3 # Basic keystone setup as described on:
4 # https://docs.openstack.org/mitaka/install-guide-ubuntu/keystone-install.html
5 # https://docs.openstack.org/keystone/pike/install/keystone-install-ubuntu.html
7 # Prerequisites: /etc/postgresql/postgresql-init must be run first to create the DB
9 # After complete you should be able to query keystone with something like the
10 # following (https://docs.openstack.org/keystone/latest/api_curl_examples.html)
13 # -H "Content-Type: application/json" \
17 # "methods": ["password"],
20 # "name": "%ADMIN_USER%",
21 # "domain": { "id": "default" },
22 # "password": "%ADMIN_PASSWORD%"
28 # "http://localhost:5000/v3/auth/tokens" ; echo
31 # Substitutions setup at do_intall()
33 KEYSTONE_USER=%KEYSTONE_USER%
34 KEYSTONE_GROUP=%KEYSTONE_GROUP%
35 CONTROLLER_IP=%CONTROLLER_IP%
36 ADMIN_USER=%ADMIN_USER%
37 ADMIN_PASSWORD=%ADMIN_PASSWORD%
38 ADMIN_ROLE=%ADMIN_ROLE%
40 # Create the keystone DB and grant the necessary permissions
41 sudo -u postgres psql -c "CREATE DATABASE keystone" 2> /dev/null
42 sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE keystone TO ${DB_USER}" 2> /dev/null
44 keystone-manage db_sync
46 keystone-manage fernet_setup --keystone-user ${KEYSTONE_USER} --keystone-group ${KEYSTONE_GROUP}
47 keystone-manage credential_setup --keystone-user ${KEYSTONE_USER} --keystone-group ${KEYSTONE_GROUP}
49 keystone-manage bootstrap \
50 --bootstrap-password ${ADMIN_PASSWORD} \
51 --bootstrap-username ${ADMIN_USER} \
52 --bootstrap-project-name admin \
53 --bootstrap-role-name ${ADMIN_ROLE} \
54 --bootstrap-service-name keystone \
55 --bootstrap-region-id RegionOne \
56 --bootstrap-admin-url http://${CONTROLLER_IP}:35357 \
57 --bootstrap-internal-url http://${CONTROLLER_IP}:5000 \
58 --bootstrap-public-url http://${CONTROLLER_IP}:5000
60 #keystone-manage pki_setup --keystone-user=root --keystone-group=daemon