Ubuntu 14.04
Sponsored Link

OpenStack Icehouse : Configure Keystone#2
2014/05/13
 
Add Users or Roles, Services and so on in Keystone.
[1] Load environment variables first.
Set value for "SERVICE_TOKEN" from the value "admin_token" in keystone.conf.
root@dlp:~#
export SERVICE_TOKEN=admintoken

root@dlp:~#
export SERVICE_ENDPOINT=http://10.0.0.30:35357/v2.0/

[2] Add Tenants ( like group )
# add admin tenant

root@dlp:~#
keystone tenant-create --name admin --description "Admin Tenant" --enabled true

+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |           Admin Tenant           |
|   enabled   |               True               |
|      id     | 0bf06fa0415043cb924ead3db08e2518 |
|     name    |              admin               |
+-------------+----------------------------------+

# add service tenant

root@dlp:~#
keystone tenant-create --name service --description "Service Tenant" --enabled true

+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |          Service Tenant          |
|   enabled   |               True               |
|      id     | 45fa65597c464d48a20be990f660a27b |
|     name    |             service              |
+-------------+----------------------------------+

# confirm settings

root@dlp:~#
keystone tenant-list

+----------------------------------+---------+---------+
|                id                |   name  | enabled |
+----------------------------------+---------+---------+
| 0bf06fa0415043cb924ead3db08e2518 |  admin  |   True  |
| 45fa65597c464d48a20be990f660a27b | service |   True  |
+----------------------------------+---------+---------+
[3] Add Roles
# add admin role

root@dlp:~#
keystone role-create --name admin

+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|    id    | 9b5fb09c8f8d4271ae30d445794299c5 |
|   name   |              admin               |
+----------+----------------------------------+

# add Member role

root@dlp:~#
keystone role-create --name Member

+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|    id    | 2fa81c7f476748e89e6806cfadeea5cf |
|   name   |              Member              |
+----------+----------------------------------+

# confirm settings

root@dlp:~#
keystone role-list

+----------------------------------+----------+
|                id                |   name   |
+----------------------------------+----------+
| 2fa81c7f476748e89e6806cfadeea5cf |  Member  |
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
| 9b5fb09c8f8d4271ae30d445794299c5 |  admin   |
+----------------------------------+----------+
[4] Add Users
# add admin user (set in admin tenant)

root@dlp:~#
keystone user-create --tenant admin --name admin --pass adminpassword --enabled true

+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |                                  |
| enabled  |               True               |
|    id    | dd7518983aac411a9b24be64e6fa220f |
|   name   |              admin               |
| tenantId | 0bf06fa0415043cb924ead3db08e2518 |
| username |              admin               |
+----------+----------------------------------+

# add admin user in admin role

root@dlp:~#
keystone user-role-add --user admin --tenant admin --role admin
# add glance user (set in service tenant)

root@dlp:~#
keystone user-create --tenant service --name glance --pass servicepassword --enabled true

+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |                                  |
| enabled  |               True               |
|    id    | bf57c97785d44d658da80f6414ba9e66 |
|   name   |              glance              |
| tenantId | 45fa65597c464d48a20be990f660a27b |
| username |              glance              |
+----------+----------------------------------+

# add glance user in admin role

root@dlp:~#
keystone user-role-add --user glance --tenant service --role admin
# add nova user (set in service tenant)

root@dlp:~#
keystone user-create --tenant service --name nova --pass servicepassword --enabled true

+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |                                  |
| enabled  |               True               |
|    id    | f9713827b52040328749fa810b15d0ed |
|   name   |               nova               |
| tenantId | 45fa65597c464d48a20be990f660a27b |
| username |               nova               |
+----------+----------------------------------+

# add nova user in admin role

root@dlp:~#
keystone user-role-add --user nova --tenant service --role admin
# confirm settings

root@dlp:~#
keystone user-list

+----------------------------------+--------+---------+-------+
|                id                |  name  | enabled | email |
+----------------------------------+--------+---------+-------+
| dd7518983aac411a9b24be64e6fa220f | admin  |   True  |       |
| bf57c97785d44d658da80f6414ba9e66 | glance |   True  |       |
| f9713827b52040328749fa810b15d0ed |  nova  |   True  |       |
+----------------------------------+--------+---------+-------+
[5] Add entries for services
# add for keystone

root@dlp:~#
keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"

+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |    Keystone Identity Service     |
|   enabled   |               True               |
|      id     | 57a1dad6cdcd4ec5a6e96862edd8d7bd |
|     name    |             keystone             |
|     type    |             identity             |
+-------------+----------------------------------+

# add for glance

root@dlp:~#
keystone service-create --name=glance --type=image --description="Glance Image Service"

+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |       Glance Image Service       |
|   enabled   |               True               |
|      id     | daf11cbfbabb45d3a1408132a90af89e |
|     name    |              glance              |
|     type    |              image               |
+-------------+----------------------------------+

# add for nova

root@dlp:~#
keystone service-create --name=nova --type=compute --description="Nova Compute Service"

