{"id":36721,"date":"2025-01-20T12:50:16","date_gmt":"2025-01-20T11:50:16","guid":{"rendered":"https:\/\/www.dbi-services.com\/blog\/?p=36721"},"modified":"2025-01-21T15:17:11","modified_gmt":"2025-01-21T14:17:11","slug":"creating-your-private-cloud-using-openstack-3-keystone-the-identity-service","status":"publish","type":"post","link":"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\/","title":{"rendered":"Creating your private cloud using OpenStack &#8211; (3) &#8211; Keystone, the Identity Service"},"content":{"rendered":"\n<p>By the end of the <a href=\"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-2-preparing-the-nodes\/\" target=\"_blank\" rel=\"noreferrer noopener\">last post<\/a>, we finished with preparing the controller and compute node for being ready to deploy the first OpenStack service: Keystone, the Identity Service. Before we dive into the details lets quickly talk about why we need such a service. In an OpenStack setup there needs to be some form of authentication and service discovery. This is the task of Keystone, and Keystone exposes an API to deal with this.<\/p>\n\n\n\n<p>Keystone is not a single service but a combination of multiple internal services which expose endpoints:<\/p>\n\n\n\n<p><strong>Identity service:<\/strong> Provides authentication credentials for users and groups<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Users: Represent an individual API consumer (those are not globally unique, only in their domain)<\/li>\n\n\n\n<li>Groups: A collection of users<\/li>\n\n\n\n<li>Domains: A container for users, projects and groups<\/li>\n<\/ul>\n\n\n\n<p><strong>Assignment Service<\/strong>: Provides data about roles and role assignments<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Roles: The level of authorization the end user can obtain<\/li>\n\n\n\n<li>Role Assignments: A 3-tuple that has a Role, a Resource and an Identity<\/li>\n<\/ul>\n\n\n\n<p><strong>Token Service<\/strong>: Validates and manages tokens used for authenticating requests<\/p>\n\n\n\n<p><strong>Catalog Service<\/strong>: Provides an endpoint registry used for endpoint discovery<\/p>\n\n\n\n<p>To visualize this, it looks like this:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"983\" height=\"612\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack5-1.png\" alt=\"\" class=\"wp-image-36726\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack5-1.png 983w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack5-1-300x187.png 300w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack5-1-768x478.png 768w\" sizes=\"auto, (max-width: 983px) 100vw, 983px\" \/><\/figure>\n\n\n\n<p>Now, that we have an overview of Keystone, let&#8217;s start with setting up the service. But before Keystone can be setup, we need a <a href=\"https:\/\/en.wikipedia.org\/wiki\/Message_queue\" target=\"_blank\" rel=\"noreferrer noopener\">message queue<\/a>. The message queue is used by OpenStack to coordinate operations and status information among services. This service is typically installed on the controller node and we&#8217;ll use <a href=\"https:\/\/www.rabbitmq.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">RabbitMQ<\/a> for this. The steps to do that are quite simple:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [1,2,3,4,5]; title: ; notranslate\" title=\"\">\n&#x5B;root@controller ~]$ dnf install rabbitmq-server -y\n&#x5B;root@controller ~]$ systemctl enable rabbitmq-server.service\n&#x5B;root@controller ~]$ systemctl start rabbitmq-server.service\n&#x5B;root@controller ~]$ rabbitmqctl add_user openstack admin\n&#x5B;root@controller ~]$ rabbitmqctl set_permissions openstack &quot;.*&quot; &quot;.*&quot; &quot;.*&quot;\n<\/pre><\/div>\n\n\n<p>The second last line creates the &#8220;openstack&#8221; user with the password &#8220;admin&#8221;, and the last line grants all permissions for the &#8220;openstack&#8221; user for the vhost &#8220;\/&#8221;:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\n     set_permissions &#x5B;-p vhost] user conf write read\n\n             vhost   The name of the virtual host to which to grant the user access, de\u2010\n                     faulting to &quot;\/&quot;.