OpenStack Keystone, as a powerful identity authentication service, provides essential support for cloud computing platforms. Combined with Docker, Keystone can achieve fast environment cloning and deployment, greatly simplifying cloud service management. This article will introduce how to use Docker and Keystone to build an efficient and convenient cloud service environment.

The Role and Importance of Keystone

Keystone is one of the core components of OpenStack, responsible for identity authentication services, including authentication, token generation, service catalog, and policy management. Its multi-tenancy support enables OpenStack projects to achieve resource isolation and management, making it an indispensable part of cloud service deployment.

Quick Deployment of Keystone Using Docker

The emergence of Docker has provided great convenience for application deployment and management. Through Docker containers, we can package applications and their dependencies together to achieve fast migration and consistent deployment. For Keystone, using Docker allows for one-click deployment, greatly simplifying the installation process.


Before getting started, make sure that Docker is installed on your system. Whether using apt-get to install on Ubuntu or yum on CentOS, the installation process for Docker is straightforward:

sudo apt-get install docker # Ubuntu
sudo yum install docker # CentOS

Starting the Keystone Container

You can start the Keystone container with a simple command:

docker run -d -p 5000:5000 -p 35357:35357 tobegit3hub/keystone_docker

The ports 5000 and 35357 inside the container will be mapped to the same ports on the local machine, with 5000 corresponding to the Keystone’s public API port and 35357 corresponding to the admin API port.

Once deployed, you can confirm if the Keystone service is running successfully by accessing the local ports 5000 and 35357.

Keystone Command-Line Tools

Keystone provides a rich set of command-line tools that can be directly used through the Docker container without the need to install the client locally.

Executing Commands Using the Keystone Container

First, enter the Keystone Docker container environment:

docker run -i -t --net=host tobegit3hub/keystone_docker bash

Then, use the Keystone command-line tools for operations. For example, creating a new user (user-create) and listing all users (user-list):

source openrc
keystone user-create --name=admin --pass=ADMIN_PASS
keystone user-list

Accessing Keystone via API

The Keystone API can also be accessed via the command line. For example, using the curl command to obtain an authentication token:

curl -i -H "Content-Type: application/json" -d '
  "auth": {
    "identity": {
      "methods": ["password"],
      "password": {
        "user": {
          "name": "admin",
          "domain": { "id": "default" },
          "password": "ADMIN_PASS"
}' http://localhost:5000/v3/auth/tokens; echo

Optimizing the Use of Keystone

To make full use of OpenStack Keystone, consider the following optimizations:

  • Automation Scripts: Write automation scripts to handle the creation of users and services in batches, improving work efficiency.
  • Container Orchestration: When the deployment scale expands, use Docker Compose or Kubernetes for container orchestration to maintain high availability of services.
  • Security: Regularly update Docker images to patch security vulnerabilities and ensure the use of encrypted connections and strong password policies.