kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/security/py-keystone/files/pkg-message.in
Mathieu Arnold bc89cd3d2c Convert to UCL & cleanup pkg-message (categories s)
2019-08-14 12:16:12 +00:00

128 lines
3.5 KiB
Text
Raw Blame History

[
{ type: install
message: <<EOM
==================
1. Prerequisites
==================
On the system where Keystone will run:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- a httpd service, e.g. apache, in conjunction with mod_wsgi or
mod_proxy_uswgi is required to make Keystone available.
- Please have a look in %%EXAMPLESDIR%%/httpd
for some example configurations.
On the system that will be used to manage the Keystone service:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- create an normal user
- install the OpenStack client (net/py-python-openstackclient)
===================================
2. Configure the Keystone service
===================================
Edit %%PREFIX%%/etc/keystone/keystone.conf .
Database access:
~~~~~~~~~~~~~~~~
In the [database] section, set the location for the database. Please make sure,
that you use an absolute path otherwise Keystone won't work properly.
[database]
# ...
connection = sqlite:////var/lib/keystone/keystone.db
Token provider:
~~~~~~~~~~~~~~~
In the [token] section, configure the Fernet token provider:
[token]
# ...
provider = fernet
===========================================
3. Populate the Identity service database
===========================================
# su -m keystone -c "keystone-manage db_sync"
=======================================
4. Initialize Fernet key repositories
=======================================
The key repositories will be placed by default in:
- %%PREFIX%%/etc/keystone/credential-keys/
- %%PREFIX%%/etc/keystone/fernet-keys/
# keystone-manage fernet_setup --keystone-user keystone \
--keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone \
--keystone-group keystone
===================================
5. Bootstrap the Identity service
===================================
# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://HOSTNAME:35357/v3/ \
--bootstrap-internal-url http://HOSTNAME:5000/v3/ \
--bootstrap-public-url http://HOSTNAME:5000/v3/ \
--bootstrap-region-id RegionOne
=============================
6. Configure the web server
=============================
Refer to the example configuration files in
%%EXAMPLESDIR%%/httpd
=============================
7. Configure the admin user
=============================
Login with the user that should be used for the administrative tasks and set the
environment variables as listed below:
$ export OS_USERNAME=admin
$ export OS_PASSWORD=ADMIN_PASS
$ export OS_PROJECT_NAME=admin
$ export OS_USER_DOMAIN_NAME=Default
$ export OS_PROJECT_DOMAIN_NAME=Default
$ export OS_AUTH_URL=http://HOSTNAME:35357/v3
$ export OS_IDENTITY_API_VERSION=3
===============================================
8. Create a domain, projects, users and roles
===============================================
$ openstack domain create --description "An Example Domain" example
$ openstack project create --domain default \
--description "Service project" service
$ openstack project create --domain default \
--description "Demo Project" demo
$ openstack user create --domain default \
--password-prompt demo
=====================
9. Verify operation
=====================
$ unset OS_AUTH_URL OS_PASSWORD
$ openstack --os-auth-url http://HOSTNAME:35357/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
$ openstack --os-auth-url http://HOSTNAME:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name demo --os-username demo token issue
EOM
}
]
Reference in a new issue View git blame Copy permalink