How to Install and configure OpenStack Keystone

In this tutorial, How to Install and configure OpenStack Keystone. In previous, my post has How to install OpenStack all in one Centos 7. If you have not yet installed OpenStack Keystone then step install as below

Step by step Install and configure OpenStack Keystone

Create a User and Database on MariaDB for Keystone.

[vagrant@DevopsRoles ~]# mysql -u root -p 
MariaDB [(none)]> create database keystone; 
MariaDB [(none)]> grant all privileges on keystone.* to keystone@'localhost' identified by 'password'; 
MariaDB [(none)]> grant all privileges on keystone.* to keystone@'%' identified by 'password'; 
MariaDB [(none)]> flush privileges; 
MariaDB [(none)]> exit

Install Keystone.

[vagrant@DevopsRoles ~]# yum --enablerepo=centos-openstack-stein,epel -y install openstack-keystone openstack-utils python-openstackclient httpd mod_wsgi

Configure Keystone.

[vagrant@DevopsRoles ~]# vi /etc/keystone/keystone.conf

# line 476: add specify Memcache server
memcache_servers =
# line 608: add MariaDB connection info
connection = mysql+pymysql://keystone:password@
# line 2531: uncomment
provider = fernet

[vagrant@DevopsRoles ~]# su -s /bin/bash keystone -c "keystone-manage db_sync"

# initialize keys
[vagrant@DevopsRoles ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone 
[vagrant@DevopsRoles ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

# define own host (controller host)
[vagrant@DevopsRoles ~]# export controller=

# bootstrap keystone (replace any password you like for "adminpassword" section)
[vagrant@DevopsRoles ~]# keystone-manage bootstrap --bootstrap-password adminpassword \
--bootstrap-admin-url http://$controller:5000/v3/ \
--bootstrap-internal-url http://$controller:5000/v3/ \
--bootstrap-public-url http://$controller:5000/v3/ \
--bootstrap-region-id RegionOne

If SELinux is enabled on Centos 7

[vagrant@DevopsRoles ~]# setsebool -P httpd_use_openstack on 
[vagrant@DevopsRoles ~]# setsebool -P httpd_can_network_connect on 
[vagrant@DevopsRoles ~]# setsebool -P httpd_can_network_connect_db on 

Allow ports for services with Firewalld is running

[vagrant@DevopsRoles ~]# firewall-cmd --add-port=5000/tcp --permanent
[vagrant@DevopsRoles ~]# firewall-cmd --reload 

Keystone enables and starts Apache httpd.

[vagrant@DevopsRoles ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ 
[vagrant@DevopsRoles ~]# systemctl start httpd 
[vagrant@DevopsRoles ~]# systemctl enable httpd 

How to Add Projects in OpenStack Keystone

To create and load an environment file for KeyStone

[vagrant@DevopsRoles ~]# vi ~/keystonerc

The content as below

export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=adminpassword
export OS_AUTH_URL=
export PS1='[\u@\h \W(keystone)]\$ '

To apply the change

[vagrant@DevopsRoles ~]# chmod 600 ~/keystonerc 
[vagrant@DevopsRoles ~]# source ~/keystonerc 
[vagrant@DevopsRoles ~(keystone)]# echo "source ~/keystonerc " >> ~/.bash_profile

Create Projects.

[vagrant@DevopsRoles ~]# openstack project create --domain default --description "Service Project" service 
#To confirm settings create Projects
[vagrant@DevopsRoles ~(keystone)]# openstack project list

You have to Install and configure OpenStack Keystone. Thank you for reading the DevopsRoles page!

About HuuPV

My name is Huu. I love technology and especially Devops Skill such as Docker, vagrant, git so forth. I likes open-sources. so I created site to share the knowledge that I have learned. My Job: IT system administrator. Hobbies: summoners war game, gossip.
View all posts by HuuPV →

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.