The Identity Service also tracks what OpenStack services are installed and where to locate them on the network. For each service on your OpenStack installation, you must call keystone service-create to describe the service and keystone endpoint-create to specify the API endpoints associated with the service. For now, create a service for the Identity Service itself. This will allow you to stop using the authorization token and instead use normal authentication when using the keystone command in the future. First, create a service entry for the Identity Service. # keystone service-create --name=keystone --type=identity \ --description="Keystone Identity Service" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Keystone Identity Service | | id | 15c11a23667e427e91bc31335b45f4bd | | name | keystone | | type | identity | +-------------+----------------------------------+ The service id is randomly generated, and will be different from the one shown above when you run the command. Next, specify an API endpoint for the Identity Service using the service id you received. When you specify an endpoint, you provide three URLs for the public API, the internal API, and the admin API. In this guide, we use the hostname controller. Note that the Identity Service uses a different port for the admin API. # keystone endpoint-create \ --service-id=the_service_id_above \ --publicurl=http://controller:5000/v2.0 \ --internalurl=http://controller:5000/v2.0 \ --adminurl=http://controller:35357/v2.0 +-------------+-----------------------------------+ | Property | Value | +-------------+-----------------------------------+ | adminurl | http://controller:35357/v2.0 | | id | 11f9c625a3b94a3f8e66bf4e5de2679f | | internalurl | http://controller:5000/v2.0 | | publicurl | http://controller:5000/v2.0 | | region | regionOne | | service_id | 15c11a23667e427e91bc31335b45f4bd | +-------------+-----------------------------------+ As you add other services to your OpenStack installation, you will call these commands again to register those services with the Identity Service.