|
OpenStack Mitaka : Configure Keystone#2
2016/04/20 |
|
Add Users or Roles, Services and others in Keystone.
|
|
| [1] | Load environment variables and create default domain. Set value for "OS_TOKEN" from the value "admin_token" in keystone.conf. |
|
root@dlp:~# export OS_TOKEN=admintoken root@dlp:~# export OS_URL=http://10.0.0.30:35357/v3 root@dlp:~# export OS_IDENTITY_API_VERSION=3 root@dlp:~# openstack domain create --description "Default Domain" default +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Default Domain | | enabled | True | | id | e547aee8ce3a44958e7a53b32f2bd0ae | | name | default | +-------------+----------------------------------+ |
| [2] | Add Projects. |
|
# add admin project root@dlp:~# openstack project create --domain default --description "Admin Project" admin +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Admin Project | | domain_id | e547aee8ce3a44958e7a53b32f2bd0ae | | enabled | True | | id | 7b165caeb26a40eb8b26063b013ad26a | | is_domain | False | | name | admin | | parent_id | e547aee8ce3a44958e7a53b32f2bd0ae | +-------------+----------------------------------+ # add service project root@dlp:~# openstack project create --domain default --description "Service Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | e547aee8ce3a44958e7a53b32f2bd0ae | | enabled | True | | id | 0aa29b9e087e44358ca8a598b4ef39b4 | | is_domain | False | | name | service | | parent_id | e547aee8ce3a44958e7a53b32f2bd0ae | +-------------+----------------------------------+ # confirm settings root@dlp:~# openstack project list +----------------------------------+---------+ | ID | Name | +----------------------------------+---------+ | 0aa29b9e087e44358ca8a598b4ef39b4 | service | | 7b165caeb26a40eb8b26063b013ad26a | admin | +----------------------------------+---------+ |
| [3] | Add Roles. |
|
# add admin role root@dlp:~# openstack role create admin +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | 84f993a4da624ce8b5fb08459942006d | | name | admin | +-----------+----------------------------------+ # add Member role root@dlp:~# openstack role create Member +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | 20d83bc6bed449d99fd570fbe9d4ce6b | | name | Member | +-----------+----------------------------------+ # confirm settings root@dlp:~# openstack role list +----------------------------------+--------+ | ID | Name | +----------------------------------+--------+ | 20d83bc6bed449d99fd570fbe9d4ce6b | Member | | 84f993a4da624ce8b5fb08459942006d | admin | +----------------------------------+--------+ |
| [4] | Add User Accounts. |
|
# add admin user (set in admin project) root@dlp:~# openstack user create --domain default --project admin --password adminpassword admin +--------------------+----------------------------------+ | Field | Value | +--------------------+----------------------------------+ | default_project_id | 7b165caeb26a40eb8b26063b013ad26a | | domain_id | e547aee8ce3a44958e7a53b32f2bd0ae | | enabled | True | | id | bffe2db8216d4706862b53a4380e8634 | | name | admin | +--------------------+----------------------------------+ # add admin user in admin role root@dlp:~# openstack role add --project admin --user admin admin
# confirm settings root@dlp:~# openstack user list +----------------------------------+-------+ | ID | Name | +----------------------------------+-------+ | bffe2db8216d4706862b53a4380e8634 | admin | +----------------------------------+-------+ |
| [5] | Add entries for services. |
|
# add for keystone root@dlp:~# openstack service create --name keystone --description "OpenStack Identity" identity +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Identity | | enabled | True | | id | e18211dbdcc4428e9d73b032bc442aaf | | name | keystone | | type | identity | +-------------+----------------------------------+ # confirm settings root@dlp:~# openstack service list +----------------------------------+----------+----------+ | ID | Name | Type | +----------------------------------+----------+----------+ | e18211dbdcc4428e9d73b032bc442aaf | keystone | identity | +----------------------------------+----------+----------+ |
| [6] | Add Endpoints. |
|
# define keystone host root@dlp:~# export controller=10.0.0.30
# add endpoint for keystone (public) root@dlp:~# openstack endpoint create --region RegionOne identity public http://$controller:5000/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | d38c323d39fb4ce38278b01e514d2099 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | e18211dbdcc4428e9d73b032bc442aaf | | service_name | keystone | | service_type | identity | | url | http://10.0.0.30:5000/v3 | +--------------+----------------------------------+ # add endpoint for keystone (internal) root@dlp:~# openstack endpoint create --region RegionOne identity internal http://$controller:5000/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 71b8e4fe6ad641d1996e2e4f1eec6792 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | e18211dbdcc4428e9d73b032bc442aaf | | service_name | keystone | | service_type | identity | | url | http://10.0.0.30:5000/v3 | +--------------+----------------------------------+ # add endpoint for keystone (admin) root@dlp:~# openstack endpoint create --region RegionOne identity admin http://$controller:35357/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | dbc6ec5b2f7741ef96b6f3a1846d8d01 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | e18211dbdcc4428e9d73b032bc442aaf | | service_name | keystone | | service_type | identity | | url | http://10.0.0.30:35357/v3 | +--------------+----------------------------------+ # confirm settings root@dlp:~# openstack endpoint list +----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+ | ID | Region | Service Name | Service Type | Enabled | Interface | URL | +----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+ | 71b8e4fe6ad641d1996e2e4f1eec6792 | RegionOne | keystone | identity | True | internal | http://10.0.0.30:5000/v3 | | d38c323d39fb4ce38278b01e514d2099 | RegionOne | keystone | identity | True | public | http://10.0.0.30:5000/v3 | | dbc6ec5b2f7741ef96b6f3a1846d8d01 | RegionOne | keystone | identity | True | admin | http://10.0.0.30:35357/v3 | +----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+ |