OpenStack Liberty : Configure Keystone#2
2015/11/15 |
Add Users or Roles, Services and others in Keystone.
|
|
[1] | Load environment variables first. Set value for "OS_TOKEN" from the value "admin_token" in keystone.conf. For "OS_URL", specify Keystone server's hostname or IP address. |
[root@dlp ~]# export OS_TOKEN=admintoken [root@dlp ~]# export OS_URL=http://10.0.0.30:35357/v3 [root@dlp ~]# export OS_IDENTITY_API_VERSION=3 |
[2] | Add Projects. |
# add admin project [root@dlp ~]# openstack project create --domain default --description "Admin Project" admin +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Admin Project | | domain_id | default | | enabled | True | | id | d625e02b3d394afbad250def2f88fefa | | is_domain | False | | name | admin | | parent_id | None | +-------------+----------------------------------+ # add service project [root@dlp ~]# openstack project create --domain default --description "Service Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | default | | enabled | True | | id | 11a4bfa2b8c748ad860efb34b5fefb7f | | is_domain | False | | name | service | | parent_id | None | +-------------+----------------------------------+ # confirm settings [root@dlp ~]# openstack project list +----------------------------------+---------+ | ID | Name | +----------------------------------+---------+ | 11a4bfa2b8c748ad860efb34b5fefb7f | service | | d625e02b3d394afbad250def2f88fefa | admin | +----------------------------------+---------+ |
[3] | Add Roles. |
# add admin role [root@dlp ~]# openstack role create admin +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | e90e05e4b5d647dca8321a71b7adce7d | | name | admin | +-------+----------------------------------+ # add Member role [root@dlp ~]# openstack role create Member +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | 8405a50673964a259e628a1f1a670cf8 | | name | Member | +-------+----------------------------------+ # confirm settings [root@dlp ~]# openstack role list +----------------------------------+--------+ | ID | Name | +----------------------------------+--------+ | 8405a50673964a259e628a1f1a670cf8 | Member | | e90e05e4b5d647dca8321a71b7adce7d | admin | +----------------------------------+--------+ |
[4] | Add User Accounts. |
# add admin user (set in admin project) [root@dlp ~]# openstack user create --domain default --project admin --password adminpassword admin +--------------------+----------------------------------+ | Field | Value | +--------------------+----------------------------------+ | default_project_id | d625e02b3d394afbad250def2f88fefa | | domain_id | default | | enabled | True | | id | b4c316b93a464f8ea46b01bd01a52003 | | name | admin | +--------------------+----------------------------------+ # add admin user in admin role [root@dlp ~]# openstack role add --project admin --user admin admin
# confirm settings [root@dlp ~]# openstack user list +----------------------------------+-------+ | ID | Name | +----------------------------------+-------+ | b4c316b93a464f8ea46b01bd01a52003 | admin | +----------------------------------+-------+ |
[5] | Add entries for services. |
# add for keystone [root@dlp ~]# openstack service create --name keystone --description "OpenStack Identity" identity +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Identity | | enabled | True | | id | b528b57cc0784ca5a594318c961187e4 | | name | keystone | | type | identity | +-------------+----------------------------------+ # confirm settings [root@dlp ~]# openstack service list +----------------------------------+----------+----------+ | ID | Name | Type | +----------------------------------+----------+----------+ | b528b57cc0784ca5a594318c961187e4 | keystone | identity | +----------------------------------+----------+----------+ |
[6] | Add Endpoints. |
# define this host [root@dlp ~]# export controller=10.0.0.30
# add endpoint for keystone (public) [root@dlp ~]# openstack endpoint create --region RegionOne identity public http://$controller:5000/v2.0 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | cab5ed9a79d347e4a078c8b75f31d570 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | b528b57cc0784ca5a594318c961187e4 | | service_name | keystone | | service_type | identity | | url | http://10.0.0.30:5000/v2.0 | +--------------+----------------------------------+ # add endpoint for keystone (internal ) [root@dlp ~]# openstack endpoint create --region RegionOne identity internal http://$controller:5000/v2.0 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | a393b37f81f449f096097494c3630a64 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | b528b57cc0784ca5a594318c961187e4 | | service_name | keystone | | service_type | identity | | url | http://10.0.0.30:5000/v2.0 | +--------------+----------------------------------+ # add endpoint for keystone (admin ) [root@dlp ~]# openstack endpoint create --region RegionOne identity admin http://$controller:35357/v2.0 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 31610cb66365438e8a2063273daa1b1a | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | b528b57cc0784ca5a594318c961187e4 | | service_name | keystone | | service_type | identity | | url | http://10.0.0.30:35357/v2.0 | +--------------+----------------------------------+ # confirm settings [root@dlp ~]# openstack endpoint list +--------------+-----------+--------------+--------------+---------+-----------+-----------------------------+ | ID | Region | Service Name | Service Type | Enabled | Interface | URL | +--------------+-----------+--------------+--------------+---------+-----------+-----------------------------+ | 31610c365... | RegionOne | keystone | identity | True | admin | http://10.0.0.30:35357/v2.0 | | a393b31f4... | RegionOne | keystone | identity | True | internal | http://10.0.0.30:5000/v2.0 | | cab5ed9d3... | RegionOne | keystone | identity | True | public | http://10.0.0.30:5000/v2.0 | +--------------+-----------+--------------+--------------+---------+-----------+-----------------------------+ |