The Keystone service should be installed and configured on the Controller node.
controller# pkg install keystone
Uncomment and set the following two parameters in the /etc/keystone/keystone.conf file.
The admin_token parameter is a “shared secret” between Keystone and other OpenStack services. The value of this parameter can be any string of characters, but this value should not be revealed or distributed. One way to create such a string is to use OpenSSL as shown in the following command:
controller# openssl rand -hex 10 random_string
Use this output value to set the admin_token parameter in the /etc/keystone/keystone.conf file.
admin_token = random_string
The connection parameter is a URI that represents the location of the Keystone database and the kind of database that is used.
Use the controller-name that was output by the previous getent hosts command to set the connection parameter in the /etc/keystone/keystone.conf file.
connection = mysql://keystone:keystone@controller-name/keystone
controller# su - keystone -c "keystone-manage pki_setup"
controller# svcadm enable keystone
This step can be done manually or you can use the sample_data.sh script as shown in the following example. Use the controller-name that was output by the previous getent hosts command.
controller# su - keystone -c "env \ CONTROLLER_ADMIN_ADDRESS=controller-name \ CONTROLLER_INTERNAL_ADDRESS=controller-name \ CONTROLLER_PUBLIC_ADDRESS=controller-name \ /usr/demo/openstack/keystone/sample_data.sh"
The sample_data.sh script supports environment variables that define the node where each API service resides and the password for each service. Review the script for more information about parameters that can be set from the environment. By default, a Keystone user is created for each service under the service tenant, with a password that is the same as the user name. For example, a nova user is created with password nova.