OpenStack Havana - Configure Keystone#2
2013/11/22 |
Add Users or Roles, Services and so on in Keystone.
|
|
[1] | Load environment variables first. Set value for "SERVICE_TOKEN" from the value "admin_token" in keystone.conf. |
root@dlp:~# export SERVICE_TOKEN=admintoken root@dlp:~# export SERVICE_ENDPOINT=http://10.0.0.30:35357/v2.0/ |
[2] | Add Tenants ( like group ) |
# add admin tenant root@dlp:~# keystone tenant-create --name admin --description "Admin Tenant" --enabled true +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Admin Tenant | | enabled | True | | id | 3d7997a116ac48a4b72ff63327418e42 | | name | admin | +-------------+----------------------------------+ # add service tenant root@dlp:~# keystone tenant-create --name service --description "Service Tenant" --enabled true +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Service Tenant | | enabled | True | | id | 17cfbcf053e745cfa0c4cf5cc6e80a32 | | name | service | +-------------+----------------------------------+ # confirm settings root@dlp:~# keystone tenant-list +----------------------------------+---------+---------+ | id | name | enabled | +----------------------------------+---------+---------+ | 3d7997a116ac48a4b72ff63327418e42 | admin | True | | 17cfbcf053e745cfa0c4cf5cc6e80a32 | service | True | +----------------------------------+---------+---------+ |
[3] | Add Roles |
# add admin role root@dlp:~# keystone role-create --name admin +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | id | 07e67314dfd74fc99b277953e65dc958 | | name | admin | +----------+----------------------------------+ # add Member role root@dlp:~# keystone role-create --name Member +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | id | e1001aae2627436f805467e9355c8a0d | | name | Member | +----------+----------------------------------+ # confirm settings root@dlp:~# keystone role-list +----------------------------------+----------+ | id | name | +----------------------------------+----------+ | e1001aae2627436f805467e9355c8a0d | Member | | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | | 07e67314dfd74fc99b277953e65dc958 | admin | +----------------------------------+----------+ |
[4] | Add Users |
# add admin user (set in admin tenant) root@dlp:~# keystone user-create --tenant admin --name admin --pass adminpassword --enabled true +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | befdaad20ff642ba851f58b7f9662cfd | | name | admin | | tenantId | 3d7997a116ac48a4b72ff63327418e42 | +----------+----------------------------------+ # add admin user in admin role root@dlp:~# keystone user-role-add --user admin --tenant admin --role admin
# add glance user (set in service tenant) root@dlp:~# keystone user-create --tenant service --name glance --pass servicepassword --enabled true +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | 95ad564fbb4f41d290d3128c9507e39a | | name | glance | | tenantId | 17cfbcf053e745cfa0c4cf5cc6e80a32 | +----------+----------------------------------+ # add glance user in admin role root@dlp:~# keystone user-role-add --user glance --tenant service --role admin
# add nova user (set in service tenant) root@dlp:~# keystone user-create --tenant service --name nova --pass servicepassword --enabled true +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | 6afd084e788b49089a1ea4c86f1de3e3 | | name | nova | | tenantId | 17cfbcf053e745cfa0c4cf5cc6e80a32 | +----------+----------------------------------+ # add nova user in admin role root@dlp:~# keystone user-role-add --user nova --tenant service --role admin
# confirm settings root@dlp:~# keystone user-list +----------------------------------+--------+---------+-------+ | id | name | enabled | email | +----------------------------------+--------+---------+-------+ | befdaad20ff642ba851f58b7f9662cfd | admin | True | | | 95ad564fbb4f41d290d3128c9507e39a | glance | True | | | 6afd084e788b49089a1ea4c86f1de3e3 | nova | True | | +----------------------------------+--------+---------+-------+ |
[5] | Add entries for services |
