Chef Cookbook - OpenStack Identity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Zuul c8a2a909b0 Merge "Drop admin endpoints" 2 weeks ago
.delivery Add delivery config 1 year ago
attributes Drop admin endpoints 1 month ago
recipes Drop admin endpoints 1 month ago
spec Drop admin endpoints 1 month ago
templates/default Drop admin endpoints 1 month ago
.gitignore add a Rakefile to structure test runs 4 years ago
.gitreview OpenDev Migration Patch 1 month ago
.rubocop.yml Initial kilo updates 4 years ago
.rubocop_todo.yml starting rocky development patch 9 months ago
.zuul.yaml Rename openstack-chef-repo references to openstack-chef 9 months ago
Berksfile starting rocky development patch 9 months ago Workflow documentation is now in infra-manual 4 years ago
LICENSE identity refactor for Pike and Chef 13 1 year ago Update the URL in 8 months ago
Rakefile identity refactor for Pike and Chef 13 1 year ago Sync stackforge/cookbook* to openstack/cookbook* for keystone cookbook 3 years ago Fix 3 years ago
metadata.rb Merge "Pin apache2 cookbook to 5.0.1" 5 months ago

Team and repository tags

Team and repository tags

Chef OpenStack Logo


This cookbook installs the OpenStack Identity Service Keystone as part of the OpenStack reference deployment Chef for OpenStack. The contains documentation for using this cookbook in the context of a full OpenStack deployment. Keystone is installed from packages, creating the default user, tenant, and roles. It also registers the identity service and identity endpoint.


  • Chef 12 or higher
  • chefdk 0.9.0 for testing (also includes berkshelf for cookbook dependency resolution)


  • ubuntu
  • redhat
  • centos


The following cookbooks are dependencies:

  • ‘apache2’, ‘~> 3.1’
  • ‘openstack-common’, ‘>= 14.0.0’
  • ‘openstackclient’, ‘>= 0.1.0’


Please see the extensive inline documentation in attributes/*.rb for descriptions of all the settable attributes for this cookbook.

Note that all attributes are in the default['openstack'] “namespace”

The usage of attributes to generate the keystone.conf is decribed in the openstack-common cookbook.



  • Installs the packages require to use keystone client.


  • Creates a fully usable openrc file to export the needed environment variables to use the openstack client.


  • Registers the initial keystone endpoint as well as users, tenants and roles needed for the initial configuration utilizing the LWRP provided inside of this cookbook. The recipe is documented in detail with inline comments inside the recipe.


  • Installs and configures the OpenStack Identity Service running inside of an apache webserver. The recipe is documented in detail with inline comments inside the recipe.

License and Author

Author:: Justin Shepherd ( Author:: Jason Cannavale ( Author:: Ron Pedde ( Author:: Joseph Breu ( Author:: William Kelly ( Author:: Darren Birkett ( Author:: Evan Callicoat ( Author:: Matt Ray ( Author:: Jay Pipes ( Author:: John Dewey ( Author:: Sean Gallagher ( Author:: Ionut Artarisi ( Author:: Chen Zhiwei ( Author:: Eric Zhou ( Author:: Jan Klare ( Author:: Christoph Albers (

Copyright 2012, Rackspace US, Inc. Copyright 2012-2013, Opscode, Inc. Copyright 2012-2013, AT&T Services, Inc. Copyright 2013-2014, SUSE Linux GmbH Copyright 2013-2014, IBM, Corp.

Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.