|
|
| (3 intermediate revisions by the same user not shown) |
| Line 1: |
Line 1: |
| Updates for Fedora 17 / OpenStack >= Essex-4
| | Moved most of the content here to https://fedoraproject.org/wiki/Getting_started_with_OpenStack_on_Fedora_17 |
| | |
| == Configuring keystone for authentication ==
| |
| | |
| Keystone is the openstack identity service, providing a central place to
| |
| set up openstack users, groups, and accounts that can be shared across all
| |
| other services. This deprecates the old style user accounts manually set
| |
| up with nova-manage.
| |
| | |
| Setting up keystone is required for using the Openstack dashboard.
| |
| | |
| === Initial setup ===
| |
| | |
| * install Keystone
| |
| $> sudo yum install --enablerepo=updates-testing openstack-keystone python-keystoneclient
| |
| | |
| Should get installed:
| |
| python-keystoneclient >= 2012.1-0.5.e4
| |
| openstack-keystone >= 2012.1-0.9.e4
| |
| | |
| * configure Keystone database
| |
| $> sudo openstack-keystone-db-setup
| |
| Please enter the password for the 'root' MySQL user:
| |
| Verified connectivity to MySQL.
| |
| Creating 'keystone' database.
| |
| Asking openstack-keystone to sync the databse.
| |
| Complete!
| |
| | |
| * change default administrative token in keystone.conf
| |
| $> ADMIN_TOKEN=$(openssl rand -hex 10)
| |
| $> sudo openstack-config-set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
| |
| | |
| * start and enable Keystone service
| |
| $> sudo systemctl start openstack-keystone.service
| |
| $> sudo systemctl enable openstack-keystone.service
| |
| | |
| * create sample Tenants, Users and Roles
| |
| $> sudo ADMIN_PASSWORD=verybadpass openstack-keystone-sample-data
| |
| | |
| * test Keystone CLI is working
| |
| export OS_USERNAME=admin
| |
| export OS_PASSWORD=verybadpass
| |
| export OS_TENANT_NAME=admin
| |
| export OS_AUTH_URL=http://127.0.0.1:5000/v2.0/
| |
| keystone user-list
| |
| +----------------------------------+---------+-------------------+-------+
| |
| | id | enabled | email | name |
| |
| +----------------------------------+---------+-------------------+-------+
| |
| | 05742d10109540d2892d17ec312a6cd9 | True | admin@example.com | admin |
| |
| | 25fe47659d6a4255a663e6add1979d6c | True | admin@example.com | demo |
| |
| +----------------------------------+---------+-------------------+-------+
| |
| | |
| | |
| === Configure nova to use keystone ===
| |
| | |
| * Change nova configuration to use keystone:
| |
| $> sudo sed -i -e 's/# \(pipeline = .*\keystonecontext\)/\1/g' /etc/nova/api-paste.ini
| |
| $> sudo openstack-config-set /etc/nova/api-paste.ini filter:authtoken admin_token $ADMIN_TOKEN
| |
| $> sudo systemctl restart openstack-nova-api.service
| |
| | |
| * Verify that nova can talk with keystone (required variable exports from keystone section)
| |
| | |
| $> nova --version 1.1 flavor-list
| |
| +----+-----------+-----------+------+----------+-------+-------------+
| |
| | ID | Name | Memory_MB | Swap | Local_GB | VCPUs | RXTX_Factor |
| |
| +----+-----------+-----------+------+----------+-------+-------------+
| |
| | 1 | m1.tiny | 512 | | 0 | 1 | 1.0 |
| |
| | 2 | m1.small | 2048 | | 10 | 1 | 1.0 |
| |
| | 3 | m1.medium | 4096 | | 10 | 2 | 1.0 |
| |
| | 4 | m1.large | 8192 | | 10 | 4 | 1.0 |
| |
| | 5 | m1.xlarge | 16384 | | 10 | 8 | 1.0 |
| |
| +----+-----------+-----------+------+----------+-------+-------------+
| |
| | |
| | |
| === Configure glance to use keystone ===
| |
| | |
| * Tell keystone about the glance service
| |
| $> cat << EOF | sudo tee -a /etc/keystone/default_catalog.templates
| |
| catalog.RegionOne.image.publicURL = http://localhost:9292/v1
| |
| catalog.RegionOne.image.adminURL = http://localhost:9292/v1
| |
| catalog.RegionOne.image.internalURL = http://localhost:9292/v1
| |
| catalog.RegionOne.image.name = 'Image Service'
| |
| EOF
| |
| $> sudo systemctl restart openstack-keystone
| |
| | |
| * Change glance configuration to use keystone:
| |
| $> echo -e "\nw[paste_deploy]\nflavor = keystone" | sudo tee -a /etc/glance/glance-api.conf
| |
| $> echo -e "\nw[paste_deploy]\nflavor = keystone" | sudo tee -a /etc/glance/glance-registry.conf
| |
| $> sudo openstack-config-set /etc/glance/glance-api-paste.ini filter:authtoken admin_token $ADMIN_TOKEN
| |
| $> sudo openstack-config-set /etc/glance/glance-registry-paste.ini filter:authtoken admin_token $ADMIN_TOKEN
| |
| $> sudo systemctl restart openstack-glance-api.service
| |
| $> sudo systemctl restart openstack-registry-api.service
| |
| | |
| * Verify that glance can talk with keystone (required variable exports from keystone section)
| |
| | |
| $> glance index
| |
