OpenStack Installation

This section describes how to install and configure the OpenStack Identity service on the controller node.

Prerequisites

Before you configure the OpenStack Identity service, you must create a database and an administration token.

-To create the database, complete the following actions:

Use the database access client to connect to the database server as the root user:

$ mysql -u root -p

Create the keystone database:

CREATE DATABASE keystone;

Grant proper access to the keystone database:

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \

IDENTIFIED BY 'KEYSTONE_DBPASS';

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \

IDENTIFIED BY 'KEYSTONE_DBPASS'; Replace KEYSTONE_DBPASS with a suitable password.Exit the database access client.

Generate a random value to use as the administration token during initial configuration:

Interested in mastering OpenStack Training? Enroll now for FREE demo on OpenStack Training.

# openssl rand -hex 10

To install and configure the components

Run the following command to install the packages:

# apt-get install keystone python-keystoneclient

Edit the /etc/keystone/keystone.conf file and complete the following actions:

-In the [DEFAULT] section, define the value of the initial administration token:

[DEFAULT]

...

admin_token = ADMIN_TOKEN

Replace ADMIN_TOKEN with the random value that you generated in a previous step.

-In the [database] section, configure database access:

[database]

...

connection = mysql://keystone:KEYSTONE_DBPASS@controller/keystone

 Replace KEYSTONE_DBPASS with the password you chose for the database.

-In the [token] section, configure the UUID token provider and SQL driver:

[token]

...

provider = keystone.token.providers.uuid.Provider

driver = keystone.token.persistence.backends.sql.Token

-In the [revoke] section, configure the SQL revocation driver:

[revoke]

...

driver = keystone.contrib.revoke.backends.sql.Revoke

(Optional) To assist with troubleshooting, enable verbose logging in the [DEFAULT] section:

[DEFAULT]

...

verbose = True

Populate the Identity service database:

# su -s /bin/sh -c "keystone-manage db_sync" keystone

Learn more about OpenStack Interview Questions in this blog post.