\n\n             user    The name of the user to grant access to the specified virtual host.\n\n             conf    A regular expression matching resource names for which the user is\n                     granted configure permissions.\n\n             write   A regular expression matching resource names for which the user is\n                     granted write permissions.\n\n             read    A regular expression matching resource names for which the user is\n                     granted read permissions.\n<\/pre><\/div>\n\n\n<p>What we need as well is something to cache the authentication tokens, and this is <a href=\"https:\/\/memcached.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Memcached<\/a>:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [1,2,4,5]; title: ; notranslate\" title=\"\">\n&#x5B;root@controller ~]$ dnf install memcached python3-memcached -y\n&#x5B;root@controller ~]$ grep -i options \/etc\/sysconfig\/memcached\nOPTIONS=&quot;-l 192.168.122.90,::1&quot;\n&#x5B;root@controller ~]$ systemctl enable memcached\n&#x5B;root@controller ~]$ systemctl start memcached\n<\/pre><\/div>\n\n\n<p>You need to make Memcached to listen externally, that&#8217;s why the &#8220;OPTIONS&#8221; parameter needs to be adjusted. On top of that we need a distributed configuration store, as OpenStack uses that for distributed key locking, storing configuration, keeping track of service live-ness and other scenarios. For that purpose <a href=\"https:\/\/etcd.io\/\" target=\"_blank\" rel=\"noreferrer noopener\">etcd<\/a> is used (in a production setup this would also be setup as a cluster, to make it highly available. Here, we just use one service on the controller node):<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [1,2,16,35,36]; title: ; notranslate\" title=\"\">\n&#x5B;root@controller ~]$ dnf install etcd -y\n&#x5B;root@controller ~]$ cat \/etc\/etcd\/etcd.conf\nname: controller\ndata-dir: \/var\/lib\/etcd\/default.etcd\nmax-wals: 2\nauto-compaction-retention: 5m\nauto-compaction-mode: revision\ninitial-advertise-peer-urls: http:\/\/192.168.122.90:2380\nlisten-peer-urls: http:\/\/192.168.122.90:2380\nlisten-client-urls: http:\/\/192.168.122.90:2379,http:\/\/localhost:2379\nadvertise-client-urls: http:\/\/192.168.122.90:2379\ninitial-cluster: controller=http:\/\/192.168.122.90:2380\ninitial-cluster-token: etcd-cluster-01\ninitial-cluster-state: new\n\n&#x5B;root@controller ~]$ cat \/etc\/systemd\/system\/etcd.service\n&#x5B;Unit]\nDescription=dbi services etcd service\nAfter=network.target\nAfter=network-online.target\nWants=network-online.target\n\n&#x5B;Service]\nUser=etcd\nType=notify\nWorkingDirectory=\/var\/lib\/etcd\/\nExecStart=\/usr\/bin\/etcd --config-file \/etc\/etcd\/etcd.conf\nRestart=always\nRestartSec=10s\nLimitNOFILE=40000\n\n&#x5B;Install]\nWantedBy=multi-user.target\n\n&#x5B;root@controller ~]$ systemctl enable etcd\n&#x5B;root@controller ~]$ systemctl start etcd\n<\/pre><\/div>\n\n\n<p>This makes our current setup look like this:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"417\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack6-1024x417.png\" alt=\"\" class=\"wp-image-36744\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack6-1024x417.png 1024w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack6-300x122.png 300w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack6-768x313.png 768w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack6.png 1238w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Quite a few services already, and we do not even have an OpenStack service running yet.