CentOS 7
Sponsored Link

OpenStack Liberty : Configure Keystone#2
2015/11/15
 
Add Users or Roles, Services and others in Keystone.
[1] Load environment variables first.
Set value for "OS_TOKEN" from the value "admin_token" in keystone.conf.
For "OS_URL", specify Keystone server's hostname or IP address.
[root@dlp ~]#
export OS_TOKEN=admintoken

[root@dlp ~]#
export OS_URL=http://10.0.0.30:35357/v3

[root@dlp ~]#
export OS_IDENTITY_API_VERSION=3

[2] Add Projects.
# add admin project

[root@dlp ~]#
openstack project create --domain default --description "Admin Project" admin

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Admin Project                    |
| domain_id   | default                          |
| enabled     | True                             |
| id          | d625e02b3d394afbad250def2f88fefa |
| is_domain   | False                            |
| name        | admin                            |
| parent_id   | None                             |
+-------------+----------------------------------+

# add service project

[root@dlp ~]#
openstack project create --domain default --description "Service Project" service

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 11a4bfa2b8c748ad860efb34b5fefb7f |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | None                             |
+-------------+----------------------------------+

# confirm settings

[root@dlp ~]#
openstack project list

+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 11a4bfa2b8c748ad860efb34b5fefb7f | service |
| d625e02b3d394afbad250def2f88fefa | admin   |
+----------------------------------+---------+
[3] Add Roles.
# add admin role

[root@dlp ~]#
openstack role create admin

+-------+----------------------------------+
| Field | Value                            |
+-------+----------------------------------+
| id    | e90e05e4b5d647dca8321a71b7adce7d |
| name  | admin                            |
+-------+----------------------------------+

# add Member role

[root@dlp ~]#
openstack role create Member

+-------+----------------------------------+
| Field | Value                            |
+-------+----------------------------------+
| id    | 8405a50673964a259e628a1f1a670cf8 |
| name  | Member                           |
+-------+----------------------------------+

# confirm settings

[root@dlp ~]#
openstack role list

+----------------------------------+--------+
| ID                               | Name   |
+----------------------------------+--------+
| 8405a50673964a259e628a1f1a670cf8 | Member |
| e90e05e4b5d647dca8321a71b7adce7d | admin  |
+----------------------------------+--------+
[4] Add User Accounts.
# add admin user (set in admin project)

[root@dlp ~]#
openstack user create --domain default --project admin --password adminpassword admin

+--------------------+----------------------------------+
| Field              | Value                            |
+--------------------+----------------------------------+
| default_project_id | d625e02b3d394afbad250def2f88fefa |
| domain_id          | default                          |
| enabled            | True                             |
| id                 | b4c316b93a464f8ea46b01bd01a52003 |
| name               | admin                            |
+--------------------+----------------------------------+

# add admin user in admin role

[root@dlp ~]#
openstack role add --project admin --user admin admin
# confirm settings

[root@dlp ~]#
openstack user list

+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| b4c316b93a464f8ea46b01bd01a52003 | admin |
+----------------------------------+-------+
[5] Add entries for services.
# add for keystone

[root@dlp ~]#
openstack service create --name keystone --description "OpenStack Identity" identity

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Identity               |
| enabled     | True                             |
| id          | b528b57cc0784ca5a594318c961187e4 |
| name        | keystone                         |
| type        | identity                         |
+-------------+----------------------------------+

# confirm settings

[root@dlp ~]#
openstack service list

+----------------------------------+----------+----------+
| ID                               | Name     | Type     |
+----------------------------------+----------+----------+
| b528b57cc0784ca5a594318c961187e4 | keystone | identity |
+----------------------------------+----------+----------+
[6] Add Endpoints.
# define this host

[root@dlp ~]#
export controller=10.0.0.30
# add endpoint for keystone (public)

[root@dlp ~]#
openstack endpoint create --region RegionOne identity public http://$controller:5000/v2.0

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | cab5ed9a79d347e4a078c8b75f31d570 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | b528b57cc0784ca5a594318c961187e4 |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://10.0.0.30:5000/v2.0       |
+--------------+----------------------------------+

# add endpoint for keystone (internal )

[root@dlp ~]#
openstack endpoint create --region RegionOne identity internal http://$controller:5000/v2.0

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | a393b37f81f449f096097494c3630a64 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | b528b57cc0784ca5a594318c961187e4 |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://10.0.0.30:5000/v2.0       |
+--------------+----------------------------------+

# add endpoint for keystone (admin )

[root@dlp ~]#
openstack endpoint create --region RegionOne identity admin http://$controller:35357/v2.0

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 31610cb66365438e8a2063273daa1b1a |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | b528b57cc0784ca5a594318c961187e4 |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://10.0.0.30:35357/v2.0      |
+--------------+----------------------------------+

# confirm settings

[root@dlp ~]#
openstack endpoint list

+--------------+-----------+--------------+--------------+---------+-----------+-----------------------------+
| ID           | Region    | Service Name | Service Type | Enabled | Interface | URL                         |
+--------------+-----------+--------------+--------------+---------+-----------+-----------------------------+
| 31610c365... | RegionOne | keystone     | identity     | True    | admin     | http://10.0.0.30:35357/v2.0 |
| a393b31f4... | RegionOne | keystone     | identity     | True    | internal  | http://10.0.0.30:5000/v2.0  |
| cab5ed9d3... | RegionOne | keystone     | identity     | True    | public    | http://10.0.0.30:5000/v2.0  |
+--------------+-----------+--------------+--------------+---------+-----------+-----------------------------+
 
Tweet