You're reading from Production Ready OpenStack - Recipes for Successful Environments Production Ready OpenStack - Recipes for Successful Environments

Product type Paperback

Published in Oct 2015

Publisher Packt

ISBN-13 9781783986903

Length 210 pages

Edition 1st Edition

Tools

OpenStack

Concepts

Cloud Computing

Author (1):

Arthur Berezin

View More author details

Table of Contents (11) Chapters

Preface

1. Introduction to OpenStack and its Deployment Using Packages FREE CHAPTER

2. Deploying OpenStack Using Staypuft OpenStack Installer

3. Deploying Highly Available OpenStack

4. Keystone Identity Service

5. Glance Image Service

6. Cinder Block Storage Service

7. Neutron Networking Service

8. Nova-Compute Service

9. Horizon Dashboard Service

Index

Installing Keystone – Identity service

Keystone project provides Identity as a service for all OpenStack services and components. It is recommended to authenticate users and authorize access of OpenStack components. For Example, if a user would like to launch a new instance, Keystone is responsible for making sure that the user account, which issued the instance launch command, is a known authenticated user account and the account has permissions to launch the instance.

Keystone also provides a services catalog, which OpenStack serves, users and other services can query Keystone for the services of a particular OpenStack environment. For each service, Keystone returns an endpoint, which is a network-accessible URL from where users and services can access a certain service.

In this chapter, we are going to configure Keystone to use MariaDB as the backend data store provides, which is the most common configuration. Keystone can also use user account details on an LDAP server or Microsoft Active Directory, which will be covered in Chapter 4, Keystone Identity Service.

Getting Ready

Before installing and configuring Keystone, we need to prepare a database for Keystone to use, configure it's user's permissions, and open needed firewall ports, so other nodes would be able to communicate with it. Keystone is usually installed on the controller node as part of OpenStack's control plane.

Run the following commands on the controller node!

Create Keystone database

To create a database for Keystone, use MySQL command to access the MariaDB instance, This will ask you to type the password you selected for the MariaDB root user:
```
[root@controller ~]# mysql -u root -p
```

Create a database named keystone:

MariaDB [(none)]> CREATE DATABASE keystone;

Create a user account named keystone with the selected password instead of 'my_keystone_db_password':

MariaDB [(none)]> GRANT ALL ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'my_keystone_db_password';

Grant access for keystone user account to the keystone database:

MariaDB [(none)]> GRANT ALL ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'my_keystone_db_password';

Flush database privileges to ensure that they are effective immediately:
```
MariaDB [(none)]> FLUSH PRIVILEGES;
```
At this point, you can exit the MySQL client:
```
MariaDB [(none)]> quit
```

Open Keystone service firewall ports

Keystone service uses port 5000 for public access and port 35357 for administration.

[root@controller ~]# firewall-cmd --add-port=5000/tcp --permanent
[root@controller ~]# firewall-cmd --add-port=35357/tcp --permanent

How to do it...

Proceed with the following steps:

Install service packages

By now, all OpenStack's prerequisites, including a database service and a message broker, should be installed and configured, and this is the first OpenStack service we install. First, we need to install, configure, enable, and start the package.

Install keystone package using yum command as follows:

[root@controller ~]# yum install -y openstack-keystone

This will also install Python supporting packages and additional packages for more advanced backend configurations.

Configure database connection

Keystone's database connection string is set in /etc/keystone/keystone.conf; we can use the #openstack-config command to configure the connection string.

Run the openstack-config command with your chosen keystone database user details and database IP address:

[root@controller ~]# openstack-config --set /etc/keystone/keystone.conf    sql connection mysql://keystone:'my_keystone_db_password'@10.10.0.1/keystone

After the database is configured, we can create the Keystone database tables using db_sync command:
```
[root@controller ~]# su keystone -s /bin/sh -c "keystone-manage db_sync"
```
Note
To make sure that the Keystone database is populated successfully, verify the Keystone database exists using MySql command #mysql -u root -p -e 'show databases;' which provides database's root account password.

Keystone service basic configuration

Before starting the Keystone service, we need to make some initial service configurations for it to start properly.

Configure administrative token

Keystone can use a token by which it will identify the administrative user:

Set a custom token or use openssl command to generate a random token:

[root@controller ~]# export SERVICE_TOKEN=$(openssl rand -hex 10)

Store the token in a file for use in the next steps:
```
[root@controller ~]# echo $SERVICE_TOKEN > ~/keystone_admin_token
```
We need to configure Keystone to use the token we created, we can manually edit the Keystone configuration file /etc/keystone/keystone.conf and manually remove comment mark # next to admin_token or we can use the command openstack-config to set the needed property.
Note
openstack-config command is provided by # yum install openstack-utils.

Use openstack-config command to configure service_token parameter as follows:

[root@controller ~]# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $SERVICE_TOKEN