{"id":225,"date":"2015-09-07T09:37:27","date_gmt":"2015-09-07T09:37:27","guid":{"rendered":"http:\/\/onlinelab.info\/?p=225"},"modified":"2015-09-07T09:37:27","modified_gmt":"2015-09-07T09:37:27","slug":"openstack-kilo-on-ubuntu-14-04-2-configure-keystone-1","status":"publish","type":"post","link":"https:\/\/www.asianux.org.vn\/index.php\/2015\/09\/07\/openstack-kilo-on-ubuntu-14-04-2-configure-keystone-1\/","title":{"rendered":"OpenStack Kilo on Ubuntu 14.04.2 \u2013 Configure KeyStone #1"},"content":{"rendered":"<figure id=\"attachment_8807\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-8807\" src=\"http:\/\/www.itzgeek.com\/wp-content\/uploads\/2015\/06\/OpenStack-Logo.png\" alt=\"OpenStack Logo\" width=\"200\" height=\"200\" title=\"\"><figcaption class=\"wp-caption-text\">OpenStack Logo<\/figcaption><\/figure>\n<p>Keystone is the OpenStack identity service, it provides the functionality of tracking users and their permissions; catalog functions via API endpoints. It doesn\u2019t actually provide you any user management\u00a0 functions, rather, it provides plug-in interfaces to choose between current authentication service or third-party identity services that are available on the market.<\/p>\n<p>Before going ahead, take a look at our <a href=\"http:\/\/www.itzgeek.com\/how-tos\/linux\/ubuntu-how-tos\/install-openstack-kilo-on-ubuntu-14-04-2.html\" target=\"_blank\" rel=\"noopener\">Infrastructure design<\/a> in previous article.<\/p>\n<p>This guide shows you how to install and configure OpenStack Identity service, code-named keystone, on the controller node.<\/p>\n<h2>Prerequisites:<\/h2>\n<p>Before installing OpenStack identity service, you must create a database and administration token.<\/p>\n<pre># mysql -u root -p<\/pre>\n<p>create the keystone database.<\/p>\n<pre>CREATE DATABASE keystone;<\/pre>\n<p>Set proper access to keystone database.<\/p>\n<pre>GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'PASSWD';\nGRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'PASSWD';<\/pre>\n<p>Replace PASSWD with a suitable password.<\/p>\n<p>Generate a random value and that can be used as an administration token for initial configuration.<\/p>\n<pre># openssl rand -hex 10<\/pre>\n<h2>Install and Configure KeyStone:<\/h2>\n<p>Disable keystone service from starting automatically after installation.<\/p>\n<pre># echo \"manual\" &gt; \/etc\/init\/keystone.override<\/pre>\n<p>* In Kilo, Apache HTTP server is used to serve keystone requests on ports 5000 and 35357 with help of mod_wsgi instead of Eventlet which is depreciated in this version OpenStack.<\/p>\n<p>Install keystone.<\/p>\n<pre># apt-get install keystone python-openstackclient apache2 libapache2-mod-wsgi memcached python-memcache<\/pre>\n<p>Edit keystone configuration file.<\/p>\n<pre># nano \/etc\/keystone\/keystone.conf<\/pre>\n<p>Place the following entries in proper section of the above file.<\/p>\n<pre>[DEFAULT]\n...\nadmin_token = <em><strong>43405b090eda983ddde2<\/strong><\/em> <strong>## Replace 43405b090eda983ddde2 with a random that you generated earlier<\/strong>\nverbose = True\n\n[database]\n...\nconnection = mysql:\/\/keystone:<em><strong>PASSWD<\/strong><\/em>@<em><strong>controller<\/strong><\/em>\/keystone\u00a0 <strong>## Replace PASSWD with your KeyStone DB password<\/strong>\n[memcache]\n...\nservers = localhost:11211\n[token]\n...\nprovider = keystone.token.providers.uuid.Provider\ndriver = keystone.token.persistence.backends.memcache.Token\n[revoke]\n...\ndriver = keystone.contrib.revoke.backends.sql.Revoke<\/pre>\n<p>Run the following command to populate the identity service database.