openstack/openstack-manuals
Code Issues Proposed changes

Merge "Install: Keystone updates for Mitaka"

Browse Source
This commit is contained in:
Jenkins 2016-02-16 19:57:26 +00:00 committed by Gerrit Code Review
commit f6282da95c
4 changed files with 50 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
doc/install-guide/source/keystone-install.rst
View File

@ -5,8 +5,8 @@ Install and configure
This section describes how to install and configure the OpenStack This section describes how to install and configure the OpenStack
Identity service, code-named keystone, on the controller node. For Identity service, code-named keystone, on the controller node. For
performance, this configuration deploys the Apache HTTP server to handle performance, this configuration deploys Fernet tokens and the Apache
requests and Memcached to store tokens instead of an SQL database. HTTP server to handle requests.
.. only:: obs or rdo or ubuntu .. only:: obs or rdo or ubuntu
@ -59,7 +59,7 @@ requests and Memcached to store tokens instead of an SQL database.
.. include:: shared/note_configuration_vary_by_distribution.rst .. include:: shared/note_configuration_vary_by_distribution.rst
.. note:: .. note::
In Kilo and Liberty releases, the keystone project deprecates eventlet In Kilo and newer releases, the keystone project deprecates eventlet
in favor of a separate web server with WSGI extensions. This guide uses in favor of a separate web server with WSGI extensions. This guide uses
the Apache HTTP server with ``mod_wsgi`` to serve Identity service the Apache HTTP server with ``mod_wsgi`` to serve Identity service
requests on port 5000 and 35357. By default, the keystone service requests on port 5000 and 35357. By default, the keystone service
@ -82,8 +82,7 @@ requests and Memcached to store tokens instead of an SQL database.
.. code-block:: console .. code-block:: console
# apt-get install keystone apache2 libapache2-mod-wsgi \ # apt-get install keystone apache2 libapache2-mod-wsgi
memcached python-memcache
.. only:: obs or rdo .. only:: obs or rdo
@ -93,25 +92,13 @@ requests and Memcached to store tokens instead of an SQL database.
.. code-block:: console .. code-block:: console
# yum install openstack-keystone httpd mod_wsgi \ # yum install openstack-keystone httpd mod_wsgi
memcached python-memcached
.. only:: obs .. only:: obs
.. code-block:: console .. code-block:: console
# zypper install openstack-keystone apache2-mod_wsgi \ # zypper install openstack-keystone apache2-mod_wsgi
memcached python-python-memcached
.. only:: obs or rdo
2. Start the Memcached service and configure it to start when the system
boots:
.. code-block:: console
# systemctl enable memcached.service
# systemctl start memcached.service
.. only:: obs or rdo or ubuntu .. only:: obs or rdo or ubuntu
@ -140,23 +127,13 @@ requests and Memcached to store tokens instead of an SQL database.
Replace ``KEYSTONE_DBPASS`` with the password you chose for the database. Replace ``KEYSTONE_DBPASS`` with the password you chose for the database.
* In the ``[memcache]`` section, configure the Memcached service: * In the ``[token]`` section, configure the Fernet token provider:
.. code-block:: ini
[memcache]
...
servers = localhost:11211
* In the ``[token]`` section, configure the UUID token provider and
Memcached driver:
.. code-block:: ini .. code-block:: ini
[token] [token]
... ...
provider = uuid provider = fernet
driver = memcache
* In the ``[revoke]`` section, configure the SQL revocation driver: * In the ``[revoke]`` section, configure the SQL revocation driver:
@ -183,6 +160,12 @@ requests and Memcached to store tokens instead of an SQL database.
# su -s /bin/sh -c "keystone-manage db_sync" keystone # su -s /bin/sh -c "keystone-manage db_sync" keystone
5. Initialize Fernet keys:
.. code-block:: console
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
.. only:: debian .. only:: debian
Install and configure the components Install and configure the components
@ -336,7 +319,6 @@ requests and Memcached to store tokens instead of an SQL database.
.. image:: figures/debconf-screenshots/keystone_7_register_endpoint.png .. image:: figures/debconf-screenshots/keystone_7_register_endpoint.png
.. only:: obs or rdo or ubuntu .. only:: obs or rdo or ubuntu
Configure the Apache HTTP server Configure the Apache HTTP server

18
doc/install-guide/source/keystone-openrc.rst
View File

@ -24,7 +24,6 @@ scripts to load appropriate credentials for client operations.
export OS_PROJECT_DOMAIN_ID=default export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3 export OS_AUTH_URL=http://controller:35357/v3
@ -40,7 +39,6 @@ scripts to load appropriate credentials for client operations.
export OS_PROJECT_DOMAIN_ID=default export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3 export OS_AUTH_URL=http://controller:5000/v3
@ -69,11 +67,13 @@ For example:
.. code-block:: console .. code-block:: console
$ openstack token issue $ openstack token issue
+------------+----------------------------------+ +------------+-----------------------------------------------------------------+
| Field | Value | | Field | Value |
+------------+----------------------------------+ +------------+-----------------------------------------------------------------+
| expires | 2015-03-25T01:45:49.950092Z | | expires | 2016-02-12T20:44:35.659723Z |
| id | cd4110152ac24bdeaa82e1443c910c36 | | id | gAAAAABWvjYj-Zjfg8WXFaQnUd1DMYTBVrKw4h3fIagi5NoEmh21U72SrRv2trl |
| project_id | cf12a15c5ea84b019aec3dc45580896b | | | JWFYhLi2_uPR31Igf6A8mH2Rw9kv_bxNo1jbLNPLGzW_u5FC7InFqx0yYtTwa1e |
| user_id | 4d411f2291f34941b30eef9bd797505a | | | eq2b0f6-18KZyQhs7F3teAta143kJEWuNEYET-y7u29y0be1_64KYkM7E |
+------------+----------------------------------+ | project_id | 343d245e850143a096806dfaefa9afdc |
| user_id | ac3377633149401296f6c0d92d79dc16 |
+------------+-----------------------------------------------------------------+

