OpenStack Juno : Keystone 設定#22015/01/08 |
|
Keystone に ユーザやロール、OpenStack 各コンポーネントが利用するサービスを登録しておきます。
|
|
| [1] | 環境変数を事前に読み込んでおきます。 「SERVICE_TOKEN」は keystone.conf で「admin_token」に設定した値 「SERVICE_ENDPOINT」は Keystoneサーバーのホスト名またはIPアドレス |
|
[root@dlp ~]# export SERVICE_TOKEN=admintoken [root@dlp ~]# export SERVICE_ENDPOINT=http://10.0.0.30:35357/v2.0/ |
| [2] | テナント(グループ)を作成します。 |
|
# admin テナント作成 [root@dlp ~]# keystone tenant-create --name admin --description "Admin Tenant" --enabled true +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Admin Tenant | | enabled | True | | id | e8f6ac69de5f46afa189fcefd99c8a1a | | name | admin | +-------------+----------------------------------+ # service テナント作成 [root@dlp ~]# keystone tenant-create --name service --description "Service Tenant" --enabled true +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Service Tenant | | enabled | True | | id | 9e657ab1d2344de5aa9d86006732c7f0 | | name | service | +-------------+----------------------------------+ # 設定確認 [root@dlp ~]# keystone tenant-list +----------------------------------+---------+---------+ | id | name | enabled | +----------------------------------+---------+---------+ | e8f6ac69de5f46afa189fcefd99c8a1a | admin | True | | 9e657ab1d2344de5aa9d86006732c7f0 | service | True | +----------------------------------+---------+---------+ |
| [3] | ロールを作成します。 |
|
# admin ロール作成 [root@dlp ~]# keystone role-create --name admin +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | id | ce96cec74ac4441daeae2f2c266f75e6 | | name | admin | +----------+----------------------------------+ # Member ロール作成 [root@dlp ~]# keystone role-create --name Member +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | id | 47b8e54a5177426bafb9de8b2b963b74 | | name | Member | +----------+----------------------------------+ # 設定確認 [root@dlp ~]# keystone role-list +----------------------------------+--------+ | id | name | +----------------------------------+--------+ | 47b8e54a5177426bafb9de8b2b963b74 | Member | | ce96cec74ac4441daeae2f2c266f75e6 | admin | +----------------------------------+--------+ |
| [4] | ユーザーを作成します。 |
|
# admin ユーザー作成 (admin テナント所属) [root@dlp ~]# keystone user-create --tenant admin --name admin --pass adminpassword --enabled true +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | a527628886774ee08b7f2d54d602b5c4 | | name | admin | | tenantId | e8f6ac69de5f46afa189fcefd99c8a1a | | username | admin | +----------+----------------------------------+ # admin ユーザーを adminロール に加える [root@dlp ~]# keystone user-role-add --user admin --tenant admin --role admin
# glance ユーザー作成 (service テナント所属) [root@dlp ~]# keystone user-create --tenant service --name glance --pass servicepassword --enabled true +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | af36762b54824d7d8009ebc25d3d8793 | | name | glance | | tenantId | 9e657ab1d2344de5aa9d86006732c7f0 | | username | glance | +----------+----------------------------------+ # glance ユーザーを adminロール に加える [root@dlp ~]# keystone user-role-add --user glance --tenant service --role admin
# nova ユーザー作成 (service テナント) [root@dlp ~]# keystone user-create --tenant service --name nova --pass servicepassword --enabled true +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | 11a963a3fac34ac5bf39f8989a099d36 | | name | nova | | tenantId | 9e657ab1d2344de5aa9d86006732c7f0 | | username | nova | +----------+----------------------------------+ # nova ユーザーを adminロール に加える [root@dlp ~]# keystone user-role-add --user nova --tenant service --role admin
# 設定確認 [root@dlp ~]# keystone user-list +----------------------------------+--------+---------+-------+ | id | name | enabled | email | +----------------------------------+--------+---------+-------+ | a527628886774ee08b7f2d54d602b5c4 | admin | True | | | af36762b54824d7d8009ebc25d3d8793 | glance | True | | | 11a963a3fac34ac5bf39f8989a099d36 | nova | True | | +----------------------------------+--------+---------+-------+ |
| [5] | サービス用のエントリを作成します。 |
|
