Keystone Snap

This repository contains the source code of the snap for the OpenStack Identity service, Keystone.

Installing this snap

The keystone snap can be installed directly from the snap store:

sudo snap install [--edge] keystone

Configuring Keystone

Snaps run in an AppArmor and seccomp confined profile, so don't read configuration from /etc/keystone on the hosting operating system install.

This snap supports configuration via the $SNAP_COMMON writable area for the snap:

etc
├── keystone
│   ├── keystone.conf
└── keystone.conf.d
    ├── database.conf
    ├── keystone-snap.conf
    └── keystone.conf

The keystone applications can be configured in a few ways.

Firstly the WSGI daemon will detect and read etc/keystone/keystone.conf if it exists so you can just place all configuration in the file for each daemon.

Alternatively the WSGI daemon will load all configuration files from etc/keystone.conf.d - in the above example, database and keystone authtoken configuration is shared across both daemons using configuration snippets in separate files in etc/keystone.conf.d.

For reference, $SNAP_COMMON is typically located under /var/snap/keystone/common.

Managing Keystone

Currently all snap binaries must be run as root; for example, to run the keystone-manage binary use:

sudo keystone.manage

Restarting Keystone services

To restart all keystone services:

sudo systemctl restart snap.keystone.*

or use the individual service:

sudo systemctl restart snap.keystone.api

Building the Keystone snap

Simply clone this repository and then install and run snapcraft:

git clone https://github.com/openstack-snaps/snap-keystone
sudo apt install snapcraft
cd keystone
snapcraft

Support

Please report any bugs related to this snap on Launchpad.

Alternatively you can find the OpenStack Snap team in #openstack-snaps on Freenode IRC.