Configure keystone for icehouse in Ubuntu 12.04 lts

Keystone configuration file Overview
The keystone configuration file is under the/etc/keystone directory. The main configuration files include:
Bytes -----------------------------------------------------------------------------------------------------
Default_catalog.templates // directory configuration file, indicating the network location of other openstack services
Ec2rc
Keystone. conf. dpkg-Dist // master configuration file template
Keystone. conf // keystone main configuration file
Keystone-paste.ini.dpkg-dist // pastedeploy profile template
Keystone-paste.ini // pastedeploy configuration file
Logging. conf. Sample // log configuration file template
Policy. JSON // permission management File
SSL // directory used to establish PKI
Bytes ------------------------------------------------------------------------------------------------------
Keystone configuration file Introduction
The keystone configuration file is a general Python wsgi configuration application based on the paste ini format, which mainly includes,

1. keystone-paste.ini
Is the configuration entry point of pastedeploy. In this file, configure wsgi pipeline, filter, and other information.

2. Keystone. conf
This is the most important configuration file for Keystone, including common configuration parameters and specific configuration parameters for different drivers.
The general structure of this file is:
[Default]-common configuration parameters
[SQL]-optional storage end Configuration
[EC2]-Amazon EC2 Identity Authentication driver Configuration
[S3]-Amazon S3 Identity Authentication driver Configuration
[Oauth1]-oauth 1.0a system driver Configuration
[Identity]-identity system driver Configuration
[Catalog]-openstack directory driver Configuration
[Token]-Token driver and Token provider Configuration
[Cache]-Cache layer Configuration
[Policy]-RBAC policy system driver Configuration
[Signing]-used to encrypt and sign PKI-based tokens
[SSL]-SSL Configuration
[Auth]-Identity Authentication plug-in configuration
[OS _inherit]-inherited role assignment extension configuration (inherited role assignment # extension)
[Endpoint_filter]-terminal (endpoint) filtering Extension Configuration
[Paste_deploy]-used to locate the pastedeploy configuration file
[Federation]-Federation driver Configuration
Bytes --------------------------------------------------------------------------------------------------------

The following describes some configurations required for normal keystone operation.

 

# Lock the keystone port. Keystone uses port 35357 registered in IANA. To avoid conflict, remove the port from the temporary port range (optional)

$ Sysctl-W 'Net. ipv4.ip _ local_reserved_ports = 8080'

 

# Or add the same information to the/etc/sysctl. conf file (optional)
$ Vim/etc/sysctl. conf

# Add at the end of the opening document
Net. ipv4.ip _ local_reserved_ports = 35357

 

# Configure keystone
$ Vim/etc/keystone/Keystone. conf

 

# Cancel the comments before these fields to activate the default configuration

[Default]
Admin_token = your_admin_token
Public_bind_host = 0.0.0.0
Admin_bind_host = 0.0.0.0
Compute_port = 8774
Admin _port = 35357
Public_port = 5000
Public_endpoint = http: // localhost: 5000/
Admin_endpoint = http: // localhost: 35357/
Log_config_append =/etc/keystone/logging. conf
Policy_file = policy. JSON

[Auth]
Methods = external, password, Token
Password = Keystone. Auth. plugins. Password. Password
Token = Keystone. Auth. plugins. Token. Token
External = Keystone. Auth. plugins. External. defaultdomain

[Catalog]
Template_file = default_catalog.templates
Driver = Keystone. Catalog. backends. SQL. Catalog

[Credential]
Driver = Keystone. credential. backends. SQL. credential

[Database]
# Connection = SQLite: // var/lib/keystone/Keystone. DB
# Format connection = MYSQL: // User: [email protected]: Port/Database
Connection = MYSQL: // keystone: [email protected]: 3306/keystone

[Identity]
Driver = Keystone. Identity. backends. SQL. Identity

[Paste_deploy]
Config_file = keystone-paste.ini

[Signing]
Certfile =/etc/keystone/SSL/certs/signing_cert.pem
Keyfile =/etc/keystone/SSL/private/signing_key.pem
Ca_certs =/etc/keystone/SSL/certs/CA. pem
Ca_key =/etc/keystone/SSL/private/cakey. pem

[Token]
Driver = Keystone. Token. backends. SQL. Token

 

# Restart the keystone Service
$ Service keystone restart

 

# Create a data table in the keystone Database
$ Keystone-manage db_sync

 

# Initializing keystone data
$ CD/usr/share/keystone/
$./Sample_data.sh

Keystone initialization has been completed so far. In the future, you can use the keystone-all command to start the keystone server and identity API, and use keystone-manage to perform operations that cannot be completed online, use CLI keystone to interact with the keystone server.