path: root/security/py-keystone/files/pkg-message.in

================================================================================

==================
 1. Prerequisites
==================

On the system where Keystone will run:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- a httpd service, e.g. apache, in conjunction with mod_wsgi or
  mod_proxy_uswgi is required to make Keystone available.
- Please have a look in %%EXAMPLESDIR%%/httpd
  for some example configurations.

On the system that will be used to manage the Keystone service:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- create an normal user 
- install the OpenStack client (net/py-python-openstackclient)

===================================
 2. Configure the Keystone service
===================================

Edit %%PREFIX%%/etc/keystone/keystone.conf .

Database access:
~~~~~~~~~~~~~~~~

In the [database] section, set the location for the database. Please make sure,
that you use an absolute path otherwise Keystone won't work properly.

[database]
# ...
connection = sqlite:////var/lib/keystone/keystone.db

Token provider:
~~~~~~~~~~~~~~~

In the [token] section, configure the Fernet token provider:

[token]
# ...
provider = fernet

===========================================
 3. Populate the Identity service database
===========================================

# su -m keystone -c "keystone-manage db_sync"

=======================================
 4. Initialize Fernet key repositories
=======================================

The key repositories will be placed by default in:

- %%PREFIX%%/etc/keystone/credential-keys/
- %%PREFIX%%/etc/keystone/fernet-keys/

# keystone-manage fernet_setup --keystone-user keystone \
  --keystone-group keystone

# keystone-manage credential_setup --keystone-user keystone \
  --keystone-group keystone

===================================
 5. Bootstrap the Identity service
===================================

# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
  --bootstrap-admin-url http://HOSTNAME:35357/v3/ \
  --bootstrap-internal-url http://HOSTNAME:5000/v3/ \
  --bootstrap-public-url http://HOSTNAME:5000/v3/ \
  --bootstrap-region-id RegionOne

=============================
 6. Configure the web server
=============================

Refer to the example configuration files in
%%EXAMPLESDIR%%/httpd

=============================
 7. Configure the admin user
=============================

Login with the user that should be used for the administrative tasks and set the
environment variables as listed below:

$ export OS_USERNAME=admin
$ export OS_PASSWORD=ADMIN_PASS
$ export OS_PROJECT_NAME=admin
$ export OS_USER_DOMAIN_NAME=Default
$ export OS_PROJECT_DOMAIN_NAME=Default
$ export OS_AUTH_URL=http://HOSTNAME:35357/v3
$ export OS_IDENTITY_API_VERSION=3

===============================================
 8. Create a domain, projects, users and roles
===============================================

$ openstack domain create --description "An Example Domain" example

$ openstack project create --domain default \
	--description "Service project" service

$ openstack project create --domain default \
	--description "Demo Project" demo

$ openstack user create --domain default \
	--password-prompt demo

=====================
 9. Verify operation
=====================

$ unset OS_AUTH_URL OS_PASSWORD

$ openstack --os-auth-url http://HOSTNAME:35357/v3 \
  --os-project-domain-name Default --os-user-domain-name Default \
  --os-project-name admin --os-username admin token issue

$ openstack --os-auth-url http://HOSTNAME:5000/v3 \
  --os-project-domain-name Default --os-user-domain-name Default \
  --os-project-name demo --os-username demo token issue

================================================================================