Ubuntu 14.04
Sponsored Link

OpenStack Mitaka : Configure Keystone#2
2016/04/20
 
Add Users or Roles, Services and others in Keystone.
[1] Load environment variables and create default domain.
Set value for "OS_TOKEN" from the value "admin_token" in keystone.conf.
root@dlp:~#
export OS_TOKEN=admintoken

root@dlp:~#
export OS_URL=http://10.0.0.30:35357/v3

root@dlp:~#
export OS_IDENTITY_API_VERSION=3

root@dlp:~#
openstack domain create --description "Default Domain" default

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Default Domain                   |
| enabled     | True                             |
| id          | e547aee8ce3a44958e7a53b32f2bd0ae |
| name        | default                          |
+-------------+----------------------------------+
[2] Add Projects.
# add admin project

root@dlp:~#
openstack project create --domain default --description "Admin Project" admin

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Admin Project                    |
| domain_id   | e547aee8ce3a44958e7a53b32f2bd0ae |
| enabled     | True                             |
| id          | 7b165caeb26a40eb8b26063b013ad26a |
| is_domain   | False                            |
| name        | admin                            |
| parent_id   | e547aee8ce3a44958e7a53b32f2bd0ae |
+-------------+----------------------------------+

# add service project

root@dlp:~#
openstack project create --domain default --description "Service Project" service

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | e547aee8ce3a44958e7a53b32f2bd0ae |
| enabled     | True                             |
| id          | 0aa29b9e087e44358ca8a598b4ef39b4 |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | e547aee8ce3a44958e7a53b32f2bd0ae |
+-------------+----------------------------------+

# confirm settings

root@dlp:~#
openstack project list

+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 0aa29b9e087e44358ca8a598b4ef39b4 | service |
| 7b165caeb26a40eb8b26063b013ad26a | admin   |
+----------------------------------+---------+
[3] Add Roles.
# add admin role

root@dlp:~#
openstack role create admin

+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 84f993a4da624ce8b5fb08459942006d |
| name      | admin                            |
+-----------+----------------------------------+

# add Member role

root@dlp:~#
openstack role create Member

+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 20d83bc6bed449d99fd570fbe9d4ce6b |
| name      | Member                           |
+-----------+----------------------------------+

# confirm settings

root@dlp:~#
openstack role list

+----------------------------------+--------+
| ID                               | Name   |
+----------------------------------+--------+
| 20d83bc6bed449d99fd570fbe9d4ce6b | Member |
| 84f993a4da624ce8b5fb08459942006d | admin  |
+----------------------------------+--------+
[4] Add User Accounts.
# add admin user (set in admin project)

root@dlp:~#
openstack user create --domain default --project admin --password adminpassword admin

+--------------------+----------------------------------+
| Field              | Value                            |
+--------------------+----------------------------------+
| default_project_id | 7b165caeb26a40eb8b26063b013ad26a |
| domain_id          | e547aee8ce3a44958e7a53b32f2bd0ae |
| enabled            | True                             |
| id                 | bffe2db8216d4706862b53a4380e8634 |
| name               | admin                            |
+--------------------+----------------------------------+

# add admin user in admin role

root@dlp:~#
openstack role add --project admin --user admin admin
# confirm settings

root@dlp:~#
openstack user list

+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| bffe2db8216d4706862b53a4380e8634 | admin |
+----------------------------------+-------+
[5] Add entries for services.
# add for keystone

root@dlp:~#
openstack service create --name keystone --description "OpenStack Identity" identity

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Identity               |
| enabled     | True                             |
| id          | e18211dbdcc4428e9d73b032bc442aaf |
| name        | keystone                         |
| type        | identity                         |
+-------------+----------------------------------+

# confirm settings

root@dlp:~#
openstack service list

+----------------------------------+----------+----------+
| ID                               | Name     | Type     |
+----------------------------------+----------+----------+
| e18211dbdcc4428e9d73b032bc442aaf | keystone | identity |
+----------------------------------+----------+----------+
[6] Add Endpoints.
# define keystone host

root@dlp:~#
export controller=10.0.0.30
# add endpoint for keystone (public)

root@dlp:~#
openstack endpoint create --region RegionOne identity public http://$controller:5000/v3

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | d38c323d39fb4ce38278b01e514d2099 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | e18211dbdcc4428e9d73b032bc442aaf |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://10.0.0.30:5000/v3         |
+--------------+----------------------------------+

# add endpoint for keystone (internal)

root@dlp:~#
openstack endpoint create --region RegionOne identity internal http://$controller:5000/v3

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 71b8e4fe6ad641d1996e2e4f1eec6792 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | e18211dbdcc4428e9d73b032bc442aaf |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://10.0.0.30:5000/v3         |
+--------------+----------------------------------+

# add endpoint for keystone (admin)

root@dlp:~#
openstack endpoint create --region RegionOne identity admin http://$controller:35357/v3

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | dbc6ec5b2f7741ef96b6f3a1846d8d01 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | e18211dbdcc4428e9d73b032bc442aaf |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://10.0.0.30:35357/v3        |
+--------------+----------------------------------+

# confirm settings

root@dlp:~#
openstack endpoint list

+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
| ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                       |
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
| 71b8e4fe6ad641d1996e2e4f1eec6792 | RegionOne | keystone     | identity     | True    | internal  | http://10.0.0.30:5000/v3  |
| d38c323d39fb4ce38278b01e514d2099 | RegionOne | keystone     | identity     | True    | public    | http://10.0.0.30:5000/v3  |
| dbc6ec5b2f7741ef96b6f3a1846d8d01 | RegionOne | keystone     | identity     | True    | admin     | http://10.0.0.30:35357/v3 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
 
Tweet