This repo is used to host a bunldle to create a docker container (based on Python 2.7.12) running Keystone.

Keystone is an OpenStack service that provides API client authentication, service discovery, and distributed multi-tenant authorization by implementing OpenStack’s Identity API.

• Running Keystone with http (default) or https (by passing -e TLS_ENABLED=true, see more in Environment Variables Explanations) enabled;
• Uses the Apache Web Server with mod_wsgi to serve Identity service requests on port 5000 and 35357;
• Supports remote mysql database;
• Utilizes Memcached to store tokens, reducing the burden of MySQL database;
• Customizes/Builds your own Keystone docker image by editing the value of KEYSTONE_VERSION in Dockerfile;

• just pull it from Dockerhub

  $ docker pull stephenhsu/keystone

• Build your own Keystone version using Dockerfile

  You can find more Keystone release version.

  $ git clone https://github.com/dixudx/keystone-docker
  $ cd keystone-docker
  $ # edit the value of KEYSTONE_VERSION to your favorite Keystone
  $ # release version
  $ vim Dockerfile
  $ docker build -t keystone:your_version ./

  WARNING: Pay attention to the dependencies. You may need to specify dependency versions explicitly.

Just run

$ docker run -d -p 5000:5000 -p 35357:35357 --name my_keystone stephenhsu/keystone

Now you can access http://localhost:5000 and http://localhost:35357.

After the container is up,

$ docker exec -it my_keystone bash
$ # Inside the container
root@26bd2b8a8a60 /root # source openrc
root@26bd2b8a8a60 /root # openstack user list
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 609170cf45f64de68c4815c1f6e337b2 | admin |
+----------------------------------+-------+

Note: You can also copy the /root/openrc to your other servers. After replacing OS_AUTH_URL to the corresponding url, you can access the keystone service from other servers after sourcing it.

If you've enabled TLS_ENABLED (with -e TLS_ENABLED=true), below environment variables have to be noticed. You can just ignore them if you don't want to make any further customizations.

Note: Be aware of CN (the default value is $hostname). You'd better not change it to other value.

$ docker run -d -p 5000:5000 -p 35357:35357 -e TLS_ENABLED=true \
    -h mykeystone.com --name my_keystone_tls stephenhsu/keystone

$ docker run -d -p 5000:5000 -p 35357:35357 -e KEYSTONE_DB_HOST=192.168.100.202 \
    -e KEYSTONE_DB_ROOT_PASSWD_IF_REMOTED=your_password \
    -h mykeystone.com --name my_keystone_db stephenhsu/keystone

$ mkdir -p ./apache/
$ docker run -d -p 5000:5000 -p 35357:35357 -v `pwd`/apache/:/etc/apache2 \
    -h mykeystone.com --name my_keystone_ca stephenhsu/keystone

$ git clone https://github.com/dixudx/keystone-docker.git
$ cd keystone-docker
# then modify all related configurations in folder ./etc
# especially ./etc/keystone.conf
$ docker run -d -p 5000:5000 -p 35357:35357 -v `pwd`/etc/:/etc/keystone/ \
    -h mykeystone.com --name my_keystone_ca stephenhsu/keystone

You can copy /root/openrc in your container to your host server, and replace OS_CACERT to this $pwd/apache/ssl/apache.crt (replace $pwd with your real directory path). So that you access the keystone services using openstack python client ( pip install python-openstackclient ) from outer of the the container.

Note: On your host server, you may also need to add mykeystone.com to /etc/hosts.

• Keystone, the OpenStack Identity Service
• Installing Keystone