<\/p>\n\n\n\n<p>Keystone is one of the components which needs the database as a backend to store it&#8217;s configuration, so we need to create a user and a database:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [1,3]; title: ; notranslate\" title=\"\">\n&#x5B;root@controller ~]$ su - postgres -c &quot;psql -c \\&quot;create user keystone with login password &#039;admin&#039;\\&quot;&quot;\nCREATE ROLE\n&#x5B;root@controller ~]$ su - postgres -c &quot;psql -c &#039;create database keystone with owner=keystone&#039;&quot;\nCREATE DATABASE\n<\/pre><\/div>\n\n\n<p>Now we&#8217;re ready to install the OpenStack client, the http server, and the Python driver for the PostgreSQL backend:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [1]; title: ; notranslate\" title=\"\">\n&#x5B;root@controller ~]$ dnf install openstack-keystone httpd python3-mod_wsgi python3-psycopg2\n<\/pre><\/div>\n\n\n<p>The configuration for Keystone is quite simple for this demo setup (basically the connection to the database to use and the token provider):<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [1]; title: ; notranslate\" title=\"\">\n&#x5B;root@ostack-controller ~]$ egrep &quot;\\@localhost|provider = fernet|backend =&quot; \/etc\/keystone\/keystone.conf | egrep -v &quot;^#&quot;\nbackend = postgresql\nconnection = postgresql+psycopg2:\/\/keystone:admin@localhost\/keystone\nprovider = fernet\n<\/pre><\/div>\n\n\n<p>If configured correctly, the database can be populated:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [1]; title: ; notranslate\" title=\"\">\n&#x5B;root@controller ~]$ \/bin\/sh -c &quot;keystone-manage db_sync&quot; keystone\n2025-01-20 12:17:45.497 24424 INFO alembic.runtime.migration &#x5B;-] Context impl PostgresqlImpl.\n2025-01-20 12:17:45.498 24424 INFO alembic.runtime.migration &#x5B;-] Will assume transactional DDL.\n2025-01-20 12:17:45.524 24424 INFO alembic.runtime.migration &#x5B;-] Running upgrade  -&gt; 27e647c0fad4, Initial version.\n2025-01-20 12:17:45.905 24424 INFO alembic.runtime.migration &#x5B;-] Running upgrade 27e647c0fad4 -&gt; 29e87d24a316, Initial no-op Yoga expand migration.\n2025-01-20 12:17:45.906 24424 INFO alembic.runtime.migration &#x5B;-] Running upgrade 29e87d24a316 -&gt; b4f8b3f584e0, Fix incorrect constraints.\n2025-01-20 12:17:45.910 24424 INFO alembic.runtime.migration &#x5B;-] Running upgrade b4f8b3f584e0 -&gt; 11c3b243b4cb, Remove service_provider.relay_state_prefix server default.\n2025-01-20 12:17:45.910 24424 INFO alembic.runtime.migration &#x5B;-] Running upgrade 11c3b243b4cb -&gt; 47147121, Add Identity Federation attribute mapping schema version.\n2025-01-20 12:17:45.911 24424 INFO alembic.runtime.migration &#x5B;-] Running upgrade 27e647c0fad4 -&gt; e25ffa003242, Initial no-op Yoga contract migration.\n2025-01-20 12:17:45.912 24424 INFO alembic.runtime.migration &#x5B;-] Running upgrade e25ffa003242 -&gt; 99de3849d860, Fix incorrect constraints.\n<\/pre><\/div>\n\n\n<p>Initialize the Fernet key repositories:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [1,12]; title: ; notranslate\" title=\"\">\n&#x5B;root@controller ~]$ keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone\n2025-01-20 12:19:38.571 24512 INFO keystone.common.utils &#x5B;-] \/etc\/keystone\/fernet-keys\/ does not appear to exist; attempting to create it\n2025-01-20 12:19:38.571 24512 INFO keystone.common.fernet_utils &#x5B;-] Created a new temporary key: \/etc\/keystone\/fernet-keys\/0.tmp\n2025-01-20 12:19:38.571 24512 INFO keystone.common.fernet_utils &#x5B;-] Become a valid new key: \/etc\/keystone\/fernet-keys\/0\n2025-01-20 12:19:38.571 24512 INFO keystone.common.fernet_utils &#x5B;-] Starting key rotation with 1 key files: &#x5B;&#039;\/etc\/keystone\/fernet-keys\/0&#039;]\n2025-01-20 12:19:38.571 24512 INFO keystone.common.fernet_utils &#x5B;-] Created a new temporary key: \/etc\/keystone\/fernet-keys\/0.tmp\n2025-01-20 12:19:38.571 24512 INFO keystone.common.fernet_utils &#x5B;-] Current primary key is: 0\n2025-01-20 12:19:38.572 24512 INFO keystone.common.fernet_utils &#x5B;-] Next primary key will be: 1\n2025-01-20 12:19:38.572 24512 INFO keystone.common.fernet_utils &#x5B;-] Promoted key 0 to be the primary: 1\n2025-01-20 12:19:38.572 24512 INFO keystone.common.fernet_utils &#x5B;-] Become a valid new key: \/etc\/keystone\/fernet-keys\/0\n\n&#x5B;root@controller ~]$ keystone-manage credential_setup --keystone-user keystone --keystone-group keystone\n2025-01-20 12:20:37.554 24557 INFO keystone.common.utils &#x5B;-] \/etc\/keystone\/credential-keys\/ does not appear to exist; attempting to create it\n2025-01-20 12:20:37.554 24557 INFO keystone.common.fernet_utils &#x5B;-] Created a new temporary key: \/etc\/keystone\/credential-keys\/0.tmp\n2025-01-20 12:20:37.554 24557 INFO keystone.common.fernet_utils &#x5B;-] Become a