CentOS 6
Sponsored Link

OpenStack Grizzly - Configure Keystone #2
2013/08/13
 
Add Users or Roles, Services and so on in Keystone.
[1] load environment variables first
set value for "SERVICE_TOKE" from the value "admin_token" in keystone.conf.
[root@dlp ~]#
export SERVICE_TOKEN=admintoken

[root@dlp ~]#
export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0/

[2] Add Tenants ( like group )
# add admin tenant

[root@dlp ~]#
keystone tenant-create --name admin --description "Admin Tenant" --enabled true

+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |           Admin Tenant           |
|   enabled   |               True               |
|      id     | 2751413388064becb657e04afc0e7695 |
|     name    |              admin               |
+-------------+----------------------------------+

# add service tenant

[root@dlp ~]#
keystone tenant-create --name service --description "Service Tenant" --enabled true

+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |          Service Tenant          |
|   enabled   |               True               |
|      id     | a2ce1b64a0b742f68110edf193e30af7 |
|     name    |             service              |
+-------------+----------------------------------+

# confirm settings

[root@dlp ~]#
keystone tenant-list

+----------------------------------+---------+---------+
|                id                |   name  | enabled |
+----------------------------------+---------+---------+
| 2751413388064becb657e04afc0e7695 |  admin  |   True  |
| a2ce1b64a0b742f68110edf193e30af7 | service |   True  |
+----------------------------------+---------+---------+
[3] Add Roles
# add admin role

[root@dlp ~]#
keystone role-create --name admin

+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|    id    | 2f068e6dd2074674b8fdd2d0bccb32ff |
|   name   |              admin               |
+----------+----------------------------------+

# add Member role

[root@dlp ~]#
keystone role-create --name Member

+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|    id    | 88900b30d29845ccbc5ff01a71e37d49 |
|   name   |              Member              |
+----------+----------------------------------+

# confirm settings

[root@dlp ~]#
keystone role-list

+----------------------------------+----------+
|                id                |   name   |
+----------------------------------+----------+
| 88900b30d29845ccbc5ff01a71e37d49 |  Member  |
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
| 2f068e6dd2074674b8fdd2d0bccb32ff |  admin   |
+----------------------------------+----------+
[4] Add Users
# add admin user (in admin tenant)

[root@dlp ~]#
keystone user-create --tenant_id 2751413388064becb657e04afc0e7695 --name admin --pass adminpassword --enabled true

+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |                                  |
| enabled  |               True               |
|    id    | c44c8f91d0144fd49471bf89465e9eb0 |
|   name   |              admin               |
| tenantId | 2751413388064becb657e04afc0e7695 |
+----------+----------------------------------+

# add admin user in admin role

[root@dlp ~]#
keystone user-role-add --user-id c44c8f91d0144fd49471bf89465e9eb0 --tenant_id 2751413388064becb657e04afc0e7695 --role-id 2f068e6dd2074674b8fdd2d0bccb32ff
# add cinder user (in service tenant)

[root@dlp ~]#
keystone user-create --tenant_id a2ce1b64a0b742f68110edf193e30af7 --name cinder --pass servicepassword --enabled true

+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |                                  |
| enabled  |               True               |
|    id    | 425dc8fdb81241819468c9432a2d4569 |
|   name   |              cinder              |
| tenantId | a2ce1b64a0b742f68110edf193e30af7 |
+----------+----------------------------------+

# add cinder user in admin role

[root@dlp ~]#
keystone user-role-add --user-id 425dc8fdb81241819468c9432a2d4569 --tenant_id a2ce1b64a0b742f68110edf193e30af7 --role-id 2f068e6dd2074674b8fdd2d0bccb32ff
# add glance user (service tenant)

[root@dlp ~]#
keystone user-create --tenant_id a2ce1b64a0b742f68110edf193e30af7 --name glance --pass servicepassword --enabled true

+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |                                  |
| enabled  |               True               |
|    id    | e68a6a08575b4464bba426af4d722538 |
|   name   |              glance              |
| tenantId | a2ce1b64a0b742f68110edf193e30af7 |
+----------+----------------------------------+

# add glance user in admin role

[root@dlp ~]#
keystone user-role-add --user-id e68a6a08575b4464bba426af4d722538 --tenant_id a2ce1b64a0b742f68110edf193e30af7 --role-id 2f068e6dd2074674b8fdd2d0bccb32ff
# add nova user (in service)

[root@dlp ~]#
keystone user-create --tenant_id a2ce1b64a0b742f68110edf193e30af7 --name nova --pass servicepassword --enabled true

