O'Reilly logo

Production Ready OpenStack - Recipes for Successful Environments by Arthur Berezin

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Generating and configuring tokens PKIs

Keystone uses cryptographically signed tokens with a private key and is matched against x509 certificate with a public key. Chapter 4, Keystone Identity Service discusses more advanced configurations. In this chapter, we use keystone-manage pki_setup command to generate PKI key pairs and to configure Keystone to use it.

How to do it…

Proceed with the following steps:

  1. Generate PKI keys using keystone-manage pki_setup command:
    [root@controller ~]# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
    

    Note

    In keystone-manage pki_setup, we use Keystone Linux user and group accounts, which were created when openstack-keystone package was installed.

  2. Change ownership of the generated PKI files: ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required