Installing and Configuring OpenStack in Oracle® Solaris 11.2

Exit Print View

Updated: April 2015

Installing Keystone

The Keystone service should be installed and configured on the controller node.

The Sample Keystone Script

To quickly populate the Keystone database, you can use a sample script /usr/demo/openstack/keystone/ The script creates the following initial tenants:

  • service, under which a Keystone user is created for each OpenStack service.

  • demo, under which the user admin is created with a default password.

Additionally, the script also sets environment variables that define the node where each API service resides as well as the password for each service. By default, for each of the services for the tenant service, the service name, user name, and password are identical. For example, for the Nova service, the user nova is created with the password nova.

You can change the variables before running the script to customize the service user names and their corresponding passwords as well as the name of the initial tenants. Make sure that you review the script for more information about parameters that can be set for the environment.

How to Install and Configure Keystone

  1. Install the Keystone package.
    controller# pkg install keystone
  2. Create the shared token for Keystone and other OpenStack services.

    The token consists of a random string of characters.

    controller# openssl rand -hex 10
  3. Set the token to an environment variable.
    controller# export SERVICE_TOKEN=token-string
  4. Modify parameters in the /etc/keystone/keystone.conf file.

    The configuration should resemble the following example:

    admin_token = token-string
    connection = mysql://keystone:service-password@$CONTROLLER_ADMIN_NODE/keystone
  5. Enable the Keystone SMF service.
    controller# svcadm enable keystone
  6. Generate Public Key Infrastructure (PKI) tokens.
    controller# su - keystone -c "keystone-manage pki_setup"
  7. Populate the Keystone database.

    To use the sample script, issue the following command.

    SERVICE_TOKEN=token-string \