OpenStack Liberty : Keystone 設定#22015/11/15 |
|
Keystone に ユーザやロール、OpenStack 各コンポーネントが利用するサービスを登録しておきます。
|
|
| [1] | 環境変数を事前に読み込んでおきます。 「OS_TOKEN」は keystone.conf で「admin_token」に設定した値 「OS_URL」は Keystone サーバーのホスト名またはIPアドレス |
|
[root@dlp ~]# export OS_TOKEN=admintoken [root@dlp ~]# export OS_URL=http://10.0.0.30:35357/v3 [root@dlp ~]# export OS_IDENTITY_API_VERSION=3 |
| [2] | プロジェクトを作成します。 |
|
# admin プロジェクト作成 [root@dlp ~]# openstack project create --domain default --description "Admin Project" admin +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Admin Project | | domain_id | default | | enabled | True | | id | d625e02b3d394afbad250def2f88fefa | | is_domain | False | | name | admin | | parent_id | None | +-------------+----------------------------------+ # service プロジェクト作成 [root@dlp ~]# openstack project create --domain default --description "Service Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | default | | enabled | True | | id | 11a4bfa2b8c748ad860efb34b5fefb7f | | is_domain | False | | name | service | | parent_id | None | +-------------+----------------------------------+ # 設定確認 [root@dlp ~]# openstack project list +----------------------------------+---------+ | ID | Name | +----------------------------------+---------+ | 11a4bfa2b8c748ad860efb34b5fefb7f | service | | d625e02b3d394afbad250def2f88fefa | admin | +----------------------------------+---------+ |
| [3] | ロールを作成します。 |
|
# admin ロール作成 [root@dlp ~]# openstack role create admin +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | e90e05e4b5d647dca8321a71b7adce7d | | name | admin | +-------+----------------------------------+ # Member ロール作成 [root@dlp ~]# openstack role create Member +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | 8405a50673964a259e628a1f1a670cf8 | | name | Member | +-------+----------------------------------+ # 設定確認 [root@dlp ~]# openstack role list +----------------------------------+--------+ | ID | Name | +----------------------------------+--------+ | 8405a50673964a259e628a1f1a670cf8 | Member | | e90e05e4b5d647dca8321a71b7adce7d | admin | +----------------------------------+--------+ |
| [4] | ユーザーを作成します。 |
|
# admin ユーザー作成 (admin プロジェクト所属) [root@dlp ~]# openstack user create --domain default --project admin --password adminpassword admin +--------------------+----------------------------------+ | Field | Value | +--------------------+----------------------------------+ | default_project_id | d625e02b3d394afbad250def2f88fefa | | domain_id | default | | enabled | True | | id | b4c316b93a464f8ea46b01bd01a52003 | | name | admin | +--------------------+----------------------------------+ # admin ユーザーを admin ロール に加える [root@dlp ~]# openstack role add --project admin --user admin admin
# 設定確認 [root@dlp ~]# openstack user list +----------------------------------+-------+ | ID | Name | +----------------------------------+-------+ | b4c316b93a464f8ea46b01bd01a52003 | admin | +----------------------------------+-------+ |
| [5] | サービス用のエントリを作成します。 |
|
# keystone 用サービスエントリ作成 [root@dlp ~]# openstack service create --name keystone --description "OpenStack Identity" identity +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Identity | | enabled | True | | id | b528b57cc0784ca5a594318c961187e4 | | name | keystone | | type | identity | +-------------+----------------------------------+ # 設定確認 [root@dlp ~]# openstack service list +----------------------------------+----------+----------+ | ID | Name | Type | +----------------------------------+----------+----------+ | b528b57cc0784ca5a594318c961187e4 | keystone | identity | +----------------------------------+----------+----------+ |
| [6] | エンドポイントを作成します。 |
|
# 自ホストを定義しておく [root@dlp ~]# export controller=10.0.0.30
# keystone 用エンドポイント作成 (public) [root@dlp ~]# openstack endpoint create --region RegionOne identity public http://$controller:5000/v2.0 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | cab5ed9a79d347e4a078c8b75f31d570 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | b528b57cc0784ca5a594318c961187e4 | | service_name | keystone | | service_type | identity | | url | http://10.0.0.30:5000/v2.0 | +--------------+----------------------------------+ # keystone 用エンドポイント作成 (internal ) [root@dlp ~]# openstack endpoint create --region RegionOne identity internal http://$controller:5000/v2.0 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | a393b37f81f449f096097494c3630a64 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | b528b57cc0784ca5a594318c961187e4 | | service_name | keystone | | service_type | identity | | url | http://10.0.0.30:5000/v2.0 | +--------------+----------------------------------+ # keystone 用エンドポイント作成 (admin ) [root@dlp ~]# openstack endpoint create --region RegionOne identity admin http://$controller:35357/v2.0 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 31610cb66365438e8a2063273daa1b1a | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | b528b57cc0784ca5a594318c961187e4 | | service_name | keystone | | service_type | identity | | url | http://10.0.0.30:35357/v2.0 | +--------------+----------------------------------+ # 設定確認 [root@dlp ~]# openstack endpoint list +--------------+-----------+--------------+--------------+---------+-----------+-----------------------------+ | ID | Region | Service Name | Service Type | Enabled | Interface | URL | +--------------+-----------+--------------+--------------+---------+-----------+-----------------------------+ | 31610c365... | RegionOne | keystone | identity | True | admin | http://10.0.0.30:35357/v2.0 | | a393b31f4... | RegionOne | keystone | identity | True | internal | http://10.0.0.30:5000/v2.0 | | cab5ed9d3... | RegionOne | keystone | identity | True | public | http://10.0.0.30:5000/v2.0 | +--------------+-----------+--------------+--------------+---------+-----------+-----------------------------+ |
| Sponsored Link |