blob: 2e8bf99e7284d949b6180f5a33470caa3b80bee1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
================================================================================
==================
1. Prerequisites
==================
On the system where Keystone will run:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- a httpd service, e.g. apache, in conjunction with mod_wsgi or
mod_proxy_uswgi is required to make Keystone available.
- Please have a look in %%EXAMPLESDIR%%/httpd
for some example configurations.
On the system that will be used to manage the Keystone service:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- create an normal user
- install the OpenStack client (net/py-python-openstackclient)
===================================
2. Configure the Keystone service
===================================
Edit %%PREFIX%%/etc/keystone/keystone.conf .
Database access:
~~~~~~~~~~~~~~~~
In the [database] section, set the location for the database. Please make sure,
that you use an absolute path otherwise Keystone won't work properly.
[database]
# ...
connection = sqlite:////var/lib/keystone/keystone.db
Token provider:
~~~~~~~~~~~~~~~
In the [token] section, configure the Fernet token provider:
[token]
# ...
provider = fernet
===========================================
3. Populate the Identity service database
===========================================
# su -m keystone -c "keystone-manage db_sync"
=======================================
4. Initialize Fernet key repositories
=======================================
The key repositories will be placed by default in:
- %%PREFIX%%/etc/keystone/credential-keys/
- %%PREFIX%%/etc/keystone/fernet-keys/
# keystone-manage fernet_setup --keystone-user keystone \
--keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone \
--keystone-group keystone
===================================
5. Bootstrap the Identity service
===================================
# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://HOSTNAME:35357/v3/ \
--bootstrap-internal-url http://HOSTNAME:5000/v3/ \
--bootstrap-public-url http://HOSTNAME:5000/v3/ \
--bootstrap-region-id RegionOne
=============================
6. Configure the web server
=============================
Refer to the example configuration files in
%%EXAMPLESDIR%%/httpd
=============================
7. Configure the admin user
=============================
Login with the user that should be used for the administrative tasks and set the
environment variables as listed below:
$ export OS_USERNAME=admin
$ export OS_PASSWORD=ADMIN_PASS
$ export OS_PROJECT_NAME=admin
$ export OS_USER_DOMAIN_NAME=Default
$ export OS_PROJECT_DOMAIN_NAME=Default
$ export OS_AUTH_URL=http://HOSTNAME:35357/v3
$ export OS_IDENTITY_API_VERSION=3
===============================================
8. Create a domain, projects, users and roles
===============================================
$ openstack domain create --description "An Example Domain" example
$ openstack project create --domain default \
--description "Service project" service
$ openstack project create --domain default \
--description "Demo Project" demo
$ openstack user create --domain default \
--password-prompt demo
=====================
9. Verify operation
=====================
$ unset OS_AUTH_URL OS_PASSWORD
$ openstack --os-auth-url http://HOSTNAME:35357/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
$ openstack --os-auth-url http://HOSTNAME:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name demo --os-username demo token issue
================================================================================
|