Ubuntu 12.04
Sponsored Link

OpenStack Havana - Keystone 設定#1
2013/11/22
 
OpenStack Identity Service (Keystone) をインストールします。
[1] Keystone インストール
# 事前にOpenStack Havana 用リポジトリを登録しておく

root@dlp:~#
aptitude -y install keystone python-mysqldb
[2] Keystone 用のユーザーとデータベースを MySQL に登録しておく
root@dlp:~#
mysql -u root -p

Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 37
Server version: 5.5.34-0ubuntu0.12.04.1 (Ubuntu)

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

# 「keystone」データベース作成 ( 'password'の箇所は設定するパスワードを入力 )

mysql>
create database keystone character set utf8;

Query OK, 1 row affected (0.00 sec)
mysql>
grant all privileges on keystone.* to keystone@'%' identified by 'password';

Query OK, 0 rows affected (0.00 sec)
mysql>
flush privileges;

Query OK, 0 rows affected (0.00 sec)
mysql>
exit

Bye
[3] Keystone の基本設定
root@dlp:~#
vi /etc/keystone/keystone.conf
# 3行目:コメント解除して適当な管理者用 Token に変更

admin_token =
admintoken
# 6行目:コメント解除

bind_host = 0.0.0.0
# 9行目:コメント解除

public_port = 5000
# 12行目:コメント解除

admin_port = 35357
# 20行目:コメント解除

compute_port = 8774
# 143行目:変更 ( MySQL に登録したもの )

connection =
mysql://keystone:password@10.0.0.30/keystone
# 311行目:コメント解除して追記

token_format =
PKI
# 312行目:全てコメント解除して地域情報等を変更

certfile = /etc/keystone/pki/certs/signing_cert.pem
keyfile = /etc/keystone/pki/private/signing_key.pem
ca_certs = /etc/keystone/pki/certs/cacert.pem
ca_key = /etc/keystone/pki/private/cakey.pem
key_size = 2048
valid_days = 3650
cert_subject =
/C=JP/ST=Hiroshima/L=Hiroshima/O=Server_World/CN=dlp.srv.world
root@dlp:~#
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone

2013-11-21 15:56:59.857 6100 INFO keystone.common.openssl [-] openssl req 
-key /etc/keystone/pki/private/signing_key.pem -new -out /etc/keystone/pki/certs/req.pem 
-config /etc/keystone/pki/certs/openssl.conf 
-subj /C=JP/ST=Hiroshima/L=Hiroshima/O=Server_World/CN=dlp.srv.world
2013-11-21 15:56:59.867 6100 INFO keystone.common.openssl [-] openssl ca 
-batch -out /etc/keystone/pki/certs/signing_cert.pem 
-config /etc/keystone/pki/certs/openssl.conf -days 3650d 
-cert /etc/keystone/pki/certs/cacert.pem -keyfile /etc/keystone/pki/private/cakey.pem 
-infiles /etc/keystone/pki/certs/req.pem
Using configuration from /etc/keystone/pki/certs/openssl.conf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'JP'
stateOrProvinceName   :ASN.1 12:'Hiroshima'
localityName          :ASN.1 12:'Hiroshima'
organizationName      :ASN.1 12:'Server_World'
commonName            :ASN.1 12:'dlp.srv.world'
Certificate is to be certified until Nov 19 06:56:59 2023 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated

root@dlp:~#
keystone-manage db_sync

root@dlp:~#
service keystone restart

keystone stop/waiting
keystone start/running, process 1567
関連コンテンツ