valid new key: \/etc\/keystone\/credential-keys\/0\n2025-01-20 12:20:37.554 24557 INFO keystone.common.fernet_utils &#x5B;-] Starting key rotation with 1 key files: &#x5B;&#039;\/etc\/keystone\/credential-keys\/0&#039;]\n2025-01-20 12:20:37.554 24557 INFO keystone.common.fernet_utils &#x5B;-] Created a new temporary key: \/etc\/keystone\/credential-keys\/0.tmp\n2025-01-20 12:20:37.554 24557 INFO keystone.common.fernet_utils &#x5B;-] Current primary key is: 0\n2025-01-20 12:20:37.554 24557 INFO keystone.common.fernet_utils &#x5B;-] Next primary key will be: 1\n2025-01-20 12:20:37.555 24557 INFO keystone.common.fernet_utils &#x5B;-] Promoted key 0 to be the primary: 1\n2025-01-20 12:20:37.555 24557 INFO keystone.common.fernet_utils &#x5B;-] Become a valid new key: \/etc\/keystone\/credential-keys\/0\n<\/pre><\/div>\n\n\n<p>Bootstrap the identity service:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [1,2,3,4,5]; title: ; notranslate\" title=\"\">\n&#x5B;root@controller ~]$ keystone-manage bootstrap --bootstrap-password admin \\\n  --bootstrap-admin-url http:\/\/controller:5000\/v3\/ \\\n  --bootstrap-internal-url http:\/\/controller:5000\/v3\/ \\\n  --bootstrap-public-url http:\/\/controller:5000\/v3\/ \\\n  --bootstrap-region-id RegionOne\n\n2025-01-20 12:22:04.344 24637 INFO keystone.cmd.bootstrap &#x5B;None req-26262c3e-e5c4-426f-9c5d-28c6fff534af - - - - - -] Created domain default\n2025-01-20 12:22:04.362 24637 INFO keystone.cmd.bootstrap &#x5B;None req-26262c3e-e5c4-426f-9c5d-28c6fff534af - - - - - -] Created project admin\n2025-01-20 12:22:04.372 24637 WARNING keystone.common.password_hashing &#x5B;None req-26262c3e-e5c4-426f-9c5d-28c6fff534af - - - - - -] Truncating password to algorithm specific maximum length 72 characters.: keystone.exception.UserNotFound: Could not find user: admin.\n2025-01-20 12:22:04.557 24637 INFO keystone.cmd.bootstrap &#x5B;None req-26262c3e-e5c4-426f-9c5d-28c6fff534af - - - - - -] Created user admin\n2025-01-20 12:22:04.562 24637 INFO keystone.cmd.bootstrap &#x5B;None req-26262c3e-e5c4-426f-9c5d-28c6fff534af - - - - - -] Created role reader\n2025-01-20 12:22:04.565 24637 INFO keystone.cmd.bootstrap &#x5B;None req-26262c3e-e5c4-426f-9c5d-28c6fff534af - - - - - -] Created role member\n2025-01-20 12:22:04.573 24637 INFO keystone.cmd.bootstrap &#x5B;None req-26262c3e-e5c4-426f-9c5d-28c6fff534af - - - - - -] Created implied role where 07a25a2a31414277b7ca44513762d417 implies 7440218252584bcc9218dfdb35b26edf\n2025-01-20 12:22:04.577 24637 INFO keystone.cmd.bootstrap &#x5B;None req-26262c3e-e5c4-426f-9c5d-28c6fff534af - - - - - -] Created role manager\n2025-01-20 12:22:04.583 24637 INFO keystone.cmd.bootstrap &#x5B;None req-26262c3e-e5c4-426f-9c5d-28c6fff534af - - - - - -] Created implied role where 8095ebea194a4a4a80b1bffb5a75449e implies 07a25a2a31414277b7ca44513762d417\n2025-01-20 12:22:04.586 24637 INFO keystone.cmd.bootstrap &#x5B;None req-26262c3e-e5c4-426f-9c5d-28c6fff534af - - - - - -] Created role admin\n2025-01-20 12:22:04.590 24637 INFO keystone.cmd.bootstrap &#x5B;None req-26262c3e-e5c4-426f-9c5d-28c6fff534af - - - - - -] Created implied role where 778315a577de45ccbbbf9ed553ccd525 implies 8095ebea194a4a4a80b1bffb5a75449e\n2025-01-20 12:22:04.594 24637 INFO keystone.cmd.bootstrap &#x5B;None req-26262c3e-e5c4-426f-9c5d-28c6fff534af - - - - - -] Created role service\n2025-01-20 12:22:04.606 24637 INFO keystone.cmd.bootstrap &#x5B;None req-26262c3e-e5c4-426f-9c5d-28c6fff534af - - - - - -] Granted role admin on project admin to user admin.\n2025-01-20 12:22:04.612 24637 INFO keystone.cmd.bootstrap &#x5B;None req-26262c3e-e5c4-426f-9c5d-28c6fff534af - - - - - -] Granted role admin on the system to user admin.\n2025-01-20 12:22:04.617 24637 WARNING py.warnings &#x5B;None req-26262c3e-e5c4-426f-9c5d-28c6fff534af - - - - - -] \/usr\/lib\/python3.9\/site-packages\/pycadf\/identifier.py:71: UserWarning: Invalid uuid: RegionOne. To ensure interoperability, identifiers should be a valid uuid.