openstack/openstack-manuals
Code Issues Proposed changes

Merge "Install: Keystone updates for Mitaka"

Browse Source
This commit is contained in:
Jenkins 2016-02-16 19:57:26 +00:00 committed by Gerrit Code Review
commit f6282da95c
4 changed files with 50 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
doc/install-guide/source/keystone-install.rst
View File

@ -5,8 +5,8 @@ Install and configure
This section describes how to install and configure the OpenStack
Identity service, code-named keystone, on the controller node. For
performance, this configuration deploys the Apache HTTP server to handle
requests and Memcached to store tokens instead of an SQL database.
performance, this configuration deploys Fernet tokens and the Apache
HTTP server to handle requests.
.. only:: obs or rdo or ubuntu
@ -59,7 +59,7 @@ requests and Memcached to store tokens instead of an SQL database.
.. include:: shared/note_configuration_vary_by_distribution.rst
.. note::
In Kilo and Liberty releases, the keystone project deprecates eventlet
In Kilo and newer releases, the keystone project deprecates eventlet
in favor of a separate web server with WSGI extensions. This guide uses
the Apache HTTP server with ``mod_wsgi`` to serve Identity service
requests on port 5000 and 35357. By default, the keystone service
@ -82,8 +82,7 @@ requests and Memcached to store tokens instead of an SQL database.
.. code-block:: console
# apt-get install keystone apache2 libapache2-mod-wsgi \
memcached python-memcache
# apt-get install keystone apache2 libapache2-mod-wsgi
.. only:: obs or rdo
@ -93,25 +92,13 @@ requests and Memcached to store tokens instead of an SQL database.
.. code-block:: console
# yum install openstack-keystone httpd mod_wsgi \
memcached python-memcached
# yum install openstack-keystone httpd mod_wsgi
.. only:: obs
.. code-block:: console
# zypper install openstack-keystone apache2-mod_wsgi \
memcached python-python-memcached
.. only:: obs or rdo
2. Start the Memcached service and configure it to start when the system
boots:
.. code-block:: console
# systemctl enable memcached.service
# systemctl start memcached.service
# zypper install openstack-keystone apache2-mod_wsgi
.. only:: obs or rdo or ubuntu
@ -140,23 +127,13 @@ requests and Memcached to store tokens instead of an SQL database.
Replace ``KEYSTONE_DBPASS`` with the password you chose for the database.
* In the ``[memcache]`` section, configure the Memcached service:
.. code-block:: ini
[memcache]
...
servers = localhost:11211
* In the ``[token]`` section, configure the UUID token provider and
Memcached driver:
* In the ``[token]`` section, configure the Fernet token provider:
.. code-block:: ini
[token]
...
provider = uuid
driver = memcache
provider = fernet
* In the ``[revoke]`` section, configure the SQL revocation driver:
@ -183,6 +160,12 @@ requests and Memcached to store tokens instead of an SQL database.
# su -s /bin/sh -c "keystone-manage db_sync" keystone
5. Initialize Fernet keys:
.. code-block:: console
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
.. only:: debian
Install and configure the components
@ -336,7 +319,6 @@ requests and Memcached to store tokens instead of an SQL database.
.. image:: figures/debconf-screenshots/keystone_7_register_endpoint.png
.. only:: obs or rdo or ubuntu
Configure the Apache HTTP server

20
doc/install-guide/source/keystone-openrc.rst
View File

@ -24,7 +24,6 @@ scripts to load appropriate credentials for client operations.
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
@ -40,7 +39,6 @@ scripts to load appropriate credentials for client operations.
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
@ -69,11 +67,13 @@ For example:
.. code-block:: console
$ openstack token issue
+------------+----------------------------------+
| Field | Value |
+------------+----------------------------------+
| expires | 2015-03-25T01:45:49.950092Z |
| id | cd4110152ac24bdeaa82e1443c910c36 |
| project_id | cf12a15c5ea84b019aec3dc45580896b |
| user_id | 4d411f2291f34941b30eef9bd797505a |
+------------+----------------------------------+
+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:44:35.659723Z |
| id | gAAAAABWvjYj-Zjfg8WXFaQnUd1DMYTBVrKw4h3fIagi5NoEmh21U72SrRv2trl |
| | JWFYhLi2_uPR31Igf6A8mH2Rw9kv_bxNo1jbLNPLGzW_u5FC7InFqx0yYtTwa1e |
| | eq2b0f6-18KZyQhs7F3teAta143kJEWuNEYET-y7u29y0be1_64KYkM7E |
| project_id | 343d245e850143a096806dfaefa9afdc |
| user_id | ac3377633149401296f6c0d92d79dc16 |
+------------+-----------------------------------------------------------------+

