Skip to content

Latest commit

 

History

History
153 lines (107 loc) · 2.92 KB

02-keystone.md

File metadata and controls

153 lines (107 loc) · 2.92 KB
Raw

Keystone Install

Keystone logo

1. CONTROLLER NODE

Database setup

  1. Access database as root:
mysql
  1. Create keystone database:
CREATE DATABASE keystone;
  1. Grant proper access to keystone user and exit:
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' identified by 'password123';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' identified by 'password123';
exit

Install and configure

  1. Install packages:
apt install keystone -y
  1. Backup an sanitize /etc/keystone/keystone.conf:
cp -p /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak
grep -Ev '^(#|$)' /etc/keystone/keystone.conf.bak|sed '/^\[.*]/i \ '|tail -n +2 > /etc/keystone/keystone.conf
  1. Edit /etc/keystone/keystone.conf sections:
[database]
# ...
connection = mysql+pymysql://keystone:password123@controller/keystone

[token]
# ...
provider = fernet
  1. Populate database:
su -s /bin/sh -c "keystone-manage db_sync" keystone

Bootstrap Keystone

  1. Initialize fernet:
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
  1. Bootstrap identity service:
keystone-manage bootstrap --bootstrap-password password123 \
  --bootstrap-admin-url http://controller:5000/v3/ \
  --bootstrap-internal-url http://controller:5000/v3/ \
  --bootstrap-public-url http://controller:5000/v3/ \
  --bootstrap-region-id RegionOne

Configure Apache HTTP server

  1. Edit /etc/apache2/apache2.conf and add ServerName option:
ServerName controller
  1. Restart apache service:
service apache2 restart

Create admin RC file

  • Create ~/.adminrc file:
export OS_USERNAME=admin
export OS_PASSWORD=password123
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3

Create domain, projects, users, and roles

  1. Source .adminrc
source ~/.adminrc
  1. Create service project
openstack project create --domain default \
  --description "Service Project" service
  1. Create demo project, user, and role
openstack project create --domain default \
  --description "Demo Project" demoproject

openstack user create --domain default \
  --password password123 demouser
  1. Assign member role demouser in demo project
openstack role add --project demoproject --user demouser member

Create demo RC file

  • Create ~/.demorc file:
export OS_USERNAME=demouser
export OS_PASSWORD=password123
export OS_PROJECT_NAME=demoproject
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3