OpenStack Juno : Configure Keystone#22015/01/03 |
|
Add Users or Roles, Services and so on in Keystone.
|
|
| [1] | Load environment variables first. Set value for "SERVICE_TOKEN" from the value "admin_token" in keystone.conf. |
|
[root@dlp ~]# export SERVICE_TOKEN=admintoken [root@dlp ~]# export SERVICE_ENDPOINT=http://10.0.0.30:35357/v2.0/ |
| [2] | Add Tenants ( like group ). |
|
# add admin tenant [root@dlp ~]# keystone tenant-create --name admin --description "Admin Tenant" --enabled true +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Admin Tenant | | enabled | True | | id | cca5eb10f2744b2a9a68e89ec7dd382c | | name | admin | +-------------+----------------------------------+ # add service tenant [root@dlp ~]# keystone tenant-create --name service --description "Service Tenant" --enabled true +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Service Tenant | | enabled | True | | id | 853445ef0b654c4f8cdcea4441e8c76c | | name | service | +-------------+----------------------------------+ # confirm settings [root@dlp ~]# keystone tenant-list +----------------------------------+---------+---------+ | id | name | enabled | +----------------------------------+---------+---------+ | cca5eb10f2744b2a9a68e89ec7dd382c | admin | True | | 853445ef0b654c4f8cdcea4441e8c76c | service | True | +----------------------------------+---------+---------+ |
| [3] | Add Roles. |
|
# add admin role [root@dlp ~]# keystone role-create --name admin +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | id | c9b5093fb48740bc93648e621a851138 | | name | admin | +----------+----------------------------------+ # add Member role [root@dlp ~]# keystone role-create --name Member +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | id | 95b5ede7761e4566906aed4bd74b56ec | | name | Member | +----------+----------------------------------+ # confirm settings [root@dlp ~]# keystone role-list +----------------------------------+--------+ | id | name | +----------------------------------+--------+ | 95b5ede7761e4566906aed4bd74b56ec | Member | | c7d4272c3fb44d0cb10ba904c11f89d8 | admin | +----------------------------------+--------+ |
| [4] | Add Users. |
|
# add admin user (set in admin tenant) [root@dlp ~]# keystone user-create --tenant admin --name admin --pass adminpassword --enabled true +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | 4bae962626bc4a29848038d41690e0fd | | name | admin | | tenantId | cca5eb10f2744b2a9a68e89ec7dd382c | | username | admin | +----------+----------------------------------+ # add admin user in admin role [root@dlp ~]# keystone user-role-add --user admin --tenant admin --role admin
# add glance user (set in service tenant) [root@dlp ~]# keystone user-create --tenant service --name glance --pass servicepassword --enabled true +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | 0487b13f40244680831177127369d2e9 | | name | glance | | tenantId | c57296226918412eaaa6cfe165ce1d96 | | username | glance | +----------+----------------------------------+ # add glance user in admin role [root@dlp ~]# keystone user-role-add --user glance --tenant service --role admin
# add nova user (set in service tenant) [root@dlp ~]# keystone user-create --tenant service --name nova --pass servicepassword --enabled true +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | f48cdd97cc4d4977bb1958d9b4d22aa5 | | name | nova | | tenantId | 853445ef0b654c4f8cdcea4441e8c76c | | username | nova | +----------+----------------------------------+ # add nova user in admin role [root@dlp ~]# keystone user-role-add --user nova --tenant service --role admin
# confirm settings [root@dlp ~]# keystone user-list +----------------------------------+--------+---------+-------+ | id | name | enabled | email | +----------------------------------+--------+---------+-------+ | 4bae962626bc4a29848038d41690e0fd | admin | True | | | a96370f89c0a4059af9e80c935a77f51 | glance | True | | | f48cdd97cc4d4977bb1958d9b4d22aa5 | nova | True | | +----------------------------------+--------+---------+-------+ |
| [5] | Add entries for services. |
|
