Why keystone service is not running in packstack installation ?

Today, I noticed that my keystone service is not running in default packstack installation.

[root@allinone ~(keystone_admin)]# openstack-status service | grep -i keystone
== Keystone service ==
openstack-keystone:                     inactive  (disabled on boot)

I started searching about it, and found that keystone is moved the Apache HTTPD.

Most important reason which I found is, with simple keystone if you are integrating it with LDAP, you are still sending the UN-encrypted passwords over the wire.

But if you are running keystone inside Apache HTTPD you can take the benefits of all the authentication options of apache while integrating it with LDAP.

Below is the configuration setting in answer.txt file which decide whether you want to run keystone under apache or not. By default it’s apache you can change it to keystone if you want to do that.

# Name of service to use to run the Identity service (keystone,
# httpd).
CONFIG_KEYSTONE_SERVICE_NAME=httpd

With running it under apache all the authentication is happening at the apache level and keystone is only responsible for authorization which is the real task for which keystone is designed.

Advertisements

3 thoughts on “Why keystone service is not running in packstack installation ?

    1. Vikrant Post author

      This is not an issue, by default keystone service run under http in openstack packstack installation which is expected. Are you hitting any other issue ?

      Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s