starter-kit:compute (III) – Keystone

From Keystone README.rst: “Keystone provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. It is most commonly deployed as an HTTP interface to existing identity systems, such as LDAP.” Basically, is the service where we will store and manage all our users and projects.

The installation is pretty straightforward.  First we’ll need to a couple of development libraries that will be needed later during the installation of the keystone requirements.

root@aio:~# apt-get install libffi-dev libssl-dev

The next step is to create a ‘keystone’ user and the default location where the configuration files will be located, ‘/etc/keystone’, with the correct permissions.

root@aio:~# useradd -m keystone 
root@aio:~# mkdir /etc/keystone 
root@aio:~# chown keystone:keystone /etc/keystone

Once everything is ready, we need to create a mysql database and a user with the appropriate privileges to connect to connect to it.

root@aio:~# mysql -u root -p 
mysql> create database keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'aio' IDENTIFIED BY 'keystone' WITH GRANT OPTION;FLUSH privileges;

Now, it’s time to clone the source from upstream, and create and activate a virtual environment where we will install keystone within all its requirements

keystone@aio:~$ git clone git:// 
keystone@aio:~$ virtualenv venv 
keystone@aio:~$ source venv/bin/activate 
(venv)keystone@aio:~$ cd keystone 
(venv)keystone@aio:~/keystone$ pip install pip --upgrade # The version installed by default is outdated
(venv)keystone@aio:~/keystone$ pip install -r requirements.txt 
(venv)keystone@aio:~/keystone$ pip install mysql-python 
(venv)keystone@aio:~/keystone$ python install

By default, keystone provides sample configuration files that we will need to copy to their default location:

(venv)keystone@aio:~/keystone$ cp -fr etc/* /etc/keystone/ 
(venv)keystone@aio:~/keystone$ mv /etc/keystone/keystone.conf.sample /etc/keystone/keystone.conf

The only initial change that will be needed to have a working keystone service in our environment will be to define the proper connection database string to our mysql server. Under the [database] group, we should define the connection string as:

connection = mysql://keystone:keystone@aio/keystone

After that, we need to populate the database with the required tables:

(venv)keystone@aio:~/keystone$ keystone-manage db_sync

And now we are ready to start the service:

(venv)keystone@aio:~/keystone$ keystone-all

Of course, this is not the best way to start a service, using the command line, but for our initial deployment is more than enough. We’ll see how to create our init scripts in the following posts.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s