Difference between revisions of "OpenStack: Deploy Keystone Identity Service"
Jump to navigation
Jump to search
(Created page with "== Install == <syntaxhighlight> 2 yum -y install openstack-keystone openstack-selinux 3 yum -y install openstack-utils </syntaxhighlight> == Set up Database == <syntaxhighlight> 4 openstack-db...") |
(No difference)
|
Revision as of 09:09, 28 April 2015
Install
2 yum -y install openstack-keystone openstack-selinux
3 yum -y install openstack-utilsSet up Database
4 openstack-db --init --service keystoneSet up PKI infrastructure for Keystone
[root@server2-a ~]# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
Generating RSA private key, 2048 bit long modulus
.......+++
.....................................................................................+++
e is 65537 (0x10001)
Generating RSA private key, 2048 bit long modulus
...........+++
..................+++
e is 65537 (0x10001)
Using configuration from /etc/keystone/ssl/certs/openssl.conf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :ASN.1 12:'Unset'
localityName :ASN.1 12:'Unset'
organizationName :ASN.1 12:'Unset'
commonName :ASN.1 12:'www.example.com'
Certificate is to be certified until Apr 25 08:56:49 2025 GMT (3650 days)
Write out database with 1 new entries
Data Base UpdatedSet TOKEN & ENDPOINT
[root@server2-a ~]# export SERVICE_TOKEN=$(openssl rand -hex 10)
[root@server2-a ~]# export SERVICE_ENDPOINT=http://server2-a.example.com:35357/v2.0
[root@server2-a ~]# echo $SERVICE_TOKEN > /root/ks_admin_token
[root@server2-a ~]# cat /root/ks_admin_token
43c409db183b57696937something
[root@server2-a ~]# cat >> /root/keystonerc_token << EOF
> unset OS_USERNAME OS_TENANT_NAME OS_PASSWORD OS_AUTH_URL
> export SERVICE_TOKEN=$(cat /root/ks_admin_token)
> export SERVICE_ENDPOINT=http://server2-a.example.com:35357/v2.0
> export PS1='[\u@\h \W(keystone_token)]\$ '
> EOF[root@server2-a ~]# crudini --set /etc/keystone/keystone.conf DEFAULT admin_token $SERVICE_TOKEN
[root@server2-a ~]# systemctl start openstack-keystone
[root@server2-a ~]# systemctl enable openstack-keystone
ln -s '/usr/lib/systemd/system/openstack-keystone.service' '/etc/systemd/system/multi-user.target.wants/openstack-keystone.service'
[root@server2-a ~]# systemctl enable mariadb.service
ln -s '/usr/lib/systemd/system/mariadb.service' '/etc/systemd/system/multi-user.target.wants/mariadb.service'[root@server2-a ~]# firewall-cmd --add-port=35357/tcp --permanent
success
[root@server2-a ~]# firewall-cmd --add-port=5000/tcp --permanent
success
[root@server2-a ~]# firewall-cmd --reload
success