- Who we are
- What we know
- What we've created
- Hints and Kinks
- Checking Corosync cluster membership
- Configuring radosgw to behave like Amazon S3
- Downgrading to DRBD 8.3
- Fencing in Libvirt/KVM virtualized cluster nodes
- Fencing in VMware virtualized Pacemaker nodes
- GFS2 in Pacemaker (Debian/Ubuntu)
- Interleaving in Pacemaker clones
- Maintenance in active Pacemaker clusters
- Managing cron jobs with Pacemaker
- Mandatory and advisory ordering in Pacemaker
- Migrating virtual machines from block-based storage to RADOS/Ceph
- Network connectivity check in Pacemaker
- OCFS2 in Pacemaker (Debian/Ubuntu)
- Solid-state drives and Ceph OSD journals
- Solve a DRBD split-brain in 4 steps
- Testing Pacemaker clusters
- Totem "Retransmit List" in Corosync
- Turning Ceph RBD Images into SAN Storage Devices
- Which OSD stores a specific RADOS object?
- Presentations
- Ceph Tutorial (LCA 2013)
- Ceph: The Storage Stack for OpenStack (OpenStack Israel 2013)
- Die eigene Cloud mit OpenStack Essex (German, LinuxTag 2012)
- Fencing (LCE 2011)
- GlusterFS in HA Clusters (LCEU 2012)
- GlusterFS und Ceph (German, CeBIT 2012)
- Hands-On With Ceph (LCEU 2012)
- High Availability Update (OpenStack Summit Fall 2012)
- High Availability in OpenStack (CloudOpen 2012)
- High Availability in OpenStack (OpenStack Conference Spring 2012)
- Highly Available Cloud: Pacemaker integration with OpenStack (OSCON 2012)
- Mit OpenStack zur eigenen Cloud (German, CLT 2012)
- Mit OpenStack zur eigenen Cloud (German, OSDC 2012)
- More Reliable, More Resilient, More Redundant (OpenStack Summit April 2013)
- MySQL HA Deep Dive (MySQL Conference 2012)
- MySQL High Availability Deep Dive (PLUK 2012)
- MySQL High Availability Sprint (PLUK 2011)
- OpenStack Essex im Praxistest (German, Linuxwochen Wien 2012)
- OpenStack High Availability Update (Grizzly and Havana)
- Roll Your Own Cloud (LCA 2011)
- Storage Replication in HPHA (LCA 2012)
- Zen of Pacemaker (LCA 2012)
- hastexo in 100 Seconds
- Technical documentation
- News releases
- Hints and Kinks
- What we do
- What we charge
- What others say
Click to Enlarge
Disclaimer
Please note: this information is provided on an as-is basis, without warranty of any kind, to the extent permitted by applicable law. Use at your own discretion.
Step 3: Install and configure Keystone
We can finally get to OpenStack now and we'll start by installing the Identity component, codenamed Keystone. Install the according packages:
apt-get install keystone python-keystone python-mysqldb python-keystoneclient
Then, open /etc/keystone/keystone.conf in an editor and make sure to set a value for admin_token. We'll use "hastexo" in this example.
Scroll down to the section starting with [sql]. Change it to match the database settings that we defined for Keystone in step 2:
[sql]
connection = mysql://keystonedbadmin:Ue0Ud7ra@10.42.0.6/keystone
idle_timeout = 200
Be sure to replace 10.42.0.6 with the actual IP of your MySQL server. After you have conduced these changes, restart Keystone by issuing this command:
service keystone restart
Then make Keystone create its tables within the freshly created keystone database:
keystone-manage db_sync
The next step is to fill Keystone with actual data. You can use the script attached to this blog entry entitled keystone_data.sh_.txt. It's courtesy of the Devstack project with some adaptions. Rename the file to keystone_data.sh. Be sure to replace the admin password (ADMIN_PASSWORD variable) and the value for SERVICE_TOKEN with the entry you specified in keystone.conf for admin_token earlier. Then just make the script executable and call it; if everything goes well, it should deliver a return code of 0.
