In this tutorial, How to Install and configure OpenStack Keystone. In previous, my post has How to install OpenStack all in one Centos 7. If you have not yet installed OpenStack Keystone then step install as below
Table of Contents
Step by step Install and configure OpenStack Keystone
Create a User and Database on MariaDB for Keystone.
[vagrant@DevopsRoles ~]# mysql -u root -p
MariaDB [(none)]> create database keystone;
MariaDB [(none)]> grant all privileges on keystone.* to keystone@'localhost' identified by 'password';
MariaDB [(none)]> grant all privileges on keystone.* to keystone@'%' identified by 'password';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit
Install Keystone.
[vagrant@DevopsRoles ~]# yum --enablerepo=centos-openstack-stein,epel -y install openstack-keystone openstack-utils python-openstackclient httpd mod_wsgi
Configure Keystone.
[vagrant@DevopsRoles ~]# vi /etc/keystone/keystone.conf
# line 476: add specify Memcache server
memcache_servers = 10.0.2.15:11211
# line 608: add MariaDB connection info
connection = mysql+pymysql://keystone:password@10.0.2.15/keystone
[token]
# line 2531: uncomment
provider = fernet
[vagrant@DevopsRoles ~]# su -s /bin/bash keystone -c "keystone-manage db_sync"
# initialize keys
[vagrant@DevopsRoles ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[vagrant@DevopsRoles ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
# define own host (controller host)
[vagrant@DevopsRoles ~]# export controller=10.0.2.15
# bootstrap keystone (replace any password you like for "adminpassword" section)
[vagrant@DevopsRoles ~]# keystone-manage bootstrap --bootstrap-password adminpassword \
--bootstrap-admin-url http://$controller:5000/v3/ \
--bootstrap-internal-url http://$controller:5000/v3/ \
--bootstrap-public-url http://$controller:5000/v3/ \
--bootstrap-region-id RegionOne
If SELinux is enabled on Centos 7
[vagrant@DevopsRoles ~]# setsebool -P httpd_use_openstack on
[vagrant@DevopsRoles ~]# setsebool -P httpd_can_network_connect on
[vagrant@DevopsRoles ~]# setsebool -P httpd_can_network_connect_db on
Allow ports for services with Firewalld is running
[vagrant@DevopsRoles ~]# firewall-cmd --add-port=5000/tcp --permanent
[vagrant@DevopsRoles ~]# firewall-cmd --reload
Keystone enables and starts Apache httpd.
[vagrant@DevopsRoles ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[vagrant@DevopsRoles ~]# systemctl start httpd
[vagrant@DevopsRoles ~]# systemctl enable httpd
How to Add Projects in OpenStack Keystone
To create and load an environment file for KeyStone
[vagrant@DevopsRoles ~]# vi ~/keystonerc
The content as below
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=adminpassword
export OS_AUTH_URL=http://10.0.2.15:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export PS1='[\u@\h \W(keystone)]\$ '
To apply the change
[vagrant@DevopsRoles ~]# chmod 600 ~/keystonerc
[vagrant@DevopsRoles ~]# source ~/keystonerc
[vagrant@DevopsRoles ~(keystone)]# echo "source ~/keystonerc " >> ~/.bash_profile
Create Projects.
[vagrant@DevopsRoles ~]# openstack project create --domain default --description "Service Project" service
#To confirm settings create Projects
[vagrant@DevopsRoles ~(keystone)]# openstack project list
You have to Install and configure OpenStack Keystone. Thank you for reading the DevopsRoles page!