Installing OpenStack Identity service
The OpenStack identity service performs the following functions:
1. Tracking users and their permissions.
2. Providing a catalog of available services with their API endpoints.
When installing OpenStack Identity service, you must register each service in your OpenStack installation. Identity service can then track which OpenStack services are installed, and where they are located on the network.
Here in this article, we will be knowing about installation and configuration of OPENSTACK Identity service, known as Keystone, using the Ubuntu Cloud Archive. Keystone is an identity service that manages user databases and OpenStack service catalogs and their API endpoints. It integrates with existing backend directory services like LDAP and supports multiple authentication mechanisms, such as username-and-password, token-based systems and AWS-style logins. Once configured, connecting to our OpenStack cloud environment will be performed through our new OpenStack Identity service.
The backend data store for our OpenStack Identity service will be a MySQL database.
To ensure that running Ubuntu Cloud Archive is running, we must first configure our Ubuntu 12.04 installation to use this service.
We will configure Keystone to use MySQL as the database backend, so this needs to be installed prior to installing Keystone. If MySQL is not installed, execute the following steps to install and configure MySQL:
MYSQL_ROOT_PASS = openstack
MYSQL_HOST = 172.16.0.200
# To enable non-interactive installations
of MySQL, set the following
Successively ensure that you’re log into the nominated OpenStack Identity server or OpenStack Controller host where OpenStack Identity service must be installed and the rest of the OpenStack hosts can have access to.
To log on to our OpenStack Controller host that was created using Vagrant, issue the following command:
vagrant ssh controller
How to achieve it…
Carry out the following simple instructions to install OpenStack Identity service:
1) Installation of OpenStack Identity service is achieved by specifying the keystone package in Ubuntu, and we perform it as follows:
sudo apt-get update
sudo apt-get -y install keystone python-keyring
2) Once installed, we need to configure the backend database store, for that we must first create the keystone database in MySQL. We do this as shown (it has a user in MySQL called root, with password openstack, that is able to create databases):
MYSQL_ROOT_PASS = openstack
mysql -uroot -p $ MYSQL_ROOT_PASS -e “CREATE DATABASE
3) It is a good practice to create a user which is specific to our OpenStack Identity service, so we create this as follows:
4) We then need to configure an OpenStack Identity service to use this database by editing the /etc/ keystone/ keystone.conf file, and then change the sql_connection line to match the database credentials. We do this as follows:
5) A super-user admin token resides in the /etc/ keystone/ keystone.conf file. To configure this we do the following:
6) As of the Grizzly release, Keystone supports PKI infrastructure to cryptographically sign the tokens. To disable this feature for now, we edit the /etc/ keystone/ keystone.conf file to use non-
7) We can now restart the keystone service with the help of the following commands:
sudo stop keystone
sudo start keystone
8) With Keystone already started, we can now populate the keystone database with the required tables, by issuing the below command:
sudo keystone-manage db_sync
Hurray! We now have the OpenStack Identity service installed and ready to use in our OpenStack environment.
How it works…
A convenient way to install OpenStack Identity service ready for instant use in our OpenStack environment, is by using the Ubuntu packages. Once installed, we configure our MySQL database server with a keystone database and set up the keystone. conf configuration file to use this. After starting the Keystone service, running the keystone-manage db_sync command populates the keystone database with the appropriate tables ready for us to add in the required users, roles, and tenants required in our OpenStack environment.