openstack/openstack-manuals
Code Issues Proposed changes
f83b8dd6e7
openstack-manuals/doc/install-guide/section_keystone-install.xml
Tom Fifield 7409216c77 Add sample architecture, fix ubuntu instructions 
1) The install guide was lacking a sample architecture section

This adds one and includes an image, with a followup image
in the basic networking section.

2) The instructions for disabling NetworkManager were given for
all distributions. This is not necessary on Ubuntu Server or Suse
server

3) the network configuration samples were only for fedora
this adds one for ubuntu, and a placeholder for SUSE

4) you need to restart the network after making changes

5) ubuntu sets services to start on install, no need to
restart or chkconfig (which doesn't exist on ubuntu)

6) ubuntu does not have openstack-config or openstack-db

This install has now been verified for ubuntu from the beginning
to the end of the identity service install.

Change-Id: I4e41092ab3ae399c83bb01d491847b6ca1998cfa
Closes-Bug: 1237863
Closes-Bug: 1237890
Closes-Bug: 1237898
Closes-Bug: 1237906
Partial-Bug: 1236952
2013-10-11 13:40:41 +11:00

102 lines
5.3 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="utf-8"?>
<section xml:id="keystone-install"
xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0">
<title>Installing the Identity Service</title>
<procedure>
<step>
<para>Install the Identity Service on the controller node:</para>
<screen os="ubuntu;deb"><prompt>#</prompt> <userinput>apt-get install keystone python-keystone python-keystoneclient</userinput></screen>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install openstack-keystone python-keystoneclient</userinput></screen>
<screen os="opensuse"><prompt>#</prompt> <userinput>zypper install openstack-keystone python-keystoneclient</userinput></screen>
</step>
<step>
<para>The Identity Service uses a database to store information.
Specify the location of the database in the configuration file.
In this guide, we use a MySQL database on the controller node
with the username <literal>keystone</literal>. Replace
<literal><replaceable>KEYSTONE_DBPASS</replaceable></literal>
with a suitable password for the database user.</para>
<screen os="rhel;centos;fedora;opensuse"><prompt>#</prompt> <userinput>openstack-config --set /etc/keystone/keystone.conf \
sql connection mysql://keystone:<replaceable>KEYSTONE_DBPASS</replaceable>@controller/keystone</userinput></screen>
<para os="ubuntu">Edit <filename>/etc/keystone/keystone.conf</filename> and change the <literal>[sql]</literal> section.</para>
<programlisting os="ubuntu" language="ini">
...
[sql]
# The SQLAlchemy connection string used to connect to the database
connection = mysql://keystone:KEYSTONE_DBPASS@controller/keystone
...
</programlisting>
</step>
<step os="rhel;centos;fedora;opensuse">
<para>Use the <command>openstack-db</command> command to create the
database and tables, as well as a database user called
<literal>keystone</literal> to connect to the database. Replace
<literal><replaceable>KEYSTONE_DBPASS</replaceable></literal>
with the same password used in the previous step.</para>
<screen><prompt>#</prompt> <userinput>openstack-db --init --service keystone --password <replaceable>KEYSTONE_DBPASS</replaceable></userinput></screen>
</step>
<step os="ubuntu">
<para>First, we need to create a database user called <literal>keystone</literal>, by logging in
as root using the password we set earlier.</para>
<screen><prompt>#</prompt> <userinput>mysql -u root -p</userinput>
<prompt>mysql></prompt> <userinput>CREATE DATABASE keystone;</userinput>
<prompt>mysql></prompt> <userinput>GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'KEYSTONE_DBPASS';</userinput></screen>
</step>
<step os="ubuntu">
<para>We now start the keystone service and create its tables.</para>
<screen><prompt>#</prompt> <userinput>keystone-manage db_sync</userinput>
<prompt>#</prompt> <userinput>service keystone restart</userinput></screen>
</step>
<step>
<para>You need to define an authorization token that is used as a
shared secret between the Identity Service and other OpenStack services.
Use <command>openssl</command> to generate a random token, then store it
in the configuration file.</para>
<screen os="rhel;centos;fedora;opensuse"><prompt>#</prompt> <userinput>ADMIN_TOKEN=$(openssl rand -hex 10)</userinput>
<prompt>#</prompt> <userinput>echo $ADMIN_TOKEN</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN</userinput></screen>
<screen os="ubuntu"><prompt>#</prompt> <userinput>openssl rand -hex 10</userinput></screen>
<para os="ubuntu">Edit <filename>/etc/keystone/keystone.conf</filename> and
change the <literal>[DEFAULT]</literal> section, replacing ADMIN_TOKEN with the results of the command.</para>
<programlisting os="ubuntu" language="ini">
[DEFAULT]
# A "shared secret" between keystone and other openstack services
admin_token = ADMIN_TOKEN
...
</programlisting>
</step>
<step os="rhel;centos;fedora;opensuse">
<para>By default Keystone will use PKI tokens. Create the signing
keys and certificates.</para>
<screen><prompt>#</prompt> <userinput>keystone-manage pki_setup --keystone-user keystone --keystone-group keystone</userinput>
<prompt>#</prompt> <userinput>chown -R keystone:keystone /etc/keystone/* /var/log/keystone/keystone.log</userinput></screen>
</step>
<step os="ubuntu">
<para>Restart the Identity service.</para>
<screen><prompt>#</prompt> <userinput>service keystone restart</userinput></screen>
</step>
<step os="rhel;fedora;centos;opensuse">
<para>Start the Identity Service and enable it so it start when
the system boots.</para>
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>service openstack-keystone start</userinput>
<prompt>#</prompt> <userinput>chkconfig openstack-keystone on</userinput></screen>
<screen os="opensuse"><prompt>#</prompt> <userinput>systemctl start openstack-keystone.service</userinput>
<prompt>#</prompt> <userinput>systemctl enable openstack-keystone.service</userinput></screen>
</step>
</procedure>
</section>
View Git Blame Copy Permalink