Step 3: Install and configure Keystone

We can finally get to OpenStack now and we'll start by installing the Identity component, codenamed Keystone. Install the according packages:

apt-get install keystone python-keystone python-mysqldb python-keystoneclient

Then, open /etc/keystone/keystone.conf in an editor and make sure to set a value for admin_token. We'll use "hastexo" in this example.

Scroll down to the section starting with [sql]. Change it to match the database settings that we defined for Keystone in step 2:

[sql]
connection = mysql://keystonedbadmin:Ue0Ud7ra@10.42.0.6/keystone
idle_timeout = 200

Be sure to replace 10.42.0.6 with the actual IP of your MySQL server. After you have conduced these changes, restart Keystone by issuing this command:

service keystone restart

Then make Keystone create its tables within the freshly created keystone database:

keystone-manage db_sync

The next step is to fill Keystone with actual data. You can use the script attached to this blog entry entitled keystone_data.sh_.txt. It's courtesy of the Devstack project with some adaptions. Rename the file to keystone_data.sh. Be sure to replace the admin password (ADMIN_PASSWORD variable) and the value for SERVICE_TOKEN with the entry you specified in keystone.conf for admin_token earlier. Then just make the script executable and call it; if everything goes well, it should deliver a return code of 0.

Last but not least, you'll also want to define endpoints in Keystone. Use the endpoints.sh._txt script attached to this text to do that; rename the script to endpoints.sh and make sure it's executable. It takes several parameters - a typical call would look like this:

./endpoints.sh -m 10.42.0.6 -u keystonedbadmin -D keystone -p Ue0Ud7ra -K 10.42.0.6 -R RegionOne -E "http://localhost:35357/v2.0" -S 10.42.0.50 -T hastexo

The values used have the following meanings:

-m 10.42.0.6 - the host where your MySQL database is running (as defined in step 2)
-u keystonedbadmin - the name of the keystone user that may access the mysql database (as defined in step 2)
-D keystone - the database that belongs to Keystone in MySQL (as defined in step 2)
-p Ue0Ud7ra - the password of the keystone MySQL user to access the database (as defined in step 2)
-K 10.42.0.6 - the host where all your OpenStack services will initially run
-R RegionOne - the standard region for your endpoints; leave unchanged when following this howto.
-E "http://localhost:35357/v2.0" - the keystone endpoint for user authentication; leave unchanged when following this howto.
-S 10.42.0.6 - Should you wish to run Swift at a later point, put in the IP address of the swift-proxy server here. 
-T hastexo - the token you put into keystone.conf; use hastexo when following this howto. 

Replace the values above to match your setup (especially the values for the -K and -S parameters).

Comments

Keystone_data.sh not working

when i running ./keystone_data.sh it showing the following errors

No handlers could be found for logger "keystoneclient.client"Conflict occurred attempting to store tenant. (IntegrityError) (1062, "Duplicate entry 'admin' for key 'name'") 'INSERT INTO tenant (id, name, extra) VALUES (%s, %s, %s)' ('9d611fb757524b339caccd985e09313e', 'admin', '{"enabled": true, "description": null}') (HTTP 409)

problem on running ./endpoints.sh

i got the following erres

Keystone region not set. Please set with -R option or set KEYSTONE_REGION variable.Keystone service token not set. Please set with -T option or set SERVICE_TOKEN variable.Keystone service endpoint not set. Please set with -E option or set SERVICE_ENDPOINT variable. i need help

thanx

 

Add Grant Privileges for IP connect to mysql

Dear Martin,

if you want to use: connection = mysql://keystonedbadmin:Ue0Ud7ra@10.42.0.6/keystone

with IP you should give the previleges to this IP for mysql or use localhost.

So change this to: connection = mysql://keystonedbadmin:Ue0Ud7ra@localhost/keystone

or better add the GRANT ALL PRIVILEGES like:

GRANT ALL PRIVILEGES ON nova.* TO 'novadbadmin'@'10.42.0.6' IDENTIFIED BY 'dieD9Mie';

GRANT ALL PRIVILEGES ON glance.* TO 'glancedbadmin'@'10.42.0.6' IDENTIFIED BY 'ohC3teiv';

GRANT ALL PRIVILEGES ON keystone.* TO 'keystonedbadmin'@'10.42.0.6' IDENTIFIED BY 'Ue0Ud7ra';

otherwise you will run in trouble.

keystone errors

keystone user-list


 


No handlers could be found for logger "keystoneclient.client"Invalid tenant (HTTP 401) onthe other server we get


Expecting authentication method via  either a service token, --token or env[SERVICE_TOKEN],  or credentials, --os_username or env[OS_USERNAME].


HELP PLEASE !!!!!!!!!!!!!!!!!!!