# keystone用サービスエントリ作成 [root@dlp ~]# keystone service-create --name=keystone --type=identity --description="Keystone Identity Service" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Keystone Identity Service | | enabled | True | | id | b558710dca124cba8c6948c1389fa910 | | name | keystone | | type | identity | +-------------+----------------------------------+ # glance用サービスエントリ作成 [root@dlp ~]# keystone service-create --name=glance --type=image --description="Glance Image Service" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Glance Image Service | | enabled | True | | id | 50ad417b1246468aacad9386e28d539b | | name | glance | | type | image | +-------------+----------------------------------+ # nova用サービスエントリ作成 [root@dlp ~]# keystone service-create --name=nova --type=compute --description="Nova Compute Service" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Nova Compute Service | | enabled | True | | id | 1c8361d96a954b568f3171b2fb6e3992 | | name | nova | | type | compute | +-------------+----------------------------------+ # 設定確認 [root@dlp ~]# keystone service-list +----------------------------------+----------+----------+---------------------------+ | id | name | type | description | +----------------------------------+----------+----------+---------------------------+ | 50ad417b1246468aacad9386e28d539b | glance | image | Glance Image Service | | b558710dca124cba8c6948c1389fa910 | keystone | identity | Keystone Identity Service | | 1c8361d96a954b568f3171b2fb6e3992 | nova | compute | Nova Compute Service | +----------------------------------+----------+----------+---------------------------+ |
| [6] | エンドポイントを作成します。 |
|
# 自ホストを定義しておく [root@dlp ~]# export my_host=10.0.0.30
# keystone 用エンドポイント作成 [root@dlp ~]# keystone endpoint-create --region RegionOne \ --service keystone \ --publicurl "http://$my_host:\$(public_port)s/v2.0" \ --internalurl "http://$my_host:\$(public_port)s/v2.0" \ --adminurl "http://$my_host:\$(admin_port)s/v2.0" +-------------+---------------------------------------+ | Property | Value | +-------------+---------------------------------------+ | adminurl | http://10.0.0.30:$(admin_port)s/v2.0 | | id | a55d2a7992894a3fa886a46e72e95ecb | | internalurl | http://10.0.0.30:$(public_port)s/v2.0 | | publicurl | http://10.0.0.30:$(public_port)s/v2.0 | | region | RegionOne | | service_id | b558710dca124cba8c6948c1389fa910 | +-------------+---------------------------------------+ # glance 用エンドポイント作成 [root@dlp ~]# keystone endpoint-create --region RegionOne \ --service glance \ --publicurl "http://$my_host:9292/v1" \ --internalurl "http://$my_host:9292/v1" \ --adminurl "http://$my_host:9292/v1" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | adminurl | http://10.0.0.30:9292/v1 | | id | 59027c4f4a0f427d915afe7909a9a252 | | internalurl | http://10.0.0.30:9292/v1 | | publicurl | http://10.0.0.30:9292/v1 | | region | RegionOne | | service_id | 50ad417b1246468aacad9386e28d539b | +-------------+----------------------------------+ # nova 用エンドポイント作成 [root@dlp ~]# keystone endpoint-create --region RegionOne \ --service nova \ --publicurl "http://$my_host:\$(compute_port)s/v2/\$(tenant_id)s" \ --internalurl "http://$my_host:\$(compute_port)s/v2/\$(tenant_id)s" \ --adminurl "http://$my_host:\$(compute_port)s/v2/\$(tenant_id)s" +-------------+----------------------------------------------------+ | Property | Value | +-------------+----------------------------------------------------+ | adminurl | http://10.0.0.30:$(compute_port)s/v2/$(tenant_id)s | | id | b42ae430e14d4d05882eb7ffa778490f | | internalurl | http://10.0.0.30:$(compute_port)s/v2/$(tenant_id)s | | publicurl | http://10.0.0.30:$(compute_port)s/v2/$(tenant_id)s | | region | RegionOne | | service_id | 1c8361d96a954b568f3171b2fb6e3992 | +-------------+----------------------------------------------------+ # 設定確認 [root@dlp ~]# keystone endpoint-list +----------------------------------+-----------+----------------------------------------------------+ | id | region | publicurl | +----------------------------------+-----------+----------------------------------------------------+ | 59027c4f4a0f427d915afe7909a9a252 | RegionOne | http://10.0.0.30:9292/v1 | | a55d2a7992894a3fa886a46e72e95ecb | RegionOne | http://10.0.0.30:$(public_port)s/v2.0 | | b42ae430e14d4d05882eb7ffa778490f | RegionOne | http://10.0.0.30:$(compute_port)s/v2/$(tenant_id)s | +----------------------------------+-----------+----------------------------------------------------+ +----------------------------------------------------+----------------------------------------------------+ | internalurl | adminurl | +----------------------------------------------------+----------------------------------------------------+ | http://10.0.0.30:9292/v1 | http://10.0.0.30:9292/v1 | | http://10.0.0.30:$(public_port)s/v2.0 | http://10.0.0.30:$(admin_port)s/v2.0 | | http://10.0.0.30:$(compute_port)s/v2/$(tenant_id)s | http://10.0.0.30:$(compute_port)s/v2/$(tenant_id)s | +----------------------------------------------------+----------------------------------------------------+ +----------------------------------+ | service_id | +----------------------------------+ | 50ad417b1246468aacad9386e28d539b | | b558710dca124cba8c6948c1389fa910 | | 1c8361d96a954b568f3171b2fb6e3992 | +----------------------------------+ |
| Sponsored Link |