Install and Configure OpenStack Identity Service

Installing OpenStack Identity service

The OpenStack Identity Service performs the following functions:

  • Tracking users and their permissions.
  • Providing a catalog of available services with their API endpoints.

When installing OpenStack Identity service, you must register each service in your OpenStack installation. Identity service can then track which OpenStack services are installed, and where they are located on the network.

Here in this article, we will be knowing about installation and configuration of OpenStack Identity service, known as Keystone, using the Ubuntu Cloud Archive. Keystone is an identity service that manages user databases and OpenStack service catalogs and their API endpoints. It integrates with existing backend directory services like LDAP and supports multiple authentication mechanisms, such as username-and-password, token-based systems and AWS-style logins. Once configured, connecting to our OpenStack cloud environment will be performed through our new OpenStack Identity service.

The backend data store for our OpenStack Identity service will be a MySQL database.

Getting started

To ensure that running Ubuntu Cloud Archive is running, we must first configure our Ubuntu 12.04 installation to use this service.

We will configure Keystone to use MySQL as the database backend, so this needs to be installed prior to installing Keystone. If MySQL is not installed, execute the following steps to install and configure MySQL:

MYSQL_ROOT_PASS = openstack


# To enable non-interactive installations

of MySQL, set the following

echo “mysql-server-5.5 mysql-server/ root_password password \
$ MYSQL_ROOT_PASS” | sudo debconf-set-
 echo “mysql-server-5.5 mysql-
server/ root_password_again password \
$ MYSQL_ROOT_PASS” | sudo debconf-set-
echo “mysql-server-5.5 mysql-
server/ root_password seen true” \
| sudo debconf-set-selections
echo “mysql-server-5.5 mysql-
server/ root_password_again seen true” \
| sudo debconf-set-selections
 export DEBIAN_FRONTEND = noninteractive
sudo apt-get update
sudo apt-get -q -y install mysql-server
sudo sed -i “s/ ^ bind\-address.*/ bind-
address = ${ MYSQL_HOST}/ g” \
/etc/ mysql/ my.cnf
 sudo service mysql restart
mysqladmin -uroot password
mysql -u root –
password = ${ MYSQL_ROOT_PASS} -h localhost \
-e “GRANT ALL ON *.* to
root@\” localhost\” IDENTIFIED BY
mysql -u root –
password = ${ MYSQL_ROOT_PASS} -h localhost \
-e “GRANT ALL ON *.* to
mysql -u root – – password = ${ MYSQL_ROOT_PASS} -h localhost \
-e “GRANT ALL ON *.* to root@\”%\”
mysqladmin -uroot -p ${ MYSQL_ROOT_PASS} flush-privileges

Successively ensure that you’re log into the nominated OpenStack Identity server or OpenStack Controller host where OpenStack Identity service must be installed and the rest of the OpenStack hosts can have access to.

To log on to our OpenStack Controller host that was created using Vagrant, issue the following command:

vagrant ssh controller

How to achieve it…

Carry out the following simple instructions to install OpenStack Identity service:

1) Installation of OpenStack Identity service is achieved by specifying the keystone package in Ubuntu, and we perform it as follows:

sudo apt-get update
sudo apt-get -y install keystone python-keyring

2) Once installed, we need to configure the backend database store, for that we must first create the keystone database in MySQL. We do this as shown (it  has a user in MySQL called root, with password openstack, that is able to create databases):

MYSQL_ROOT_PASS = openstack
mysql -uroot -p $ MYSQL_ROOT_PASS -e “CREATE DATABASE \

3) It is a good practice to create a user which is specific to our OpenStack Identity service, so we create this as follows:

ON keystone.* TO ‘keystone’@’%’;” mysql -uroot -p $ MYSQL_ROOT_PASS -e “SET PASSWORD FOR \
‘keystone’@’%’ = PASSWORD(‘ $ MYSQL_KEYSTONE_PASS’);”

4) We then need to configure an OpenStack Identity service to use this database by editing the /etc/ keystone/ keystone.conf file, and then change the sql_connection line to match the database credentials. We do this as follows:

 MYSQL_HOST = sudo sed -i “s# ^ connection.*# connection = \ mysql:// keystone:openstack@ keystone#” \
/etc/ keystone/ keystone.conf

5) A super-user admin token resides in the /etc/ keystone/ keystone.conf file. To configure this we do the following:

sudo sed -i “s/ ^# admin_token.*/ admin_token = ADMIN” \ /etc/ keystone/ keystone.conf

6) As of the Grizzly release, Keystone supports PKI infrastructure to cryptographically sign the tokens. To disable this feature for now, we edit the /etc/ keystone/ keystone.conf file to use non-signed tokens as follows:

 sudo sed -i “s/ ^# token_format.*/ token_format = UUID” \
/etc/ keystone/ keystone.conf

7) We can now restart the keystone service  with the help of the following commands:

sudo stop keystone

sudo start keystone

8) With Keystone already started, we can now populate the keystone database with the required tables, by issuing the below command:

sudo keystone-manage db_sync


Hurray! We now have the OpenStack Identity service installed and ready to use in our OpenStack environment.

How it works…

 A convenient way to install OpenStack Identity service ready for instant use in our OpenStack environment, is by using the Ubuntu packages. Once installed, we configure our MySQL database server with a keystone database and set up the keystone. conf configuration file to use this. After starting the Keystone service, running the keystone-manage db_sync command populates the keystone database with the appropriate tables ready for us to add in the required users, roles, and tenants required in our OpenStack environment.

Take OpenStack Training Course from MindMajix 

0 Responses on Install and Configure OpenStack Identity Service"

Leave a Message

Your email address will not be published. Required fields are marked *

Copy Rights Reserved © Mindmajix.com All rights reserved. Disclaimer.