Difference between revisions of "OpenStack: Deploy Keystone Identity Service"

    2  yum -y install openstack-keystone openstack-selinux
    3  yum -y install openstack-utils

    4  openstack-db --init --service keystone

[root@server2-a ~]# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
Generating RSA private key, 2048 bit long modulus
.......+++
.....................................................................................+++
e is 65537 (0x10001)
Generating RSA private key, 2048 bit long modulus
...........+++
..................+++
e is 65537 (0x10001)
Using configuration from /etc/keystone/ssl/certs/openssl.conf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'US'
stateOrProvinceName   :ASN.1 12:'Unset'
localityName          :ASN.1 12:'Unset'
organizationName      :ASN.1 12:'Unset'
commonName            :ASN.1 12:'www.example.com'
Certificate is to be certified until Apr 25 08:56:49 2025 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated

[root@server2-a ~]# export SERVICE_TOKEN=$(openssl rand -hex 10)
[root@server2-a ~]# export SERVICE_ENDPOINT=http://server2-a.example.com:35357/v2.0
[root@server2-a ~]# echo $SERVICE_TOKEN > /root/ks_admin_token
[root@server2-a ~]# cat /root/ks_admin_token 
43c409db183b57696937

[root@server2-a ~]# cat >> /root/keystonerc_token << EOF
> unset OS_USERNAME OS_TENANT_NAME OS_PASSWORD OS_AUTH_URL
> export SERVICE_TOKEN=$(cat /root/ks_admin_token)
> export SERVICE_ENDPOINT=http://server2-a.example.com:35357/v2.0
> export PS1='[\u@\h \W(keystone_token)]\$ '
> EOF

[root@server2-a ~]# crudini --set /etc/keystone/keystone.conf DEFAULT admin_token $SERVICE_TOKEN
[root@server2-a ~]# systemctl start openstack-keystone
[root@server2-a ~]# systemctl enable openstack-keystone
ln -s '/usr/lib/systemd/system/openstack-keystone.service' '/etc/systemd/system/multi-user.target.wants/openstack-keystone.service'
[root@server2-a ~]# systemctl enable mariadb.service
ln -s '/usr/lib/systemd/system/mariadb.service' '/etc/systemd/system/multi-user.target.wants/mariadb.service'

[root@server2-a ~]# firewall-cmd --add-port=35357/tcp --permanent
success
[root@server2-a ~]# firewall-cmd --add-port=5000/tcp --permanent
success
[root@server2-a ~]# firewall-cmd --reload
success

[root@server2-a ~]# keystone service-create --name=keystone --type=identity --description="Keyston Identity Service"
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |     Keyston Identity Service     |
|   enabled   |               True               |
|      id     | 15ce61e2e1b24b4eb41896226e45c6cc |
|     name    |             keystone             |
|     type    |             identity             |
+-------------+----------------------------------+
[root@server2-a ~]# keystone endpoint-create --service-id 15ce61e2e1b24b4eb41896226e45c6cc --publicurl 'http://server2-a.exmaple.com:5000/v2.0' --adminurl 'http://server2-a.example.com:35357/v2.0' --internalurl 'http://server2-a.example.com:5000/v2.0'
+-------------+-----------------------------------------+
|   Property  |                  Value                  |
+-------------+-----------------------------------------+
|   adminurl  | http://server2-a.example.com:35357/v2.0 |
|      id     |     c25e8cc4a0d34ed597051c4d56714795    |
| internalurl |  http://server2-a.example.com:5000/v2.0 |
|  publicurl  |  http://server2-a.exmaple.com:5000/v2.0 |
|    region   |                regionOne                |
|  service_id |     15ce61e2e1b24b4eb41896226e45c6cc    |
+-------------+-----------------------------------------+