Generating and configuring tokens PKIs

Keystone uses cryptographically signed tokens with a private key and are matched against x509 certificate with public key. Chatper 5, Glance Image Service discusses advanced configurations. In this recipe, we will use keystone-manage pki_setup command to generate PKI key pairs and configure Keystone to use it.

How to do it…

Proceed with the following steps:

Generate PKI keys using the keystone-manage pki_setup command:
```
[root@controller ~]# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
```
Note
In keystone-manage pki_setup, we use Keystone Linux user and group accounts, which were created when openstack-keystone packaged was installed.
Change the ownership of the generated PKI files: ...

Get Production Ready OpenStack - Recipes for Successful Environments now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Production Ready OpenStack - Recipes for Successful Environments by Arthur Berezin

Generating and configuring tokens PKIs

How to do it…

Note

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly