How hard is it to get Keystone working on FreeBSD?

image

This post originally appeared on the Aptira Blog. Sina is the Director of Cloud Operations at Aptira. You should follow him on Twitter.

Late last night I was caught with a flash of inspiration and wondered to myself how hard it would be to get OpenStack working on FreeBSD if Oracle could do it with OpenSolaris.

Over the coming months (whenever I get some free time) I’m going to try and see how far I can proceed in running the various OpenStack services on FreeBSD. I imagine most of the “control plane” components will be relatively painless to get going and I might even have a go at writing a nova-compute driver for FreeBSD Jails based on the OpenSolaris Zones work or perhaps the nova-docker or LXC drivers and see if something similar can be done for OpenStack Networking (or nova-network if necessary).

But for today let’s start at the easy end of the scale and see what it takes to get the OpenStack Identity (Keystone) service running on FreeBSD!

First up I will add a FreeBSD10 VirtualBox box to vagrant (I tried a few on vagrantcloud.com and this seemed the best one). If you’re not familiar with Vagrant I definitely recommend checking out the documentation as it’s a great tool :

$ vagrant box add hfm4/freebsd-10.0

and produce a simple Vagrantfile for it:

VAGRANTFILE_API_VERSION = "2"

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 config.vm.define "bsdstack" do |bsdstack|
    bsdstack.vm.box = "hfm4/freebsd-10.0"
    bsdstack.vm.hostname = "bsdstack.testbed.aptira.com"
    bsdstack.vm.provider "virtualbox" do |v|
     v.customize ['modifyvm', :id ,'--memory','2048']
    end
 end
end

After a quick

$ vagrant up

to bring up my FreeBSD10 virtual machine and then

$ vagrant ssh
$ sudo -i

to log in to it and switch to root, my testbed environment is ready!

Now before we continue any further I will stress that what I’m implementing here is a proof of concept, so security is not really a consideration and you should keep that in mind if you ever decided to attempt this yourself on any internet connected server.

Installing the python, git and wget packages:

# pkg install python git wget

Installing pypi pip:

# wget https://bootstrap.pypa.io/get-pip.py
# python get-pip.py

Installing libxslt:

# pkg install libxslt

I generally use MariaDB for my backend these days, so let’s install and start that too, create a database called keystone, then we can get into the configuration steps:

# pkg install mariadb55-server mariadb55-client
# echo mysql_enable="YES" >> /etc/rc.conf
# service mysql-server start
# mysql -u root -e "CREATE DATABASE keystone;"

Clone the keystone git repository and install it with setup.py:

# git clone https://github.com/openstack/keystone.git
# cd keystone/
# python setup.py install

We will also need a couple of PyPI packages not installed by the above process:

# pip install pbr
# pip install MySQL-python

and with those simple steps, keystone is installed and ready to use! That was pretty painless!

The next step is to copy the sample keystone config to /etc/keystone, rename and configure (these commands assume being run from inside the cloned git repository):

# cp -r etc/ /etc/keystone
# cd /etc/keystone
# mv keystone.conf.sample keystone.conf
# mv logging.conf.sample logging.conf

Edit the keystone.conf file with your favorite editor, the following changes in the appropriate sections are all that’s really required:

admin_token=ADMIN
connection=mysql://root@localhost/keystone
provider=keystone.token.providers.uuid.Provider

Now we can do a database sync and start keystone:

# /usr/local/bin/keystone-manage db_sync
# /usr/local/bin/keystone-all &

If we have done everything correctly we should be able to authenticate against the service endpoint of keystone with the admin token and make a call to verify it worked (note there will be no output, just a blank line).

# /usr/local/bin/keystone --os-token ADMIN --os-endpoint http://localhost:35357/v2.0/ user-list

Next, let’s set up an admin tenant/user, an admin role, service and endpoints:

# /usr/local/bin/keystone --os-token ADMIN --os-endpoint http://localhost:35357/v2.0/ tenant-create --name=admin
# /usr/local/bin/keystone --os-token ADMIN --os-endpoint http://localhost:35357/v2.0/ user-create --name=admin --tenant=admin
# /usr/local/bin/keystone --os-token ADMIN --os-endpoint http://localhost:35357/v2.0/ user-password-update --pass=test123 admin
# /usr/local/bin/keystone --os-token ADMIN --os-endpoint http://localhost:35357/v2.0/ role-create --name=admin
# /usr/local/bin/keystone --os-token ADMIN --os-endpoint http://localhost:35357/v2.0/ user-role-add --user=admin --tenant=admin --role=admin
# /usr/local/bin/keystone --os-token ADMIN --os-endpoint http://localhost:35357/v2.0/ service-create --name=identity --type=identity
# /usr/local/bin/keystone --os-token ADMIN --os-endpoint http://localhost:35357/v2.0/ endpoint-create --service=identity --publicurl=http://localhost:5000/v2.0 --internalurl=http://localhost:5000/v2.0 --adminurl=http://localhost:35357/v2.0

Once that is done we can test the new user we created and see whether everything is working:

# /usr/local/bin/keystone --os-tenant-name admin --os-username admin --os-password test123 --os-auth-url http://localhost:5000/v2.0 user-list
# /usr/local/bin/keystone --os-tenant-name admin --os-username admin --os-password test123 --os-auth-url http://localhost:5000/v2.0 tenant-list
# /usr/local/bin/keystone --os-tenant-name admin --os-username admin --os-password test123 --os-auth-url http://localhost:5000/v2.0 user-role-list --user=admin --tenant=admin
# /usr/local/bin/keystone --os-tenant-name admin --os-username admin --os-password test123 --os-auth-url http://localhost:5000/v2.0 endpoint-list
# /usr/local/bin/keystone --os-tenant-name admin --os-username admin --os-password test123 --os-auth-url http://localhost:5000/v2.0 service-list

and there we go! OpenStack Identity running on FreeBSD!

Join us next time when we will try and setup the OpenStack Image (Glance) service on FreeBSD.

Image credit: ahockley