomment and add token_format = PKI
# line 312 : uncomment all and chnage to your locations like below certfile = /etc/keystone/pki/certs/signing_cert.pem keyfile = /etc/keystone/pki/private/signing_key.pem ca_certs = /etc/keystone/pki/certs/cacert.pem ca_key = /etc/keystone/pki/private/cakey.pem key_size = 2048 valid_days = 3650 cert_subject = /C=JP/ST=Hiroshima/L=Hiroshima/O=Server_World/CN=dlp.srv.world
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone 2013-11-21 15:56:59.857 6100 INFO keystone.common.openssl [-] openssl req -key /etc/keystone/pki/private/signing_key.pem -new -out /etc/keystone/pki/certs/req.pem -config /etc/keystone/pki/certs/openssl.conf -subj /C=JP/ST=Hiroshima/L=Hiroshima/O=Server_World/CN=dlp.srv.world 2013-11-21 15:56:59.867 6100 INFO keystone.common.openssl [-] openssl ca -batch -out /etc/keystone/pki/certs/signing_cert.pem -config /etc/keystone/pki/certs/openssl.conf -days 3650d -cert /etc/keystone/pki/certs/cacert.pem -keyfile /etc/keystone/pki/private/cakey.pem -infiles /etc/keystone/pki/certs/req.pem Using configuration from /etc/keystone/pki/certs/openssl.conf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'JP' stateOrProvinceName :ASN.1 12:'Hiroshima' localityName :ASN.1 12:'Hiroshima' organizationName :ASN.1 12:'Server_World' commonName :ASN.1 12:'dlp.srv.world' Certificate is to be certified until Nov 19 06:56:59 2023 GMT (3650 days) Write out database with 1 new entries Data Base Updatedroot@dlp:~# keystone-manage db_sync root@dlp:~# service keystone restart keystone stop/waiting keystone start/running, process 1567 |