OpenStack Icehouse : Configure Keystone#1
2014/05/13 |
Install and Configure OpenStack Identity Service (Keystone).
|
|
[1] | Install Keystone |
root@dlp:~# apt-get -y install keystone python-mysqldb
|
[2] | Add a User and DB for Keystone to MySQL. |
root@dlp:~# mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 72 Server version: 5.6.16-1~exp1 (Ubuntu) Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. # set any password for 'password' section
mysql>
create database keystone character set utf8; Query OK, 1 row affected (0.00 sec)
mysql>
grant all privileges on keystone.* to keystone@'localhost' identified by 'password'; Query OK, 0 rows affected (0.00 sec)
mysql>
grant all privileges on keystone.* to keystone@'%' identified by 'password'; Query OK, 0 rows affected (0.00 sec)
mysql>
mysql> flush privileges; Query OK, 0 rows affected (0.00 sec) exit Bye |
[3] | Configure Keystone |
root@dlp:~#
vi /etc/keystone/keystone.conf # line 13; uncomment and change to any Token admin_token = admintoken
# line 626: change ( the one added in MySQL ) connection = mysql://keystone:password@10.0.0.30/keystone
# line 1196: uncomment and add token_format = PKI
# line 1199-1220: uncomment all and chnage to your locations like below certfile = /etc/keystone/ssl/certs/signing_cert.pem keyfile = /etc/keystone/ssl/private/signing_key.pem ca_certs = /etc/keystone/ssl/certs/ca.pem ca_key = /etc/keystone/ssl/private/cakey.pem key_size = 2048 valid_days = 3650 cert_subject = /C=JP/ST=Hiroshima/L=Hiroshima/O=Server_World/CN=dlp.srv.world
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone root@dlp:~# keystone-manage db_sync root@dlp:~# initctl restart keystone keystone start/running, process 10060 |