From Keystone README.rst: “Keystone provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. It is most commonly deployed as an HTTP interface to existing identity systems, such as LDAP.” Basically, is the service where we will store and manage all our users and projects.
The installation is pretty straightforward. First we’ll need to a couple of development libraries that will be needed later during the installation of the keystone requirements.
root@aio:~# apt-get install libffi-dev libssl-dev
The next step is to create a ‘keystone’ user and the default location where the configuration files will be located, ‘/etc/keystone’, with the correct permissions.
root@aio:~# useradd -m keystone root@aio:~# mkdir /etc/keystone root@aio:~# chown keystone:keystone /etc/keystone
Once everything is ready, we need to create a mysql database and a user with the appropriate privileges to connect to connect to it.
root@aio:~# mysql -u root -p mysql> create database keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'aio' IDENTIFIED BY 'keystone' WITH GRANT OPTION;FLUSH privileges;
Now, it’s time to clone the source from upstream, and create and activate a virtual environment where we will install keystone within all its requirements
keystone@aio:~$ git clone git://git.openstack.org/openstack/keystone keystone@aio:~$ virtualenv venv keystone@aio:~$ source venv/bin/activate (venv)keystone@aio:~$ cd keystone (venv)keystone@aio:~/keystone$ pip install pip --upgrade # The version installed by default is outdated (venv)keystone@aio:~/keystone$ pip install -r requirements.txt (venv)keystone@aio:~/keystone$ pip install mysql-python (venv)keystone@aio:~/keystone$ python setup.py install
By default, keystone provides sample configuration files that we will need to copy to their default location:
(venv)keystone@aio:~/keystone$ cp -fr etc/* /etc/keystone/ (venv)keystone@aio:~/keystone$ mv /etc/keystone/keystone.conf.sample /etc/keystone/keystone.conf
The only initial change that will be needed to have a working keystone service in our environment will be to define the proper connection database string to our mysql server. Under the [database] group, we should define the connection string as:
connection = mysql://keystone:keystone@aio/keystone
After that, we need to populate the database with the required tables:
(venv)keystone@aio:~/keystone$ keystone-manage db_sync
And now we are ready to start the service:
(venv)keystone@aio:~/keystone$ keystone-all
Of course, this is not the best way to start a service, using the command line, but for our initial deployment is more than enough. We’ll see how to create our init scripts in the following posts.
Rivero I/O 