\n  warnings.warn((&#039;Invalid uuid: %s. To ensure interoperability, &#039;\n2025-01-20 12:22:04.619 24637 INFO keystone.cmd.bootstrap &#x5B;None req-26262c3e-e5c4-426f-9c5d-28c6fff534af - - - - - -] Created region RegionOne\n2025-01-20 12:22:04.635 24637 INFO keystone.cmd.bootstrap &#x5B;None req-26262c3e-e5c4-426f-9c5d-28c6fff534af - - - - - -] Created public endpoint http:\/\/controller:5000\/v3\/\n2025-01-20 12:22:04.642 24637 INFO keystone.cmd.bootstrap &#x5B;None req-26262c3e-e5c4-426f-9c5d-28c6fff534af - - - - - -] Created internal endpoint http:\/\/controller:5000\/v3\/\n2025-01-20 12:22:04.647 24637 INFO keystone.cmd.bootstrap &#x5B;None req-26262c3e-e5c4-426f-9c5d-28c6fff534af - - - - - -] Created admin endpoint http:\/\/controller:5000\/v3\/\n<\/pre><\/div>\n\n\n<p>Configure, enable, and start the Apache web server:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [1,5,6,7]; title: ; notranslate\" title=\"\">\n&#x5B;root@controller ~]$ grep ServerName \/etc\/httpd\/conf\/httpd.conf\n# ServerName gives the name and port that the server uses to identify itself.\nServerName contoller:80\n\n&#x5B;root@controller ~]$ ln -s \/usr\/share\/keystone\/wsgi-keystone.conf \/etc\/httpd\/conf.d\/\n&#x5B;root@controller ~]$ systemctl enable httpd.service\n&#x5B;root@controller ~]$ systemctl start httpd.service\n<\/pre><\/div>\n\n\n<p>This is the time to check if we can really obtain an authentication token (using the password &#8220;admin&#8221; we&#8217;ve given above):<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [1,2,3]; title: ; notranslate\" title=\"\">\n&#x5B;root@controller ~]$ openstack --os-auth-url http:\/\/controller:5000\/v3 \\\n  --os-project-domain-name Default --os-user-domain-name Default \\\n  --os-project-name admin --os-username admin token issue\n\nPassword: \n+------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n| Field      | Value                                                                                                                                                             |\n+------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n| expires    | 2025-01-20T12:27:21+0000                                                                                                                                          |\n| id         | gAAAAABnjjMZGHCbtGpg6vGrPfc69LKUTljP7rnfZycu9CmUC-qQftBo_r2jhKBo5GoYenm7-yLCE2eAtondTKCxa0FfA0hzxPCzUFS89wSptyHTI-OR-                                             |\n|            | ayeldbMYrubT0G7snPAcgqhkx38Km3m_64tPGXtiAvtDvBAj7NoLmPQPf39mqDUJ3o                                                                                                |\n| project_id | 920bf34a6c88454f90d405124ca1076d                                                                                                                                  |\n| user_id    | 3d6998879b6c4fdd91ba4b6ec00b7157                                                                                                                                  |\n+------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n<\/pre><\/div>\n\n\n<p>All fine, this works as expected. <\/p>\n\n\n\n<p>It is recommended to create a small environment script, which is setting the environment for us:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [1,2,3,4,5,6,7,8]; title: ; notranslate\" title=\"\">\n&#x5B;root@controller ~]$ echo &quot;export OS_PROJECT_DOMAIN_NAME=Default\nexport OS_USER_DOMAIN_NAME=Default\nexport OS_PROJECT_NAME=admin\nexport OS_USERNAME=admin\nexport OS_PASSWORD=admin\nexport OS_AUTH_URL=http:\/\/controller:5000\/v3\nexport OS_IDENTITY_API_VERSION=3\nexport OS_IMAGE_API_VERSION=2&quot; &gt; ~\/admin-openrc\n<\/pre><\/div>\n\n\n<p>Sourcing that and asking for another token should not anymore ask for a password:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n&#x5B;root@controller ~]$ . admin-openrc\n&#x5B;root@controller ~]$ openstack token issue\n+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n| Field      | Value                                                                                                                                                             |\n+------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n| expires    | 2025-01-20T12:31:10+0000                                                                                                                                          |\n| id         | gAAAAABnjjP-sTJYCN3CE-6kA1AGOmfI8yPTeNCTKkyYj4c4pXqmCbF4FPO_-Snhw1NSN2CKi9WDGrTZtQQ2O4f_PsgZngNgvnza4-AHcj2ku4lUCt-A-                                             |\n|            | nbBQCK_oP2f0FT5wDVUYZ3oVRLQPccbfdwHXf8C2MTMDaSmoQbXHZlItkQ_CkrS5_4                                                                                                |\n| project_id | 920bf34a6c88454f90d405124ca1076d                                                                                                                                  |\n| user_id    | 3d6998879b6c4fdd91ba4b6ec00b7157                                                                                                                                  |\n+------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+\n<\/pre><\/div>\n\n\n<p>That was quite some stuff to follow for getting the first OpenStack service up and running. This leaves us with the following setup:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"416\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack7-1024x416.png\" alt=\"\" class=\"wp-image-36753\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack7-1024x416.png 1024w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack7-300x122.png 300w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack7-768x312.png 768w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack7.png 1298w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>As you can see we already have 6 components on the controller node:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The PostgreSQL instance<\/li>\n\n\n\n<li>RabbitMQ<\/li>\n\n\n\n<li>MemcacheD<\/li>\n\n\n\n<li>etcd<\/li>\n\n\n\n<li>The Apache web server<\/li>\n\n\n\n<li>Kestone (served by Apache)<\/li>\n<\/ul>\n\n\n\n<p><a href=\"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-4-the-image-and-placement-services\/\" target=\"_blank\" rel=\"noreferrer noopener\">In the next post we&#8217;ll setup the Image (Glance) and the Placement service.<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>By the end of the last post, we finished with preparing the controller and compute node for being ready to deploy the first OpenStack service: Keystone, the Identity Service. Before we dive into the details lets quickly talk about why we need such a service. In an OpenStack setup there needs to be some form [&hellip;]<\/p>\n","protected":false},"author":29,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[955,1320,83],"tags":[135,73,957,77],"type_dbi":[],"class_list":["post-36721","post","type-post","status-publish","format-standard","hentry","category-cloud","category-devops","category-postgresql","tag-cloud","tag-linux","tag-openstack","tag-postgresql"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.4) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Creating your private cloud using OpenStack - (3) - Keystone, the Identity Service - dbi Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Creating your private cloud using OpenStack - (3) - Keystone, the Identity Service\" \/>\n<meta property=\"og:description\" content=\"By the end of the last post, we finished with preparing the controller and compute node for being ready to deploy the first OpenStack service: Keystone, the Identity Service. Before we dive into the details lets quickly talk about why we need such a service. In an OpenStack setup there needs to be some form [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2025-01-20T11:50:16+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-01-21T14:17:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack5-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"983\" \/>\n\t<meta property=\"og:image:height\" content=\"612\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Daniel Westermann\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@westermanndanie\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Daniel Westermann\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\\\/\"},\"author\":{\"name\":\"Daniel Westermann\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/8d08e9bd996a89bd75c0286cbabf3c66\"},\"headline\":\"Creating your private cloud using OpenStack &#8211; (3) &#8211; Keystone, the Identity