Last but not least, you'll also want to define endpoints in Keystone. Use the endpoints.sh._txt script attached to this text to do that; rename the script to endpoints.sh and make sure it's executable. It takes several parameters - a typical call would look like this:
./endpoints.sh -m 10.42.0.6 -u keystonedbadmin -D keystone -p Ue0Ud7ra -K 10.42.0.6 -R RegionOne -E "http://localhost:35357/v2.0" -S 10.42.0.50 -T hastexo
The values used have the following meanings:
-m 10.42.0.6 - the host where your MySQL database is running (as defined in step 2)
-u keystonedbadmin - the name of the keystone user that may access the mysql database (as defined in step 2)
-D keystone - the database that belongs to Keystone in MySQL (as defined in step 2)
-p Ue0Ud7ra - the password of the keystone MySQL user to access the database (as defined in step 2)
-K 10.42.0.6 - the host where all your OpenStack services will initially run
-R RegionOne - the standard region for your endpoints; leave unchanged when following this howto.
-E "http://localhost:35357/v2.0" - the keystone endpoint for user authentication; leave unchanged when following this howto.
-S 10.42.0.6 - Should you wish to run Swift at a later point, put in the IP address of the swift-proxy server here.
-T hastexo - the token you put into keystone.conf; use hastexo when following this howto.
Replace the values above to match your setup (especially the values for the -K and -S parameters).
File Attachment:
Comments
problem on running ./endpoints.sh
i got the following erres
Keystone region not set. Please set with -R option or set KEYSTONE_REGION variable.Keystone service token not set. Please set with -T option or set SERVICE_TOKEN variable.Keystone service endpoint not set. Please set with -E option or set SERVICE_ENDPOINT variable. i need help
thanx
Add Grant Privileges for IP connect to mysql
Dear Martin,
if you want to use: connection = mysql://keystonedbadmin:Ue0Ud7ra@10.42.0.6/keystone
with IP you should give the previleges to this IP for mysql or use localhost.
So change this to: connection = mysql://keystonedbadmin:Ue0Ud7ra@localhost/keystone
or better add the GRANT ALL PRIVILEGES like:
GRANT ALL PRIVILEGES ON nova.* TO 'novadbadmin'@'10.42.0.6' IDENTIFIED BY 'dieD9Mie';
GRANT ALL PRIVILEGES ON glance.* TO 'glancedbadmin'@'10.42.0.6' IDENTIFIED BY 'ohC3teiv';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystonedbadmin'@'10.42.0.6' IDENTIFIED BY 'Ue0Ud7ra';
otherwise you will run in trouble.
keystone errors
keystone user-list
No handlers could be found for logger "keystoneclient.client"Invalid tenant (HTTP 401) onthe other server we get
Expecting authentication method via either a service token, --token or env[SERVICE_TOKEN], or credentials, --os_username or env[OS_USERNAME].
HELP PLEASE !!!!!!!!!!!!!!!!!!!
the ADMIN_PASSWORD
how do i change the admin_password variable?
admin_password = pass1234
because when i downloaded the file on the site the admin_password looked like ADMIN_PASSWORD= ${ADMIN_PASSWORD:-hastexo} or i have to write the token_server that i wrote in the keystone.conf earlier? like ${ADMIN_PASSWORD:-"token"}
thanks!
keystone.sh missing argument service_id
when i try to run the script with the arguments given in the guide(adepted to own settings) i get this error multiple times on my screen
keystone endpoint-create: error: argument --service_id: expected one argument
can someone help me with this please
endpoints.sh swift-proxy IP
Hello,
When I'd originally gone through this howto I was planning on using this first compute node to also act as the swift-proxy, so I used that IP with the -S switch. Later I decided against doing that, and set up a dedicated swift-proxy server. What's the correct way to change that IP address originally set with endpoints.sh?
not running keystone_data.sh running well
here is a problem that when i run this file it shows
keystone: error: argument --username: expected one argument
plz when i enter the command
plz when i enter the command
apt-get install keystone python-keystone python-mysqldb python-keystoneclienti get this error Unable to locate package python-keystoneclient :/ what am i doing wrong and what can i do to fix it
I had the same problem.