+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |                                  |
| enabled  |               True               |
|    id    | 0becd68333334ceda6af3c81c33fab4a |
|   name   |               nova               |
| tenantId | a2ce1b64a0b742f68110edf193e30af7 |
+----------+----------------------------------+

# add nova user in admin role

[root@dlp ~]#
keystone user-role-add --user-id 0becd68333334ceda6af3c81c33fab4a --tenant_id a2ce1b64a0b742f68110edf193e30af7 --role-id 2f068e6dd2074674b8fdd2d0bccb32ff
# confirm settings

[root@dlp ~]#
keystone user-list

+----------------------------------+--------+---------+-------+
|                id                |  name  | enabled | email |
+----------------------------------+--------+---------+-------+
| c44c8f91d0144fd49471bf89465e9eb0 | admin  |   True  |       |
| 425dc8fdb81241819468c9432a2d4569 | cinder |   True  |       |
| e68a6a08575b4464bba426af4d722538 | glance |   True  |       |
| 0becd68333334ceda6af3c81c33fab4a |  nova  |   True  |       |
+----------------------------------+--------+---------+-------+
[5] Add entries for services
# add for keystone

[root@dlp ~]#
keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"

+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |    Keystone Identity Service     |
|      id     | 24aa6eb74a3644888d36944a9e4a24b2 |
|     name    |             keystone             |
|     type    |             identity             |
+-------------+----------------------------------+

# add for cinder

[root@dlp ~]#
keystone service-create --name=cinder --type=volume --description="Cinder Service"

+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |          Cinder Service          |
|      id     | f098586f23374812b8907e4f166507ea |
|     name    |              cinder              |
|     type    |              volume              |
+-------------+----------------------------------+

# add for glance

[root@dlp ~]#
keystone service-create --name=glance --type=image --description="Glance Image Service"

+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |       Glance Image Service       |
|      id     | a8431d1527354b5a8c1a97b13468f937 |
|     name    |              glance              |
|     type    |              image               |
+-------------+----------------------------------+

# add for nova

[root@dlp ~]#
keystone service-create --name=nova --type=compute --description="Nova Compute Service"

+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |       Nova Compute Service       |
|      id     | 34e0bd084ae349dfae3f5ede135dea02 |
|     name    |               nova               |
|     type    |             compute              |
+-------------+----------------------------------+

# confirm settings

[root@dlp ~]#
keystone service-list

+----------------------------------+----------+----------+---------------------------+
|                id                |   name   |   type   |        description        |
+----------------------------------+----------+----------+---------------------------+
| f098586f23374812b8907e4f166507ea |  cinder  |  volume  |       Cinder Service      |
| a8431d1527354b5a8c1a97b13468f937 |  glance  |  image   |    Glance Image Service   |
| 24aa6eb74a3644888d36944a9e4a24b2 | keystone | identity | Keystone Identity Service |
| 34e0bd084ae349dfae3f5ede135dea02 |   nova   | compute  |    Nova Compute Service   |
+----------------------------------+----------+----------+---------------------------+
[6] Add Endpoints
# define my host

[root@dlp ~]#
export my_host=127.0.0.1
# add endpoint for keystone

[root@dlp ~]#
keystone endpoint-create --region RegionOne \
--service_id=24aa6eb74a3644888d36944a9e4a24b2 \
--publicurl="http://$my_host:\$(public_port)s/v2.0" \
--internalurl="http://$my_host:\$(public_port)s/v2.0" \
--adminurl="http://$my_host:\$(admin_port)s/v2.0"

+-------------+---------------------------------------+
|   Property  |                 Value                 |
+-------------+---------------------------------------+
|   adminurl  |  http://127.0.0.1:$(admin_port)s/v2.0 |
|      id     |    babc2a40289c4a0898bfbbb18960145d   |
| internalurl | http://127.0.0.1:$(public_port)s/v2.0 |
|  publicurl  | http://127.0.0.1:$(public_port)s/v2.0 |
|    region   |               RegionOne               |
|  service_id |    24aa6eb74a3644888d36944a9e4a24b2   |
+-------------+---------------------------------------+

# add endpoint for cinder

[root@dlp ~]#
keystone endpoint-create --region RegionOne \
--service_id=f098586f23374812b8907e4f166507ea \
--publicurl="http://$my_host:8776/v1/\$(tenant_id)s" \
--internalurl="http://$my_host:8776/v1/\$(tenant_id)s" \
--adminurl="http://$my_host:8776/v1/\$(tenant_id)s"