16
doc/install-guide/source/keystone-services.rst
View File

@ -122,7 +122,7 @@ Create the service entity and API endpoints
.. code-block:: console .. code-block:: console
$ openstack endpoint create --region RegionOne \ $ openstack endpoint create --region RegionOne \
identity public http://controller:5000/v2.0 identity public http://controller:5000/v3
+--------------+----------------------------------+ +--------------+----------------------------------+
| Field | Value | | Field | Value |
+--------------+----------------------------------+ +--------------+----------------------------------+
@ -134,11 +134,11 @@ Create the service entity and API endpoints
| service_id | 8c8c0927262a45ad9066cfe70d46892c | | service_id | 8c8c0927262a45ad9066cfe70d46892c |
| service_name | keystone | | service_name | keystone |
| service_type | identity | | service_type | identity |
| url | http://controller:5000/v2.0 | | url | http://controller:5000/v3 |
+--------------+----------------------------------+ +--------------+----------------------------------+
$ openstack endpoint create --region RegionOne \ $ openstack endpoint create --region RegionOne \
identity internal http://controller:5000/v2.0 identity internal http://controller:5000/v3
+--------------+----------------------------------+ +--------------+----------------------------------+
| Field | Value | | Field | Value |
+--------------+----------------------------------+ +--------------+----------------------------------+
@ -150,11 +150,11 @@ Create the service entity and API endpoints
| service_id | 6f8de927262ac12f6066cfe70d99ac51 | | service_id | 6f8de927262ac12f6066cfe70d99ac51 |
| service_name | keystone | | service_name | keystone |
| service_type | identity | | service_type | identity |
| url | http://controller:5000/v2.0 | | url | http://controller:5000/v3 |
+--------------+----------------------------------+ +--------------+----------------------------------+
$ openstack endpoint create --region RegionOne \ $ openstack endpoint create --region RegionOne \
identity admin http://controller:35357/v2.0 identity admin http://controller:35357/v3
+--------------+----------------------------------+ +--------------+----------------------------------+
| Field | Value | | Field | Value |
+--------------+----------------------------------+ +--------------+----------------------------------+
@ -166,7 +166,7 @@ Create the service entity and API endpoints
| service_id | 34ab3d27262ac449cba6cfe704dbc11f | | service_id | 34ab3d27262ac449cba6cfe704dbc11f |
| service_name | keystone | | service_name | keystone |
| service_type | identity | | service_type | identity |
| url | http://controller:35357/v2.0 | | url | http://controller:35357/v3 |
+--------------+----------------------------------+ +--------------+----------------------------------+
.. note:: .. note::
@ -174,7 +174,3 @@ Create the service entity and API endpoints
Each service that you add to your OpenStack environment requires one Each service that you add to your OpenStack environment requires one
or more service entities and three API endpoint variants in the Identity or more service entities and three API endpoint variants in the Identity
service. service.
.. note::
Services can access the v3 API using the v2.0 URL.

32
doc/install-guide/source/keystone-verify.rst
View File

@ -38,14 +38,16 @@ services.
--os-project-domain-id default --os-user-domain-id default \ --os-project-domain-id default --os-user-domain-id default \
--os-project-name admin --os-username admin token issue --os-project-name admin --os-username admin token issue
Password: Password:
+------------+----------------------------------+ +------------+-----------------------------------------------------------------+
| Field | Value | | Field | Value |
+------------+----------------------------------+ +------------+-----------------------------------------------------------------+
| expires | 2015-03-24T18:55:01Z | | expires | 2016-02-12T20:14:07.056119Z |
| id | ff5ed908984c4a4190f584d826d75fed | | id | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
| project_id | cf12a15c5ea84b019aec3dc45580896b | | | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
| user_id | 4d411f2291f34941b30eef9bd797505a | | | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws |
+------------+----------------------------------+ | project_id | 343d245e850143a096806dfaefa9afdc |
| user_id | ac3377633149401296f6c0d92d79dc16 |
+------------+-----------------------------------------------------------------+
.. note:: .. note::
@ -59,14 +61,16 @@ services.
--os-project-domain-id default --os-user-domain-id default \ --os-project-domain-id default --os-user-domain-id default \
--os-project-name demo --os-username demo token issue --os-project-name demo --os-username demo token issue
Password: Password:
+------------+----------------------------------+ +------------+-----------------------------------------------------------------+
| Field | Value | | Field | Value |
+------------+----------------------------------+ +------------+-----------------------------------------------------------------+
| expires | 2014-10-10T12:51:33Z | | expires | 2016-02-12T20:15:39.014479Z |
| id | 1b87ceae9e08411ba4a16e4dada04802 | | id | gAAAAABWvi9bsh7vkiby5BpCCnc-JkbGhm9wH3fabS_cY7uabOubesi-Me6IGWW |
| project_id | 4aa51bb942be4dd0ac0555d7591f80a6 | | | yQqNegDDZ5jw7grI26vvgy1J5nCVwZ_zFRqPiz_qhbq29mgbQLglbkq6FQvzBRQ |
| user_id | 7004dfa0dda84d63aef81cf7f100af01 | | | JcOzq3uwhzNxszJWmzGC7rJE_H0A_a3UFhqv8M4zMRYSbS2YF0MyFmp_U |
+------------+----------------------------------+ | project_id | ed0b60bf607743088218b0a533d5943f |
| user_id | 58126687cbcc4888bfa9ab73a2256f27 |
+------------+-----------------------------------------------------------------+
.. note:: .. note::