Generating and configuring tokens PKIs

Keystone uses cryptographically signed tokens with a private key and are matched against x509 certificate with public key. Chatper 5, Glance Image Service discusses advanced configurations. In this recipe, we will use keystone-manage pki_setup command to generate PKI key pairs and configure Keystone to use it.

How to do it…

Proceed with the following steps:

  1. Generate PKI keys using the keystone-manage pki_setup command:
    [root@controller ~]# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
    

    Note

    In keystone-manage pki_setup, we use Keystone Linux user and group accounts, which were created when openstack-keystone packaged was installed.

  2. Change the ownership of the generated PKI files: ...

Get Production Ready OpenStack - Recipes for Successful Environments now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.