# add for keystone root@dlp:~# keystone service-create --name=keystone --type=identity --description="Keystone Identity Service" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Keystone Identity Service | | id | 159031c5cba6430b9c4fbea4fbb582ab | | name | keystone | | type | identity | +-------------+----------------------------------+ # add for glance root@dlp:~# keystone service-create --name=glance --type=image --description="Glance Image Service" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Glance Image Service | | id | 7eee3455b0084bd1b8728f9463d8d6e3 | | name | glance | | type | image | +-------------+----------------------------------+ # add for nova root@dlp:~# keystone service-create --name=nova --type=compute --description="Nova Compute Service" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Nova Compute Service | | id | a9e6b1dce1b94701a655a9dcbe147250 | | name | nova | | type | compute | +-------------+----------------------------------+ # confirm settings root@dlp:~# keystone service-list +----------------------------------+----------+----------+---------------------------+ | id | name | type | description | +----------------------------------+----------+----------+---------------------------+ | 7eee3455b0084bd1b8728f9463d8d6e3 | glance | image | Glance Image Service | | 159031c5cba6430b9c4fbea4fbb582ab | keystone | identity | Keystone Identity Service | | a9e6b1dce1b94701a655a9dcbe147250 | nova | compute | Nova Compute Service | +----------------------------------+----------+----------+---------------------------+ |
[6] | Add Endpoints |
# define my host root@dlp:~# export my_host=10.0.0.30
# add endpoint for keystone root@dlp:~# keystone endpoint-create --region RegionOne \ --service keystone \ --publicurl "http://$my_host:\$(public_port)s/v2.0" \ --internalurl "http://$my_host:\$(public_port)s/v2.0" \ --adminurl "http://$my_host:\$(admin_port)s/v2.0" +-------------+---------------------------------------+ | Property | Value | +-------------+---------------------------------------+ | adminurl | http://10.0.0.30:$(admin_port)s/v2.0 | | id | b25c8f741b254435984095e8854d2b61 | | internalurl | http://10.0.0.30:$(public_port)s/v2.0 | | publicurl | http://10.0.0.30:$(public_port)s/v2.0 | | region | RegionOne | | service_id | 159031c5cba6430b9c4fbea4fbb582ab | +-------------+---------------------------------------+ # add endpoint for glance root@dlp:~# keystone endpoint-create --region RegionOne \ --service glance \ --publicurl "http://$my_host:9292/v1" \ --internalurl "http://$my_host:9292/v1" \ --adminurl "http://$my_host:9292/v1" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | adminurl | http://10.0.0.30:9292/v1 | | id | d0ef1f8e906745538007ba84993808f2 | | internalurl | http://10.0.0.30:9292/v1 | | publicurl | http://10.0.0.30:9292/v1 | | region | RegionOne | | service_id | 7eee3455b0084bd1b8728f9463d8d6e3 | +-------------+----------------------------------+ # add endpoint for nova root@dlp:~# keystone endpoint-create --region RegionOne \ --service nova \ --publicurl "http://$my_host:\$(compute_port)s/v1.1/\$(tenant_id)s" \ --internalurl "http://$my_host:\$(compute_port)s/v1.1/\$(tenant_id)s" \ --adminurl "http://$my_host:\$(compute_port)s/v1.1/\$(tenant_id)s" +-------------+------------------------------------------------------+ | Property | Value | +-------------+------------------------------------------------------+ | adminurl | http://10.0.0.30:$(compute_port)s/v1.1/$(tenant_id)s | | id | 17f792a981954dbb943ce11f9f88df42 | | internalurl | http://10.0.0.30:$(compute_port)s/v1.1/$(tenant_id)s | | publicurl | http://10.0.0.30:$(compute_port)s/v1.1/$(tenant_id)s | | region | RegionOne | | service_id | a9e6b1dce1b94701a655a9dcbe147250 | +-------------+------------------------------------------------------+ # confirm settings root@dlp:~# keystone endpoint-list +----------------------------------+-----------+------------------------------------------------------+ | id | region | publicurl | +----------------------------------+-----------+------------------------------------------------------+ | 17f792a981954dbb943ce11f9f88df42 | RegionOne | http://10.0.0.30:$(compute_port)s/v1.1/$(tenant_id)s | | b25c8f741b254435984095e8854d2b61 | RegionOne | http://10.0.0.30:$(public_port)s/v2.0 | | d0ef1f8e906745538007ba84993808f2 | RegionOne | http://10.0.0.30:9292/v1 | +----------------------------------+-----------+------------------------------------------------------+ +------------------------------------------------------+------------------------------------------------------+ | internalurl | adminurl | +------------------------------------------------------+------------------------------------------------------+ | http://10.0.0.30:$(compute_port)s/v1.1/$(tenant_id)s | http://10.0.0.30:$(compute_port)s/v1.1/$(tenant_id)s | | http://10.0.0.30:$(public_port)s/v2.0 | http://10.0.0.30:$(admin_port)s/v2.0 | | http://10.0.0.30:9292/v1 | http://10.0.0.30:9292/v1 | +------------------------------------------------------+------------------------------------------------------+ +----------------------------------+ | service_id | +----------------------------------+ | a9e6b1dce1b94701a655a9dcbe147250 | | 159031c5cba6430b9c4fbea4fbb582ab | | 7eee3455b0084bd1b8728f9463d8d6e3 | +----------------------------------+ |