OpenStack Kilo : Configure Keystone#22015/11/12 |
|
Add Users or Roles, Services and others in Keystone.
|
|
| [1] | Load environment variables first. Set value for "OS_TOKEN" from the value "admin_token" in keystone.conf. |
|
[root@dlp ~]# export OS_TOKEN=admintoken [root@dlp ~]# export OS_URL=http://10.0.0.30:35357/v2.0/ |
| [2] | Add Projects. |
|
# add admin project [root@dlp ~]# openstack project create --description "Admin Project" admin +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Admin Project | | enabled | True | | id | 90543cc39f274925985200d669e305d7 | | name | admin | +-------------+----------------------------------+ # add service project [root@dlp ~]# openstack project create --description "Service Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | enabled | True | | id | f8d301995a9b423b85d3e250336ee6c3 | | name | service | +-------------+----------------------------------+ # confirm settings [root@dlp ~]# openstack project list +----------------------------------+---------+ | ID | Name | +----------------------------------+---------+ | 90543cc39f274925985200d669e305d7 | admin | | f8d301995a9b423b85d3e250336ee6c3 | service | +----------------------------------+---------+ |
| [3] | Add Roles. |
|
# add admin role [root@dlp ~]# openstack role create admin +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | de393fc067984d469b46bc46f156ce30 | | name | admin | +-------+----------------------------------+ # add Member role [root@dlp ~]# openstack role create Member +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | 53201334a7704f44873b485985c16943 | | name | Member | +-------+----------------------------------+ # confirm settings [root@dlp ~]# openstack role list +----------------------------------+--------+ | ID | Name | +----------------------------------+--------+ | 53201334a7704f44873b485985c16943 | Member | | de393fc067984d469b46bc46f156ce30 | admin | +----------------------------------+--------+ |
| [4] | Add Users. |
|
# add admin user (set in admin project) [root@dlp ~]# openstack user create --project admin --password adminpassword admin +------------+----------------------------------+ | Field | Value | +------------+----------------------------------+ | email | None | | enabled | True | | id | dfe9cafaf69546178eecae7be138d0f1 | | name | admin | | project_id | 90543cc39f274925985200d669e305d7 | | username | admin | +------------+----------------------------------+ # add admin user in admin role [root@dlp ~]# openstack role add --project admin --user admin admin +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | de393fc067984d469b46bc46f156ce30 | | name | admin | +-------+----------------------------------+ # confirm settings [root@dlp ~]# openstack user list +----------------------------------+-------+ | ID | Name | +----------------------------------+-------+ | dfe9cafaf69546178eecae7be138d0f1 | admin | +----------------------------------+-------+ |
| [5] | Add entries for services. |
|
# add for keystone [root@dlp ~]# openstack service create --name keystone --description "OpenStack Identity" identity +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Identity | | enabled | True | | id | d6054968ab5d4ba582229d9de6b6076f | | name | keystone | | type | identity | +-------------+----------------------------------+ # confirm settings [root@dlp ~]# openstack service list +----------------------------------+----------+----------+ | ID | Name | Type | +----------------------------------+----------+----------+ | d6054968ab5d4ba582229d9de6b6076f | keystone | identity | +----------------------------------+----------+----------+ |
| [6] | Add Endpoints. |
|
# define this host [root@dlp ~]# export controller=10.0.0.30
# add endpoint for keystone [root@dlp ~]# openstack endpoint create \ --publicurl http://$controller:5000/v2.0 \ --internalurl http://$controller:5000/v2.0 \ --adminurl http://$controller:35357/v2.0 \ --region RegionOne \ identity +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | adminurl | http://10.0.0.30:35357/v2.0 | | id | 1e423cf8176c444ab3597848014e99a7 | | internalurl | http://10.0.0.30:5000/v2.0 | | publicurl | http://10.0.0.30:5000/v2.0 | | region | RegionOne | | service_id | d6054968ab5d4ba582229d9de6b6076f | | service_name | keystone | | service_type | identity | +--------------+----------------------------------+ # confirm settings [root@dlp ~]# openstack endpoint list +----------------------------------+-----------+--------------+--------------+ | ID | Region | Service Name | Service Type | +----------------------------------+-----------+--------------+--------------+ | 1e423cf8176c444ab3597848014e99a7 | RegionOne | keystone | identity | +----------------------------------+-----------+--------------+--------------+ |
| Sponsored Link |