8 Questions about OpenStack Identity Service (Keystone)

I’m studying for the Mirantis OpenStack Cloud Certification exam.  There’s no official training material for Keystone yet (that I can find), so I’m writing my own questions based on what I’ve read.
OpenStack Identity Services (Keystone) – image from allthingsopen.com


1. How do you create a tenant?
  • keystone tenant-create –name
  1. Where is the primary Keystone configuration file and what is it called?
  • /etc/keystone.conf
  1. Where is the PasteDeploy config file for Keystone and what is it’s name?
  • /etc/keystone-paste.ini
  1. What port does Keystone start a service on, by default?
  • 35357
  1. How do you start Keystone services under Eventlet?
  • keystone-all
  1. How do you initialize a new, empty Keystone database?
  • keystone-manage db_sync
  1. With a SQL backend, how do you remove expired Keystone tokens?
  • keystone-manage token_flush
  1. With a memcache backend, how do you remove expired Keystone tokens?
  • You don’t.  The memcache backend automatically discards expired tokens and so flushing is unnecessary and if attempted will fail with a NotImplemented error.


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s