Installing and Configuring OpenStack in Oracle® Solaris 11.2

Exit Print View

Updated: April 2015

Installing Keystone

The Keystone service should be installed and configured on the Controller node.

How to Install and Configure Keystone

  1. Install the Keystone package.
    controller# pkg install keystone
  2. Modify the Keystone configuration file.

    Uncomment and set the following two parameters in the /etc/keystone/keystone.conf file.

    1. Set the admin_token parameter.

      The admin_token parameter is a “shared secret” between Keystone and other OpenStack services. The value of this parameter can be any string of characters, but this value should not be revealed or distributed. One way to create such a string is to use OpenSSL as shown in the following command:

      controller# openssl rand -hex 10

      Use this output value to set the admin_token parameter in the /etc/keystone/keystone.conf file.

      admin_token = random_string
    2. Set the connection parameter.

      The connection parameter is a URI that represents the location of the Keystone database and the kind of database that is used.

      Use the controller-name that was output by the previous getent hosts command to set the connection parameter in the /etc/keystone/keystone.conf file.

      connection = mysql://keystone:keystone@controller-name/keystone
  3. Generate Public Key Infrastructure (PKI) tokens.
    controller# su - keystone -c "keystone-manage pki_setup"
  4. Enable the Keystone SMF service.
    controller# svcadm enable keystone
  5. Populate the Keystone database.

    This step can be done manually or you can use the script as shown in the following example. Use the controller-name that was output by the previous getent hosts command.

    controller# su - keystone -c "env \
    CONTROLLER_ADMIN_ADDRESS=controller-name \
    CONTROLLER_PUBLIC_ADDRESS=controller-name \

    The script supports environment variables that define the node where each API service resides and the password for each service. Review the script for more information about parameters that can be set from the environment. By default, a Keystone user is created for each service under the service tenant, with a password that is the same as the user name. For example, a nova user is created with password nova.