# add for keystone [root@dlp ~]# keystone service-create --name=keystone --type=identity --description="Keystone Identity Service" +-------------+----------------------------------+ | description | Keystone Identity Service | | enabled | True | | id | ada6f56fba1141e98fb8d38af848ecba | | name | keystone | | type | identity | +-------------+----------------------------------+ # add for glance [root@dlp ~]# keystone service-create --name=glance --type=image --description="Glance Image Service" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Glance Image Service | | enabled | True | | id | 874ba44f3a4a4ed6bed6e3684a6f87d7 | | name | glance | | type | image | +-------------+----------------------------------+ # add for nova [root@dlp ~]# keystone service-create --name=nova --type=compute --description="Nova Compute Service" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Nova Compute Service | | enabled | True | | id | bd096f7d71eb4ebb942c93eb9a13609d | | name | nova | | type | compute | +-------------+----------------------------------+ # confirm settings [root@dlp ~]# keystone service-list +----------------------------------+----------+----------+---------------------------+ | id | name | type | description | +----------------------------------+----------+----------+---------------------------+ | 874ba44f3a4a4ed6bed6e3684a6f87d7 | glance | image | Glance Image Service | | ada6f56fba1141e98fb8d38af848ecba | keystone | identity | Keystone Identity Service | | bd096f7d71eb4ebb942c93eb9a13609d | nova | compute | Nova Compute Service | +----------------------------------+----------+----------+---------------------------+ |
| [6] | Add Endpoints. |
|
# define my host [root@dlp ~]# export my_host=10.0.0.30
# add endpoint for keystone [root@dlp ~]# keystone endpoint-create --region RegionOne \ --service keystone \ --publicurl "http://$my_host:\$(public_port)s/v2.0" \ --internalurl "http://$my_host:\$(public_port)s/v2.0" \ --adminurl "http://$my_host:\$(admin_port)s/v2.0" +-------------+---------------------------------------+ | Property | Value | +-------------+---------------------------------------+ | adminurl | http://10.0.0.30:$(admin_port)s/v2.0 | | id | f5b2dadfdc1d4d368148eaad68247de4 | | internalurl | http://10.0.0.30:$(public_port)s/v2.0 | | publicurl | http://10.0.0.30:$(public_port)s/v2.0 | | region | RegionOne | | service_id | ada6f56fba1141e98fb8d38af848ecba | +-------------+---------------------------------------+ # add endpoint for glance [root@dlp ~]# keystone endpoint-create --region RegionOne \ --service glance \ --publicurl "http://$my_host:9292/v1" \ --internalurl "http://$my_host:9292/v1" \ --adminurl "http://$my_host:9292/v1" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | adminurl | http://10.0.0.30:9292/v1 | | id | 9ed8002a013f4412bbb490ad626555cf | | internalurl | http://10.0.0.30:9292/v1 | | publicurl | http://10.0.0.30:9292/v1 | | region | RegionOne | | service_id | 874ba44f3a4a4ed6bed6e3684a6f87d7 | +-------------+----------------------------------+ # add endpoint for nova [root@dlp ~]# keystone endpoint-create --region RegionOne \ --service nova \ --publicurl "http://$my_host:\$(compute_port)s/v2/\$(tenant_id)s" \ --internalurl "http://$my_host:\$(compute_port)s/v2/\$(tenant_id)s" \ --adminurl "http://$my_host:\$(compute_port)s/v2/\$(tenant_id)s" +-------------+----------------------------------------------------+ | Property | Value | +-------------+----------------------------------------------------+ | adminurl | http://10.0.0.30:$(compute_port)s/v2/$(tenant_id)s | | id | f6da1350b0f14559825e02b8c4ca2634 | | internalurl | http://10.0.0.30:$(compute_port)s/v2/$(tenant_id)s | | publicurl | http://10.0.0.30:$(compute_port)s/v2/$(tenant_id)s | | region | RegionOne | | service_id | bd096f7d71eb4ebb942c93eb9a13609d | +-------------+----------------------------------------------------+ # confirm settings [root@dlp ~]# keystone endpoint-list +----------------------------------+-----------+----------------------------------------------------+ | id | region | publicurl | +----------------------------------+-----------+----------------------------------------------------+ | 9ed8002a013f4412bbb490ad626555cf | RegionOne | http://10.0.0.30:9292/v1 | | f5b2dadfdc1d4d368148eaad68247de4 | RegionOne | http://10.0.0.30:$(public_port)s/v2.0 | | f6da1350b0f14559825e02b8c4ca2634 | RegionOne | http://10.0.0.30:$(compute_port)s/v2/$(tenant_id)s | +----------------------------------+-----------+----------------------------------------------------+ +----------------------------------------------------+----------------------------------------------------+ | internalurl | adminurl | +----------------------------------------------------+----------------------------------------------------+ | http://10.0.0.30:9292/v1 | http://10.0.0.30:9292/v1 | | http://10.0.0.30:$(public_port)s/v2.0 | http://10.0.0.30:$(admin_port)s/v2.0 | | http://10.0.0.30:$(compute_port)s/v2/$(tenant_id)s | http://10.0.0.30:$(compute_port)s/v2/$(tenant_id)s | +----------------------------------------------------+----------------------------------------------------+ +----------------------------------+ | service_id | +----------------------------------+ | 874ba44f3a4a4ed6bed6e3684a6f87d7 | | ada6f56fba1141e98fb8d38af848ecba | | bd096f7d71eb4ebb942c93eb9a13609d | +----------------------------------+ |
| Sponsored Link |