The Keystone service should be installed and configured on the controller node.
To quickly populate the Keystone database, you can use a sample script /usr/demo/openstack/keystone/sample_data.sh. The script creates the following initial tenants:
service, under which a Keystone user is created for each OpenStack service.
demo, under which the user admin is created with a default password.
Additionally, the script also sets environment variables that define the node where each API service resides as well as the password for each service. By default, for each of the services for the tenant service, the service name, user name, and password are identical. For example, for the Nova service, the user nova is created with the password nova.
You can change the variables before running the script to customize the service user names and their corresponding passwords as well as the name of the initial tenants. Make sure that you review the script for more information about parameters that can be set for the environment.
controller# pkg install keystone
The token consists of a random string of characters.
controller# openssl rand -hex 10 token-string
controller# export SERVICE_TOKEN=token-string
The configuration should resemble the following example:
[DEFAULT] admin_token = token-string qpid_hostname=$CONTROLLER_ADMIN_NODE rabbit_host=$CONTROLLER_ADMIN_NODE ... [database] connection = mysql://keystone:service-password@$CONTROLLER_ADMIN_NODE/keystone
controller# svcadm enable keystone
controller# su - keystone -c "keystone-manage pki_setup"
To use the sample script, issue the following command.
controller# CONTROLLER_PUBLIC_ADDRESS=$CONTROLLER_ADMIN_NODE \ CONTROLLER_ADMIN_ADDRESS=$CONTROLLER_ADMIN_NODE \ CONTROLLER_INTERNAL_ADDRESS=$CONTROLLER_ADMIN_NODE \ SERVICE_TOKEN=token-string \ /usr/demo/openstack/keystone/sample_data.sh