16
doc/install-guide/source/keystone-services.rst
View File

@ -122,7 +122,7 @@ Create the service entity and API endpoints
.. code-block:: console
$ openstack endpoint create --region RegionOne \
identity public http://controller:5000/v2.0
identity public http://controller:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
@ -134,11 +134,11 @@ Create the service entity and API endpoints
| service_id | 8c8c0927262a45ad9066cfe70d46892c |
| service_name | keystone |
| service_type | identity |
| url | http://controller:5000/v2.0 |
| url | http://controller:5000/v3 |
+--------------+----------------------------------+
$ openstack endpoint create --region RegionOne \
identity internal http://controller:5000/v2.0
identity internal http://controller:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
@ -150,11 +150,11 @@ Create the service entity and API endpoints
| service_id | 6f8de927262ac12f6066cfe70d99ac51 |
| service_name | keystone |
| service_type | identity |
| url | http://controller:5000/v2.0 |
| url | http://controller:5000/v3 |
+--------------+----------------------------------+
$ openstack endpoint create --region RegionOne \
identity admin http://controller:35357/v2.0
identity admin http://controller:35357/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
@ -166,7 +166,7 @@ Create the service entity and API endpoints
| service_id | 34ab3d27262ac449cba6cfe704dbc11f |
| service_name | keystone |
| service_type | identity |
| url | http://controller:35357/v2.0 |
| url | http://controller:35357/v3 |
+--------------+----------------------------------+
.. note::
@ -174,7 +174,3 @@ Create the service entity and API endpoints
Each service that you add to your OpenStack environment requires one
or more service entities and three API endpoint variants in the Identity
service.
.. note::
Services can access the v3 API using the v2.0 URL.

36
doc/install-guide/source/keystone-verify.rst
View File

@ -38,14 +38,16 @@ services.
--os-project-domain-id default --os-user-domain-id default \
--os-project-name admin --os-username admin token issue
Password:
+------------+----------------------------------+
| Field | Value |
+------------+----------------------------------+
| expires | 2015-03-24T18:55:01Z |
| id | ff5ed908984c4a4190f584d826d75fed |
| project_id | cf12a15c5ea84b019aec3dc45580896b |
| user_id | 4d411f2291f34941b30eef9bd797505a |
+------------+----------------------------------+
+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:14:07.056119Z |
| id | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
| | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
| | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws |
| project_id | 343d245e850143a096806dfaefa9afdc |
| user_id | ac3377633149401296f6c0d92d79dc16 |
+------------+-----------------------------------------------------------------+
.. note::
@ -59,14 +61,16 @@ services.
--os-project-domain-id default --os-user-domain-id default \
--os-project-name demo --os-username demo token issue
Password:
+------------+----------------------------------+
| Field | Value |
+------------+----------------------------------+
| expires | 2014-10-10T12:51:33Z |
| id | 1b87ceae9e08411ba4a16e4dada04802 |
| project_id | 4aa51bb942be4dd0ac0555d7591f80a6 |
| user_id | 7004dfa0dda84d63aef81cf7f100af01 |
+------------+----------------------------------+
+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:15:39.014479Z |
| id | gAAAAABWvi9bsh7vkiby5BpCCnc-JkbGhm9wH3fabS_cY7uabOubesi-Me6IGWW |
| | yQqNegDDZ5jw7grI26vvgy1J5nCVwZ_zFRqPiz_qhbq29mgbQLglbkq6FQvzBRQ |
| | JcOzq3uwhzNxszJWmzGC7rJE_H0A_a3UFhqv8M4zMRYSbS2YF0MyFmp_U |
| project_id | ed0b60bf607743088218b0a533d5943f |
| user_id | 58126687cbcc4888bfa9ab73a2256f27 |
+------------+-----------------------------------------------------------------+
.. note::