 

the ADMIN_PASSWORD

how do i change the admin_password variable?

admin_password = pass1234

because when i downloaded the file on the site the admin_password looked like ADMIN_PASSWORD= ${ADMIN_PASSWORD:-hastexo} or i have to write the token_server that i wrote in the keystone.conf earlier? like ${ADMIN_PASSWORD:-"token"}

thanks!

keystone.sh missing argument service_id

when i try to run the script with  the arguments given in the guide(adepted to own settings) i get this error multiple times on my screen

 

keystone endpoint-create: error: argument --service_id: expected one argument

can someone help me with this please

endpoints.sh swift-proxy IP

Hello,

When I'd originally gone through this howto I was planning on using this first compute node to also act as the swift-proxy, so I used that IP with the -S switch. Later I decided against doing that, and set up a dedicated swift-proxy server. What's the correct way to change that IP address originally set with endpoints.sh?

not running keystone_data.sh running well

here is a problem that when i run this file it shows

keystone: error: argument --username: expected one argument

plz when i enter the command

plz when i enter the command apt-get install keystone python-keystone python-mysqldb python-keystoneclient

i get this error Unable to locate package python-keystoneclient :/ what am i doing wrong and what can i do to fix it

  I had the same problem.

 

I had the same problem. Already tried add the repository (github) for python-keystoneclient  but was unsuccessfully. After add-repository, i get the error:     W: Failed to fetch https://github.com/ope ...I'm still waiting for a answer.Thanks 

 

Error while executing keystone_data.sh

Hello, i definitly doing something wrong. I used the same username and password as you did in this tutorial. I changed de SERVICE_TOKEN with hastexo, and the ADMIN_PASSWORD = also still hastexo..When i execute the script i get the following error: Keystone: error: argument --username: expected one argument.

Can you help me solve this, what am i doing wrong?

not finding the keystone_data.sh

Hello, there

I did not find the keystone_data.sh_.txt file... How to proceed?

Problem on running endpoint.sh

Hi,

On running;

# ./endpoints.sh -m 10.42.0.6 -u keystonedbadmin -D keystone -p Ue0Ud7ra -K 10.42.0.6 -R RegionOne -E "http://localhost:35357/v2.0" -S 10.42.0.50 -T hastexo

Keystone region not set.  Please set with -R or set KEYSTONE_REGION variable.Keystone sevice token not set.  Please set with -T or set SERVICE_TOKEN variable.Keystone service endpoint not set.  Please set with -R or set SERVICE_ENDPOINT variable.

What shall I do?  TIA

satimis

 

 

I would suggest

I would suggest using:

connection = mysql://keystonedbadmin:Ue0Ud7ra@localhost/keystone

problem with Keystone endpoint

While trying to fill keystone database using the above script, I have encoutered the following error,

keystone endpoint-create: error: argument --service_id: expected one argument

have you guys come across the same problem? any solutions!

problem with Keystone endpoint

Check your /etc/keystone/logging.conf to make sure you are using the SQL driver, not the default template.

In /etc/keystone/logging.conf go to the section [catalog] and make sure you have

driver = keystone.catalog.backends.sql.Catalog

keystone endpoint-create: error: argument --service_id: expected

I got the same problem. The "keystone service-create ..." command inside the endpoints.sh never made into the keystone service table. Running "keystone service-list" will show all the records, but after "service keystone restart", the "keystone service-list" shows empty. Since the service never made into the table, the second parameter of "create_endpoint" will be empty always.

Any clue? I've been struggling all night.

 

Thank,

David

Can you post the complete

Can you post the complete output of the command please, starting right after you called it?

Parameter failure

Hi

Thx for the updated tutorial. You have a tippo in the parameter line, it have to be -t and not -D accordingly to your script. 

Thanks for  the heads-up! I

Thanks for  the heads-up! I uploaded the latest revision of the script, which correctly supports -D instead of -t. :)

Endpoints

It's also a good idea to replace "localhost" with the public IP in the catalog template so that keystone correctly exposes endpoints for remote requests.

 

Bug in Script

Hi folks,

Great tutorial! So far everything has been easy to understand and the setup seems speedy. For linux noobs like myself out there, I wanted to point out the attached script had a simple syntax bug that prevented execution on my system (Ubuntu 12.04 Beta 2). Line 29:

"function get_id () { "

should be:

" get_id () { " or, alternatively "function get_id {"

Re: Bug in Script

Hello,

ahum, may I ask what shell you are using on that system?

Best regards

Martin

MySQL backend still recommended for Essex

Note that storing the endpoint catalog in MySQL is still recommended for production deployments with Essex. See the discussion in the comments here: https://review.openstack.org/6085.

For development purposes (e.g., devstack), template-based catalog is fine.

RE: MySQL backend still recommended for Essex

Hi there,

thanks for your feedback; I will adapt this part of the tutorial with the next batch of changes.

Best regards

Martin