I had the same problem. Already tried add the repository (github) for python-keystoneclient but was unsuccessfully. After add-repository, i get the error: W: Failed to fetch https://github.com/ope ...I'm still waiting for a answer.Thanks
Error while executing keystone_data.sh
Hello, i definitly doing something wrong. I used the same username and password as you did in this tutorial. I changed de SERVICE_TOKEN with hastexo, and the ADMIN_PASSWORD = also still hastexo..When i execute the script i get the following error: Keystone: error: argument --username: expected one argument.
Can you help me solve this, what am i doing wrong?
not finding the keystone_data.sh
Hello, there
I did not find the keystone_data.sh_.txt file... How to proceed?
Problem on running endpoint.sh
Hi,
On running;
# ./endpoints.sh -m 10.42.0.6 -u keystonedbadmin -D keystone -p Ue0Ud7ra -K 10.42.0.6 -R RegionOne -E "http://localhost:35357/v2.0" -S 10.42.0.50 -T hastexo
Keystone region not set. Please set with -R or set KEYSTONE_REGION variable.Keystone sevice token not set. Please set with -T or set SERVICE_TOKEN variable.Keystone service endpoint not set. Please set with -R or set SERVICE_ENDPOINT variable.
What shall I do? TIA
satimis
I would suggest
I would suggest using:
problem with Keystone endpoint
While trying to fill keystone database using the above script, I have encoutered the following error,
keystone endpoint-create: error: argument --service_id: expected one argument
have you guys come across the same problem? any solutions!
problem with Keystone endpoint
Check your /etc/keystone/logging.conf to make sure you are using the SQL driver, not the default template.
In /etc/keystone/logging.conf go to the section [catalog] and make sure you have
driver = keystone.catalog.backends.sql.Catalog
keystone endpoint-create: error: argument --service_id: expected
I got the same problem. The "keystone service-create ..." command inside the endpoints.sh never made into the keystone service table. Running "keystone service-list" will show all the records, but after "service keystone restart", the "keystone service-list" shows empty. Since the service never made into the table, the second parameter of "create_endpoint" will be empty always.
Any clue? I've been struggling all night.
Thank,
David
Can you post the complete
Can you post the complete output of the command please, starting right after you called it?
Parameter failure
Hi
Thx for the updated tutorial. You have a tippo in the parameter line, it have to be -t and not -D accordingly to your script.
Thanks for the heads-up! I
Thanks for the heads-up! I uploaded the latest revision of the script, which correctly supports -D instead of -t. :)
Endpoints
It's also a good idea to replace "localhost" with the public IP in the catalog template so that keystone correctly exposes endpoints for remote requests.
Bug in Script
Hi folks,
Great tutorial! So far everything has been easy to understand and the setup seems speedy. For linux noobs like myself out there, I wanted to point out the attached script had a simple syntax bug that prevented execution on my system (Ubuntu 12.04 Beta 2). Line 29:
"function get_id () { "
should be:
" get_id () { " or, alternatively "function get_id {"
Re: Bug in Script
Hello,
ahum, may I ask what shell you are using on that system?
Best regards
Martin
MySQL backend still recommended for Essex
Note that storing the endpoint catalog in MySQL is still recommended for production deployments with Essex. See the discussion in the comments here: https://review.openstack.org/6085.
For development purposes (e.g., devstack), template-based catalog is fine.
RE: MySQL backend still recommended for Essex
Hi there,
thanks for your feedback; I will adapt this part of the tutorial with the next batch of changes.
Best regards
Martin