Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Why Keystone uses PKI tokens Error

[database]
connection = mysql://keystone:kxxxxx@controller/keystone



MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.16 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \ 
    ->   IDENTIFIED BY 'kxxxxx';
Query OK, 0 rows affected (0.16 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
    ->   IDENTIFIED BY 'kxxxxx';
Query OK, 0 rows affected (0.01 sec)



controller:~ # echo $ADMIN_TOKEN
7da8b62713ec9296eb38
controller:~ # openstack-config --set /etc/keystone/keystone.conf DEFAULT \
> >    admin_token $ADMIN_TOKEN
controller:~ #  ADMIN_TOKEN=$(openssl rand 10|hexdump  -e '1/1 "%.2x"')
controller:~ #  keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
2015-08-18 10:32:37.142 2913 WARNING keystone.cli [-] keystone-manage pki_setup is not recommended for production use.
The following cert files already exist, use --rebuild to remove the existing files before regenerating:
/etc/keystone/ssl/private/cakey.pem already exists
/etc/keystone/ssl/certs/ca.pem already exists
/etc/keystone/ssl/private/signing_key.pem already exists
/etc/keystone/ssl/certs/signing_cert.pem already exists