Openstack Xena on Ubuntu 20.04 – Keystone

Posted on by sandeep

[ Previous: Pre-requisites (1/9) ]         [ 2 / 9 : Keystone ]           [ Next: Glance (3 / 9) ]

Create the database for Keystone service

create database keystone; 
grant all privileges on keystone.* to keystone@'localhost' identified by 'password'; 
grant all privileges on keystone.* to keystone@'%' identified by 'password'; 
flush privileges; 
exit

Install required packages

apt -y install keystone apache2 libapache2-mod-wsgi-py3 python3-oauth2client

Update the configurations in /etc/keystone/keystone.conf as shown below

[cache]
memcache_servers = 10.0.3.1:11211

[database]
connection = mysql+pymysql://keystone:password@10.0.3.1/keystone

[receipt]
provider = fernet

Populate the identity service database

su -s /bin/bash keystone -c "keystone-manage db_sync"

Initialize fernet – allow running keystone under another operating system user/group

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

Bootstrap keystone. 

keystone-manage bootstrap --bootstrap-password password --bootstrap-admin-url http://10.0.3.1:5000/v3/ --bootstrap-internal-url http://10.0.3.1:5000/v3/ --bootstrap-public-url http://10.0.3.1:5000/v3/ --bootstrap-region-id RegionOne

Edit ServerName configuration in /etc/apache2/apache2.conf as shown below.  Note the usage of a hostname which resolves to node IP 10.0.3.1

#ServerRoot "/etc/apache2"
ServerName controller

Restart apache2

systemctl restart apache2

The OpenStack client makes use of values set in environment variables.  Create a file named admin-rc which exports/sets values for environment variables.  

Content of ~/admin-rc

export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=password
export OS_AUTH_URL=http://10.0.3.1:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

Update ~/.bashrc file such that every time we log in the contents is sourced and environment variables are set.

chmod +x admin-rc
echo "source ~/admin-rc " >> ~/.bashrc

[ Previous: Pre-requisites (1/9) ]         [ 2 / 9 : Keystone ]           [ Next: Glance (3 / 9) ]