+-------------+----------------------------------------+
|   Property  |                 Value                  |
+-------------+----------------------------------------+
|   adminurl  | http://127.0.0.1:8776/v1/$(tenant_id)s |
|      id     |    708244ae6f2742bb9701d696581c8db2    |
| internalurl | http://127.0.0.1:8776/v1/$(tenant_id)s |
|  publicurl  | http://127.0.0.1:8776/v1/$(tenant_id)s |
|    region   |               RegionOne                |
|  service_id |    f098586f23374812b8907e4f166507ea    |
+-------------+----------------------------------------+

# add endpoint for glance

[root@dlp ~]#
keystone endpoint-create --region RegionOne \
--service_id=a8431d1527354b5a8c1a97b13468f937 \
--publicurl="http://$my_host:9292/v1" \
--internalurl="http://$my_host:9292/v1" \
--adminurl="http://$my_host:9292/v1"

+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
|   adminurl  |     http://127.0.0.1:9292/v1     |
|      id     | 5b21c4efee0a443fbaddf85cf2367e7e |
| internalurl |     http://127.0.0.1:9292/v1     |
|  publicurl  |     http://127.0.0.1:9292/v1     |
|    region   |            RegionOne             |
|  service_id | a8431d1527354b5a8c1a97b13468f937 |
+-------------+----------------------------------+

# add endpoint for nova

[root@dlp ~]#
keystone endpoint-create --region RegionOne \
--service_id=34e0bd084ae349dfae3f5ede135dea02 \
--publicurl="http://$my_host:\$(compute_port)s/v1.1/\$(tenant_id)s" \
--internalurl="http://$my_host:\$(compute_port)s/v1.1/\$(tenant_id)s" \
--adminurl="http://$my_host:\$(compute_port)s/v1.1/\$(tenant_id)s"

+-------------+------------------------------------------------------+
|   Property  |                        Value                         |
+-------------+------------------------------------------------------+
|   adminurl  | http://127.0.0.1:$(compute_port)s/v1.1/$(tenant_id)s |
|      id     |           2a280b289c564b2d8131645171226a2c           |
| internalurl | http://127.0.0.1:$(compute_port)s/v1.1/$(tenant_id)s |
|  publicurl  | http://127.0.0.1:$(compute_port)s/v1.1/$(tenant_id)s |
|    region   |                      RegionOne                       |
|  service_id |           34e0bd084ae349dfae3f5ede135dea02           |
+-------------+------------------------------------------------------+

# confirm settings

[root@dlp ~]#
keystone endpoint-list

+----------------------------------+-----------+------------------------------------------------------+
|                id                |   region  |                      publicurl                       |
+----------------------------------+-----------+------------------------------------------------------+
| 2a280b289c564b2d8131645171226a2c | RegionOne | http://127.0.0.1:$(compute_port)s/v1.1/$(tenant_id)s |
| 5b21c4efee0a443fbaddf85cf2367e7e | RegionOne |               http://127.0.0.1:9292/v1               |
| 708244ae6f2742bb9701d696581c8db2 | RegionOne |        http://127.0.0.1:8776/v1/$(tenant_id)s        |
| babc2a40289c4a0898bfbbb18960145d | RegionOne |        http://127.0.0.1:$(public_port)s/v2.0         |
+----------------------------------+-----------+------------------------------------------------------+
+------------------------------------------------------+------------------------------------------------------+
|                     internalurl                      |                       adminurl                       |
+------------------------------------------------------+------------------------------------------------------+
| http://127.0.0.1:$(compute_port)s/v1.1/$(tenant_id)s | http://127.0.0.1:$(compute_port)s/v1.1/$(tenant_id)s |
|               http://127.0.0.1:9292/v1               |               http://127.0.0.1:9292/v1               |
|        http://127.0.0.1:8776/v1/$(tenant_id)s        |        http://127.0.0.1:8776/v1/$(tenant_id)s        |
|        http://127.0.0.1:$(public_port)s/v2.0         |         http://127.0.0.1:$(admin_port)s/v2.0         |
+------------------------------------------------------+------------------------------------------------------+
+----------------------------------+
|            service_id            |
+----------------------------------+
| 34e0bd084ae349dfae3f5ede135dea02 |
| a8431d1527354b5a8c1a97b13468f937 |
| f098586f23374812b8907e4f166507ea |
| 24aa6eb74a3644888d36944a9e4a24b2 |
+----------------------------------+
 
Tweet