<\/p>\n<pre># keystone-manage db_sync<\/pre>\n<h2>Configure Apache HTTP server:<\/h2>\n<p>Edit \/etc\/apache2\/apache2.conf and configure ServerName option to reference the controller node.<\/p>\n<pre>ServerName controller<\/pre>\n<p>Create the below file.<\/p>\n<pre># nano \/etc\/apache2\/sites-enabled\/wsgi-keystone.conf<\/pre>\n<p>Paste the following content on to above file.<\/p>\n<pre>Listen 5000\nListen 35357\n\n&lt;VirtualHost *:5000&gt;\n\u00a0\u00a0\u00a0 WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone display-name=%{GROUP}\n\u00a0\u00a0\u00a0 WSGIProcessGroup keystone-public\n\u00a0\u00a0\u00a0 WSGIScriptAlias \/ \/var\/www\/cgi-bin\/keystone\/main\n\u00a0\u00a0\u00a0 WSGIApplicationGroup %{GLOBAL}\n\u00a0\u00a0\u00a0 WSGIPassAuthorization On\n\u00a0\u00a0\u00a0 &lt;IfVersion &gt;= 2.4&gt;\n\u00a0\u00a0\u00a0\u00a0\u00a0 ErrorLogFormat \"%{cu}t %M\"\n\u00a0\u00a0\u00a0 &lt;\/IfVersion&gt;\n\u00a0\u00a0\u00a0 LogLevel info\n\u00a0\u00a0\u00a0 ErrorLog \/var\/log\/apache2\/keystone-error.log\n\u00a0\u00a0\u00a0 CustomLog \/var\/log\/apache2\/keystone-access.log combined\n&lt;\/VirtualHost&gt;\n\n&lt;VirtualHost *:35357&gt;\n\u00a0\u00a0\u00a0 WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone display-name=%{GROUP}\n\u00a0\u00a0\u00a0 WSGIProcessGroup keystone-admin\n\u00a0\u00a0\u00a0 WSGIScriptAlias \/ \/var\/www\/cgi-bin\/keystone\/admin\n\u00a0\u00a0\u00a0 WSGIApplicationGroup %{GLOBAL}\n\u00a0\u00a0\u00a0 WSGIPassAuthorization On\n\u00a0\u00a0\u00a0 &lt;IfVersion &gt;= 2.4&gt;\n\u00a0\u00a0\u00a0\u00a0\u00a0 ErrorLogFormat \"%{cu}t %M\"\n\u00a0\u00a0\u00a0 &lt;\/IfVersion&gt;\n\u00a0\u00a0\u00a0 LogLevel info\n\u00a0\u00a0\u00a0 ErrorLog \/var\/log\/apache2\/keystone-error.log\n\u00a0\u00a0\u00a0 CustomLog \/var\/log\/apache2\/keystone-access.log combined\n&lt;\/VirtualHost&gt;\n<\/pre>\n<p>Create the directory for WSGI components.<\/p>\n<pre># mkdir -p \/var\/www\/cgi-bin\/keystone<\/pre>\n<p>Run the following command to download WSGI components from upstream repository.<\/p>\n<pre># curl http:\/\/git.openstack.org\/cgit\/openstack\/keystone\/plain\/httpd\/keystone.py?h=stable\/kilo | tee \/var\/www\/cgi-bin\/keystone\/main \/var\/www\/cgi-bin\/keystone\/admin<\/pre>\n<p>Change ownership and permissions.<\/p>\n<pre># chown -R keystone:keystone \/var\/www\/cgi-bin\/keystone\n# chmod 755 \/var\/www\/cgi-bin\/keystone\/*<\/pre>\n<p>Restart the Apache service.<\/p>\n<pre># service apache2 restart<\/pre>\n<p>Remove SQLite database as we are using MySQL database.<\/p>\n<pre># rm -f \/var\/lib\/keystone\/keystone.db<\/pre>\n<p>Next is to Create the service entity and API endpoints.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>OpenStack Logo Keystone is the OpenStack identity service, it provides the functionality of tracking users and their permissions; catalog functions via API endpoints. It doesn\u2019t actually provide you any user management\u00a0 functions, rather, it provides&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"class_list":["post-225","post","type-post","status-publish","format-standard","hentry","category-virtualization"],"_links":{"self":[{"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/posts\/225","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/comments?post=225"}],"version-history":[{"count":0,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/posts\/225\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/media?parent=225"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/categories?post=225"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/tags?post=225"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}