Service\",\"datePublished\":\"2025-01-20T11:50:16+00:00\",\"dateModified\":\"2025-01-21T14:17:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\\\/\"},\"wordCount\":627,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2025\\\/01\\\/ostack5-1.png\",\"keywords\":[\"Cloud\",\"Linux\",\"openstack\",\"PostgreSQL\"],\"articleSection\":[\"Cloud\",\"DevOps\",\"PostgreSQL\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\\\/\",\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\\\/\",\"name\":\"Creating your private cloud using OpenStack - (3) - Keystone, the Identity Service - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2025\\\/01\\\/ostack5-1.png\",\"datePublished\":\"2025-01-20T11:50:16+00:00\",\"dateModified\":\"2025-01-21T14:17:11+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/8d08e9bd996a89bd75c0286cbabf3c66\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2025\\\/01\\\/ostack5-1.png\",\"contentUrl\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2025\\\/01\\\/ostack5-1.png\",\"width\":983,\"height\":612},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Creating your private cloud using OpenStack &#8211; (3) &#8211; Keystone, the Identity Service\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/8d08e9bd996a89bd75c0286cbabf3c66\",\"name\":\"Daniel Westermann\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g\",\"caption\":\"Daniel Westermann\"},\"description\":\"Daniel Westermann is Principal Consultant and Technology Leader Open Infrastructure at dbi services. He has more than 15 years of experience in management, engineering and optimization of databases and infrastructures, especially on Oracle and PostgreSQL. Since the beginning of his career, he has specialized in Oracle Technologies and is Oracle Certified Professional 12c and Oracle Certified Expert RAC\\\/GridInfra. Over time, Daniel has become increasingly interested in open source technologies, becoming \u201cTechnology Leader Open Infrastructure\u201d and PostgreSQL expert. \u00a0Based on community or EnterpriseDB tools, he develops and installs complex high available solutions with PostgreSQL. He is also a certified PostgreSQL Plus 9.0 Professional and a Postgres Advanced Server 9.4 Professional. He is a regular speaker at PostgreSQL conferences in Switzerland and Europe. Today Daniel is also supporting our customers on AWS services such as AWS RDS, database migrations into the cloud, EC2 and automated infrastructure management with AWS SSM (System Manager). He is a certified AWS Solutions Architect Professional. Prior to dbi services, Daniel was Management System Engineer at LC SYSTEMS-Engineering AG in Basel. Before that, he worked as Oracle Developper &amp;\u00a0Project Manager at Delta Energy Solutions AG in Basel (today Powel AG). Daniel holds a diploma in Business Informatics (DHBW, Germany). His branch-related experience mainly covers the pharma industry, the financial sector, energy, lottery and telecommunications.\",\"sameAs\":[\"https:\\\/\\\/x.com\\\/westermanndanie\"],\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/author\\\/daniel-westermann\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Creating your private cloud using OpenStack - (3) - Keystone, the Identity Service - dbi Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\/","og_locale":"en_US","og_type":"article","og_title":"Creating your private cloud using OpenStack - (3) - Keystone, the Identity Service","og_description":"By the end of the last post, we finished with preparing the controller and compute node for being ready to deploy the first OpenStack service: Keystone, the Identity Service. Before we dive into the details lets quickly talk about why we need such a service. In an OpenStack setup there needs to be some form [&hellip;]","og_url":"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\/","og_site_name":"dbi Blog","article_published_time":"2025-01-20T11:50:16+00:00","article_modified_time":"2025-01-21T14:17:11+00:00","og_image":[{"width":983,"height":612,"url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack5-1.png","type":"image\/png"}],"author":"Daniel Westermann","twitter_card":"summary_large_image","twitter_creator":"@westermanndanie","twitter_misc":{"Written