Ask Your Question

How to add more Keystone instances and deal with PKI infrastructure?

asked 2013-10-22 02:30:49 -0500

Bart van den Heuvel gravatar image

updated 2013-10-25 16:50:13 -0500

smaffulli gravatar image

How do people go about installing additional keystone nodes when it comes to the PKI infrastructure. Do you run keystone-manage pki_setup on each node (also the additional nodes). Or is there some of the SSL infrastructure to re-use?

Running 'keystone-manage pki_setup' on each node seems to work. Is there a better way to do it? Is there any documentation?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2015-04-06 08:11:14 -0500

updated 2015-04-06 08:35:19 -0500

You'll need to copy over the certificates and manually install them in the right location. Then edit the keystone.conf file in the additional nodes to point it to the right cert and key.

# Path of the certfile for token signing. (string value)

# Path of the keyfile for token signing. (string value)

# Path of the CA for token signing. (string value)

# Path of the CA Key for token signing. (string value)

# Key Size (in bits) for token signing cert (auto generated
# certificate). (integer value)

Btw, pki_setup is just for evaluational purposes. In the real world, you'll use a proper TLS cert from a CA or after September 2015,

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2013-10-22 02:30:49 -0500

Seen: 365 times

Last updated: Apr 06 '15