Before you begin, ensure that the OpenStack Compute and Image services are installed and connect all databases prior to configuring the Identity Service endpoints. Next you add the default tenant, an administrator, roles, and users to get a working installation started. The initial tenant, username, and password is openstackdemo, admin, and secretword. First, add two tenants, one named openstackDemo, one named adminTenant. sudo keystone-manage tenant add openstackDemo sudo keystone-manage tenant add adminTenant In return for these commands, you should see a SUCCESS message, such as: SUCCESS: Tenant openstackDemo created. Now, add users and assign their passwords. sudo keystone-manage user add adminUser secretword sudo keystone-manage user add demoUser secretword Now add an invented token (any combination of numbers and letters will do) to the admin user for the openstackdemo tenant and ensure there's an expiration date assigned. This one expires in about four years. sudo keystone-manage token add 11121314151617181920 adminUser adminTenant 2015-02-05T00:0 If you see an error like "Creating a token requires a token id, user, tenant, and expiration" it's possible you're missing the expiration date. Create the Admin role and the Member role. sudo keystone-manage role add Admin sudo keystone-manage role add Member Grant the Admin role to the admin user and then grant the Member role to the demo user. sudo keystone-manage role grant Admin adminUser sudo keystone-manage role grant Member demoUser Grant the Admin role to the adminUser user for the openstackDemo and adminTenant tenant. Grant the Member role to the demoUser for the openstackDemo tenant. sudo keystone-manage role grant Admin adminUser openstackDemo sudo keystone-manage role grant Admin adminUser adminTenant sudo keystone-manage role grant Member demoUser openstackDemo

Now that all your starter tenants, users, and roles have been created, let's move on to endpoints. First add all the services you want to have the Identity service connected with. Here's an example using all the available services in this example. You may see an IntegrityError error when using the Manage IT packages and issuing these commands.sudo keystone-manage service add nova compute "Nova Compute Service" sudo keystone-manage service add glance image "Glance Image Service" sudo keystone-manage service add keystone identity "Keystone Identity Service" Now add endpoint templates each of these now-named services, which put together the IP addresses, port values, and API version number to make an entire endpoint. sudo keystone-manage endpointTemplates add RegionOne nova http://192.168.206.130:8774/v1.1/%tenant_id% http://192.168.206.130:8774/v1.1/%tenant_id% http://192.168.206.130:8774/v1.1/%tenant_id% 1 1 sudo keystone-manage endpointTemplates add RegionOne glance http://192.168.206.130:9292/v1 http://192.168.206.130:9292/v1 http://192.168.206.130:9292/v1 1 1 sudo keystone-manage endpointTemplates add RegionOne keystone http://192.168.206.130:5000/v2.0 http://192.168.206.130:35357/v2.0 http://192.168.206.130:5000/v2.0 1 1 Optionally, you can add EC2 credentials to the Identity Service for any commands you may want to use euca2ools for. sudo keystone-manage credentials add adminUser EC2 'secretword' adminTenant sudo keystone-manage credentials add demoUser EC2 'secretword' openstackDemo The Identity Service, Keystone, is now configured and ready to accept requests.