+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |       Nova Compute Service       |
|   enabled   |               True               |
|      id     | 585abf4e7ca94fdba9618e41e6ae394e |
|     name    |               nova               |
|     type    |             compute              |
+-------------+----------------------------------+

# confirm settings

root@dlp:~#
keystone service-list

+----------------------------------+----------+----------+---------------------------+
|                id                |   name   |   type   |        description        |
+----------------------------------+----------+----------+---------------------------+
| daf11cbfbabb45d3a1408132a90af89e |  glance  |  image   |    Glance Image Service   |
| 57a1dad6cdcd4ec5a6e96862edd8d7bd | keystone | identity | Keystone Identity Service |
| 585abf4e7ca94fdba9618e41e6ae394e |   nova   | compute  |    Nova Compute Service   |
+----------------------------------+----------+----------+---------------------------+
[6] Add Endpoints
# define my host

root@dlp:~#
export my_host=10.0.0.30
# add endpoint for keystone

root@dlp:~#
keystone endpoint-create --region RegionOne \
--service keystone \
--publicurl "http://$my_host:\$(public_port)s/v2.0" \
--internalurl "http://$my_host:\$(public_port)s/v2.0" \
--adminurl "http://$my_host:\$(admin_port)s/v2.0"

+-------------+---------------------------------------+
|   Property  |                 Value                 |
+-------------+---------------------------------------+
|   adminurl  |  http://10.0.0.30:$(admin_port)s/v2.0 |
|      id     |    f3d986a2d5fe482b91071bcaca83c94a   |
| internalurl | http://10.0.0.30:$(public_port)s/v2.0 |
|  publicurl  | http://10.0.0.30:$(public_port)s/v2.0 |
|    region   |               RegionOne               |
|  service_id |    57a1dad6cdcd4ec5a6e96862edd8d7bd   |
+-------------+---------------------------------------+

# add endpoint for glance

root@dlp:~#
keystone endpoint-create --region RegionOne \
--service glance \
--publicurl "http://$my_host:9292/v1" \
--internalurl "http://$my_host:9292/v1" \
--adminurl "http://$my_host:9292/v1"

+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
|   adminurl  |     http://10.0.0.30:9292/v1     |
|      id     | e2ba460ae291487fadf33f96b6bc56dd |
| internalurl |     http://10.0.0.30:9292/v1     |
|  publicurl  |     http://10.0.0.30:9292/v1     |
|    region   |            RegionOne             |
|  service_id | daf11cbfbabb45d3a1408132a90af89e |
+-------------+----------------------------------+

# add endpoint for nova

root@dlp:~#
keystone endpoint-create --region RegionOne \
--service nova \
--publicurl "http://$my_host:\$(compute_port)s/v2/\$(tenant_id)s" \
--internalurl "http://$my_host:\$(compute_port)s/v2/\$(tenant_id)s" \
--adminurl "http://$my_host:\$(compute_port)s/v2/\$(tenant_id)s"

+-------------+----------------------------------------------------+
|   Property  |                       Value                        |
+-------------+----------------------------------------------------+
|   adminurl  | http://10.0.0.30:$(compute_port)s/v2/$(tenant_id)s |
|      id     |          530d64cee22d4dff89e97bada01e4886          |
| internalurl | http://10.0.0.30:$(compute_port)s/v2/$(tenant_id)s |
|  publicurl  | http://10.0.0.30:$(compute_port)s/v2/$(tenant_id)s |
|    region   |                     RegionOne                      |
|  service_id |          585abf4e7ca94fdba9618e41e6ae394e          |
+-------------+----------------------------------------------------+

# confirm settings

root@dlp:~#
keystone endpoint-list

+----------------------------------+-----------+----------------------------------------------------+
|                id                |   region  |                     publicurl                      |
+----------------------------------+-----------+----------------------------------------------------+
| 530d64cee22d4dff89e97bada01e4886 | RegionOne | http://10.0.0.30:$(compute_port)s/v2/$(tenant_id)s |
| e2ba460ae291487fadf33f96b6bc56dd | RegionOne |              http://10.0.0.30:9292/v1              |
| f3d986a2d5fe482b91071bcaca83c94a | RegionOne |       http://10.0.0.30:$(public_port)s/v2.0        |
+----------------------------------+-----------+----------------------------------------------------+
+----------------------------------------------------+
|                    internalurl                     |
+----------------------------------------------------+
| http://10.0.0.30:$(compute_port)s/v2/$(tenant_id)s |
|              http://10.0.0.30:9292/v1              |
|       http://10.0.0.30:$(public_port)s/v2.0        |
+----------------------------------------------------+
+----------------------------------------------------+----------------------------------+
|                      adminurl                      |            service_id            |
+----------------------------------------------------+----------------------------------+
| http://10.0.0.30:$(compute_port)s/v2/$(tenant_id)s | 585abf4e7ca94fdba9618e41e6ae394e |
|              http://10.0.0.30:9292/v1              | daf11cbfbabb45d3a1408132a90af89e |
|        http://10.0.0.30:$(admin_port)s/v2.0        | 57a1dad6cdcd4ec5a6e96862edd8d7bd |
+----------------------------------------------------+----------------------------------+
 
Tweet