Installing and Configuring the Identity Service
Install the Identity service:
sudo apt-get install keystone
Install curl, a command-line tool for running REST API
requests:
sudo apt-get install curl
After installing, you need to delete the sqlite database it
creates, then change the configuration to point to the mysql
database.
Delete the keystone.db file created in the
/var/lib/keystone/
directory.sudo rm /var/lib/keystone/keystone.db
Configure the production-ready backend data store. For
Compute you must use a SQLAlchemy-compatible database, such as
MySQL or PostgreSQL. This example shows MySQL.
First, install MySQL with:
sudo apt-get install python-mysqldb mysql-server
During the install, you'll be prompted for the mysql root
password. Enter a password of your choice and verify it.
Edit /etc/mysql/my.cnf to change "bind-address" from
localhost (127.0.0.1) to any (0.0.0.0) and restart the mysql
service:
sudo sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
sudo service mysql restart
For MySQL, create a MySQL database named "keystone" and a
MySQL user named "keystone". Grant the "keystone" user full
access to the "keystone" MySQL database.
Start the mysql command line client by running:
mysql -u root -p
Enter the mysql root user's password when prompted.
To configure the MySQL database, create the keystone database.
mysql> CREATE DATABASE keystone;
Create a MySQL user for the newly-created keystone database that
has full control of the database.
mysql> GRANT ALL ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'yourpassword';
Enter quit at the mysql> prompt to exit MySQL.
mysql> quit
Edit /etc/keystone/keystone.conf to include the
--sql_connection to use the backend data store you just
created. Ensure that it is owned by root and chmod is set to
0640 since it contains your mysql password. (You do leave the "default_store" as sqlite, however.)
sudo nano /etc/keystone/keystone.conf
sudo chown keystone:root /etc/keystone/keystone.conf
sudo chmod 0640 /etc/keystone/keystone.conf
Here is an
example section:
[keystone.backends.sqlalchemy]
# SQLAlchemy connection string for the reference implementation registry
# server. Any valid SQLAlchemy connection string is fine.
# See: http://bit.ly/ideIpI
sql_connection = mysql://keystone:yourpassword@192.168.206.130/keystone
backend_entities = ['UserRoleAssociation', 'Endpoints', 'Role', 'Tenant',
'User', 'Credentials', 'EndpointTemplates', 'Token',
'Service']
Edit /etc/keystone/keystone.conf to use the IP address and
ports for your environment. Here is an example keystone.conf. Ensure that the ports for keystone are correct, since the default keystone auth port changed from 5001 to 35357
and the packages install a conf file with 5001 for the auth_port setting.
Restart the Identity Service.
sudo service keystone restart
Next, you configure the Identity Service by defining roles and
users.