by":"Daniel Westermann","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\/"},"author":{"name":"Daniel Westermann","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d08e9bd996a89bd75c0286cbabf3c66"},"headline":"Creating your private cloud using OpenStack &#8211; (3) &#8211; Keystone, the Identity Service","datePublished":"2025-01-20T11:50:16+00:00","dateModified":"2025-01-21T14:17:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\/"},"wordCount":627,"commentCount":0,"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack5-1.png","keywords":["Cloud","Linux","openstack","PostgreSQL"],"articleSection":["Cloud","DevOps","PostgreSQL"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\/","url":"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\/","name":"Creating your private cloud using OpenStack - (3) - Keystone, the Identity Service - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\/#primaryimage"},"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack5-1.png","datePublished":"2025-01-20T11:50:16+00:00","dateModified":"2025-01-21T14:17:11+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d08e9bd996a89bd75c0286cbabf3c66"},"breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\/#primaryimage","url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack5-1.png","contentUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack5-1.png","width":983,"height":612},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-3-keystone-the-identity-service\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Creating your private cloud using OpenStack &#8211; (3) &#8211; Keystone, the Identity Service"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d08e9bd996a89bd75c0286cbabf3c66","name":"Daniel Westermann","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g","caption":"Daniel Westermann"},"description":"Daniel Westermann is Principal Consultant and Technology Leader Open Infrastructure at dbi services. He has more than 15 years of experience in management, engineering and optimization of databases and infrastructures, especially on Oracle and PostgreSQL. Since the beginning of his career, he has specialized in Oracle Technologies and is Oracle Certified Professional 12c and Oracle Certified Expert RAC\/GridInfra. Over time, Daniel has become increasingly interested in open source technologies, becoming \u201cTechnology Leader Open Infrastructure\u201d and PostgreSQL expert. \u00a0Based on community or EnterpriseDB tools, he develops and installs complex high available solutions with PostgreSQL. He is also a certified PostgreSQL Plus 9.0 Professional and a Postgres Advanced Server 9.4 Professional. He is a regular speaker at PostgreSQL conferences in Switzerland and Europe. Today Daniel is also supporting our customers on AWS services such as AWS RDS, database migrations into the cloud, EC2 and automated infrastructure management with AWS SSM (System Manager). He is a certified AWS Solutions Architect Professional. Prior to dbi services, Daniel was Management System Engineer at LC SYSTEMS-Engineering AG in Basel. Before that, he worked as Oracle Developper &amp;\u00a0Project Manager at Delta Energy Solutions AG in Basel (today Powel AG). Daniel holds a diploma in Business Informatics (DHBW, Germany). His branch-related experience mainly covers the pharma industry, the financial sector, energy, lottery and telecommunications.","sameAs":["https:\/\/x.com\/westermanndanie"],"url":"https:\/\/www.dbi-services.com\/blog\/author\/daniel-westermann\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/36721","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/29"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=36721"}],"version-history":[{"count":23,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/36721\/revisions"}],"predecessor-version":[{"id":36780,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/36721\/revisions\/36780"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=36721"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=36721"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=36721"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=36721"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}