OpenStack Kilo : Keystone 設定#22015/06/07 |
|
Keystone に ユーザやロール、OpenStack 各コンポーネントが利用するサービスを登録しておきます。
|
|
| [1] | 環境変数を事前に読み込んでおきます。 「OS_TOKEN」は keystone.conf で「admin_token」に設定した値 「OS_URL」は Keystone サーバーのホスト名またはIPアドレス |
|
[root@dlp ~]# export OS_TOKEN=admintoken [root@dlp ~]# export OS_URL=http://10.0.0.30:35357/v2.0/ |
| [2] | プロジェクトを作成します。 |
|
# admin プロジェクト作成 [root@dlp ~]# openstack project create --description "Admin Project" admin +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Admin Project | | enabled | True | | id | 0761e4ccdc1d45e38ec21237cbd652b5 | | name | admin | +-------------+----------------------------------+ # service プロジェクト作成 [root@dlp ~]# openstack project create --description "Service Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | enabled | True | | id | 6bf148fa02004bf8b1f278b9777c6b70 | | name | service | +-------------+----------------------------------+ # 設定確認 [root@dlp ~]# openstack project list +----------------------------------+---------+ | ID | Name | +----------------------------------+---------+ | 0761e4ccdc1d45e38ec21237cbd652b5 | admin | | 6bf148fa02004bf8b1f278b9777c6b70 | service | +----------------------------------+---------+ |
| [3] | ロールを作成します。 |
|
# admin ロール作成 [root@dlp ~]# openstack role create admin +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | 6f560a28688344759dbb9fd4f39432f9 | | name | admin | +-------+----------------------------------+ # Member ロール作成 [root@dlp ~]# openstack role create Member +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | 5fe74dd6b5074d6c86591e0f921a0c04 | | name | Member | +-------+----------------------------------+ # 設定確認 [root@dlp ~]# openstack role list +----------------------------------+--------+ | ID | Name | +----------------------------------+--------+ | 5fe74dd6b5074d6c86591e0f921a0c04 | Member | | 6f560a28688344759dbb9fd4f39432f9 | admin | +----------------------------------+--------+ |
| [4] | ユーザーを作成します。 |
|
# admin ユーザー作成 (admin プロジェクト所属) [root@dlp ~]# openstack user create --project admin --password adminpassword admin +------------+----------------------------------+ | Field | Value | +------------+----------------------------------+ | email | None | | enabled | True | | id | 4a92ab2bdb1a4b07baa11fb60e3c26fd | | name | admin | | project_id | 0761e4ccdc1d45e38ec21237cbd652b5 | | username | admin | +------------+----------------------------------+ # admin ユーザーを admin ロール に加える [root@dlp ~]# openstack role add --project admin --user admin admin +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | 6f560a28688344759dbb9fd4f39432f9 | | name | admin | +-------+----------------------------------+ # 設定確認 [root@dlp ~]# openstack user list +----------------------------------+--------+ | ID | Name | +----------------------------------+--------+ | 4a92ab2bdb1a4b07baa11fb60e3c26fd | admin | +----------------------------------+--------+ |
| [5] | サービス用のエントリを作成します。 |
|
# keystone 用サービスエントリ作成 [root@dlp ~]# openstack service create --name keystone --description "OpenStack Identity" identity +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Identity | | enabled | True | | id | 713a279af6f14f07ae793f6402aa5aa3 | | name | keystone | | type | identity | +-------------+----------------------------------+ # 設定確認 [root@dlp ~]# openstack service list +----------------------------------+----------+----------+ | ID | Name | Type | +----------------------------------+----------+----------+ | 22908e9078df428ea3ae3ebb49c096e2 | glance | image | +----------------------------------+----------+----------+ |
| [6] | エンドポイントを作成します。 |
|
# 自ホストを定義しておく [root@dlp ~]# export controller=10.0.0.30
# keystone 用エンドポイント作成 [root@dlp ~]# openstack endpoint create \ --publicurl http://$controller:5000/v2.0 \ --internalurl http://$controller:5000/v2.0 \ --adminurl http://$controller:35357/v2.0 \ --region RegionOne \ identity +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | adminurl | http://10.0.0.30:35357/v2.0 | | id | b55b04aef09a43b2bcbd410452859331 | | internalurl | http://10.0.0.30:5000/v2.0 | | publicurl | http://10.0.0.30:5000/v2.0 | | region | RegionOne | | service_id | 713a279af6f14f07ae793f6402aa5aa3 | | service_name | keystone | | service_type | identity | +--------------+----------------------------------+ # 設定確認 [root@dlp ~]# openstack endpoint list +----------------------------------+-----------+--------------+--------------+ | ID | Region | Service Name | Service Type | +----------------------------------+-----------+--------------+--------------+ | b55b04aef09a43b2bcbd410452859331 | RegionOne | keystone | identity | +----------------------------------+-----------+--------------+--------------+ |
| Sponsored Link |