Keystone

From Gentoo Wiki
Jump to: navigation, search

Keystone is a basic service on the openstack architecture providing Identity services.

Installation

USE flags

USE flags for sys-auth/keystone The Openstack authentication, authorization, and service catalog

ldap Add LDAP support (Lightweight Directory Access Protocol)
memcached Installs dependencies needed for using memcached as a backend
mongo Installs dependencies needed for using mongo as a backend
mysql Add mySQL Database support
postgres Add support for the postgresql database
sqlite Add support for sqliteembedded sql database
test Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)

Emerge

root #emerge --ask sys-auth/keystone

Configuration

Postgresql

First we generate a complex enough password...

root #uuidgen
 15877e78-0026-4120-9b51-257e198232ee 

Connect to postgresql

root #psql -U postgres

Create keystone user, database etc... in postgresql

postgres=#CREATE USER keystone;
postgres=#ALTER USER keystone WITH PASSWORD '15877e78-0026-4120-9b51-257e198232ee';
postgres=#CREATE DATABASE keystone;
postgres=#GRANT ALL PRIVILEGES ON DATABASE keystone TO keystone;
postgres=#\q

Now Modify the configuration file

FILE /etc/keystone/keystone.confkeystone.conf
'"`UNIQ--pre-00000002-QINU`"'

Emerge the postgresql python driver

root #emerge --ask dev-python/psycopg

Sync with the database

root #keystone-manage db_sync

Setup the fermet key repos:

root # keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
root # keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

Boostrap the identity service

root #
 keystone-manage bootstrap --bootstrap-password <<root_pass>> \
  --bootstrap-admin-url http://<<hostname>>:35357/v3/ \
  --bootstrap-internal-url http://<<hostname>>:35357/v3/ \
  --bootstrap-public-url http://<<hostname>>:5000/v3/ \
  --bootstrap-region-id RegionOne

Now lets configure the webserver, if you do not have it emerge apache:

root #emerge --ask www-servers/apache