openstack/openstack-manuals
Code Issues Proposed changes
openstack-manuals/doc/install-guide/source/keystone-verify.rst
Matthew Kassawara c054a422a2 [install] Liberty updates for keystone 
Update keystone configuration for Liberty and address some
consistency issues.

Changes and testing specific to distribution packages
primarily involve Ubuntu. Other distributions may require
additional patches.

Change-Id: I1ff8c1831b0bff407b7dd7af8c8a9b33d6a89284
Implements: blueprint installguide-liberty
2015-10-02 18:13:51 -05:00

2.6 KiB
Raw Blame History

Verify operation

Verify operation of the Identity service before installing other services.

obs or ubuntu

  1. For security reasons, disable the temporary authentication token mechanism:

    Edit the /etc/keystone/keystone-paste.ini file and remove admin_token_auth from the [pipeline:public_api], [pipeline:admin_api], and [pipeline:api_v3] sections.

rdo

  1. For security reasons, disable the temporary authentication token mechanism:

    Edit the /usr/share/keystone/keystone-dist-paste.ini file and remove admin_token_auth from the [pipeline:public_api], [pipeline:admin_api], and [pipeline:api_v3] sections.

  1. Unset the temporary OS_TOKEN and OS_URL environment variables:

    $ unset OS_TOKEN OS_URL

  2. As the admin user, request an authentication token:

    $ openstack --os-auth-url http://controller:35357/v3 \
  --os-project-domain-id default --os-user-domain-id default \
  --os-project-name admin --os-username admin --os-auth-type password \
  token issue
Password:
+------------+----------------------------------+
| Field      | Value                            |
+------------+----------------------------------+
| expires    | 2015-03-24T18:55:01Z             |
| id         | ff5ed908984c4a4190f584d826d75fed |
| project_id | cf12a15c5ea84b019aec3dc45580896b |
| user_id    | 4d411f2291f34941b30eef9bd797505a |
+------------+----------------------------------+

    Note

    This command uses the password for the admin user.

  3. As the demo user, request an authentication token:

    $ openstack --os-auth-url http://controller:5000/v3 \
  --os-project-domain-id default --os-user-domain-id default \
  --os-project-name demo --os-username demo --os-auth-type password \
  token issue
Password:
+------------+----------------------------------+
|  Property  |              Value               |
+------------+----------------------------------+
|   expires  |       2014-10-10T12:51:33Z       |
|     id     | 1b87ceae9e08411ba4a16e4dada04802 |
| project_id | 4aa51bb942be4dd0ac0555d7591f80a6 |
|  user_id   | 7004dfa0dda84d63aef81cf7f100af01 |
+------------+----------------------------------+

    Note

    This command uses the password for the demo user and API port 5000 which only allows regular (non-admin) access to the Identity service API.