Chef Cookbook - OpenStack Identity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Go to file
Lance Albertson f052ede42b
CentOS 8 support
1 year ago
.delivery Stein fixes 3 years ago
attributes CentOS 8 support 1 year ago
recipes CentOS 8 support 1 year ago
spec CentOS 8 support 1 year ago
templates/default Possibility to set SSLCARevocationPath for keystone as chef default attribute "ca_revocation_path" 2 years ago
.gitignore add a Rakefile to structure test runs 8 years ago
.gitreview OpenDev Migration Patch 4 years ago
.rubocop.yml Chef 17 support 1 year ago
.zuul.yaml Rename openstack-chef-repo references to openstack-chef 5 years ago
Berksfile Chef 17 support 1 year ago Moving IRC network reference to OFTC 2 years ago
LICENSE identity refactor for Pike and Chef 13 5 years ago
README.rst CentOS 8 support 1 year ago
Rakefile Updates for rocky 3 years ago Sync stackforge/cookbook* to openstack/cookbook* for keystone cookbook 8 years ago
metadata.rb CentOS 8 support 1 year ago


OpenStack Chef Cookbook - identity



This cookbook installs the OpenStack Identity Service Keystone as part of the OpenStack reference deployment Chef for OpenStack. The OpenStack chef-repo contains documentation for using this cookbook in the context of a full OpenStack deployment. Keystone is installed from packages, creating the default user, tenant, and roles. It also registers the identity service and identity endpoint.


  • Chef 16 or higher
  • Chef Workstation 21.10.640 for testing (also includes Berkshelf for cookbook dependency resolution)


  • ubuntu
  • redhat
  • centos


The following cookbooks are dependencies:

  • 'apache2', '~> 8.6'
  • 'openstack-common', '>= 20.0.0'
  • 'openstackclient'


Please see the extensive inline documentation in attributes/*.rb for descriptions of all the settable attributes for this cookbook.

Note that all attributes are in the default['openstack'] "namespace"

The usage of attributes to generate the keystone.conf is described in the openstack-common cookbook.



  • Manage the cloud config file located at /root/clouds.yaml


  • Helper recipe to manage credential keys.

If you prefer, you can manually create the keys by doing the following:

$ keystone-manage credential_setup \
  --keystone-user keystone --keystone-group keystone

This should create a directory /etc/keystone/credential-keys with the keys residing in it.


  • Helper recipe to manage fernet tokens


  • Creates a fully usable openrc file to export the needed environment variables to use the openstack client.


  • Registers the initial keystone endpoint as well as users, tenants and roles needed for the initial configuration utilizing the custom resource provided in the openstackclient cookbook. The recipe is documented in detail with inline comments inside the recipe.


  • Installs and configures the OpenStack Identity Service running inside of an apache webserver. The recipe is documented in detail with inline comments inside the recipe.

License and Author

Author Justin Shepherd (
Author Jason Cannavale (
Author Ron Pedde (
Author Joseph Breu (
Author William Kelly (
Author Darren Birkett (
Author Evan Callicoat (
Author Matt Ray (
Author Jay Pipes (
Author John Dewey (
Author Sean Gallagher (
Author Ionut Artarisi (
Author Chen Zhiwei (
Author Eric Zhou (
Author Jan Klare (
Author Christoph Albers (
Author Lance Albertson (
Copyright Copyright 2012, Rackspace US, Inc.
Copyright Copyright 2012-2013, Opscode, Inc.
Copyright Copyright 2012-2013, AT&T Services, Inc.
Copyright Copyright 2013-2014, SUSE Linux
Copyright GmbH Copyright 2013-2014, IBM, Corp.
Copyright Copyright 2016-2021, Oregon State University

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.