OpenStack Mitaka (三鷹) : Keystone 設定#22016/04/12 |
|
Keystone に ユーザやロール、OpenStack 各コンポーネントが利用するサービスを登録しておきます。
|
|
| [1] | 環境変数を事前に読み込んでおきます。また、デフォルトドメインを作成しておきます。 「OS_TOKEN」は keystone.conf で「admin_token」に設定した値です。 「OS_URL」は Keystone サーバーのホスト名またはIPアドレスです。 |
|
[root@dlp ~]# export OS_TOKEN=admintoken [root@dlp ~]# export OS_URL=http://10.0.0.30:35357/v3 [root@dlp ~]# export OS_IDENTITY_API_VERSION=3 [root@dlp ~]# openstack domain create --description "Default Domain" default +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Default Domain | | enabled | True | | id | 25abd10294da4cb28aee485cd9587b87 | | name | default | +-------------+----------------------------------+ |
| [2] | プロジェクトを作成します。 |
|
# admin プロジェクト作成 [root@dlp ~]# openstack project create --domain default --description "Admin Project" admin +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Admin Project | | domain_id | 25abd10294da4cb28aee485cd9587b87 | | enabled | True | | id | c70760f08db7408e908c7d035eae109a | | is_domain | False | | name | admin | | parent_id | 25abd10294da4cb28aee485cd9587b87 | +-------------+----------------------------------+ # service プロジェクト作成 [root@dlp ~]# openstack project create --domain default --description "Service Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | 25abd10294da4cb28aee485cd9587b87 | | enabled | True | | id | 0eb5f28ee57743c2a56c049caa97b7d2 | | is_domain | False | | name | service | | parent_id | 25abd10294da4cb28aee485cd9587b87 | +-------------+----------------------------------+ # 設定確認 [root@dlp ~]# openstack project list +----------------------------------+---------+ | ID | Name | +----------------------------------+---------+ | 0eb5f28ee57743c2a56c049caa97b7d2 | service | | c70760f08db7408e908c7d035eae109a | admin | +----------------------------------+---------+ |
| [3] | ロールを作成します。 |
|
# admin ロール作成 [root@dlp ~]# openstack role create admin +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | 9f13cceb926347ae8010e2cf90f5d639 | | name | admin | +-----------+----------------------------------+ # Member ロール作成 [root@dlp ~]# openstack role create Member +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | 6f5a5ab4bd664a1da548c40d0852c134 | | name | Member | +-----------+----------------------------------+ # 設定確認 [root@dlp ~]# openstack role list +----------------------------------+--------+ | ID | Name | +----------------------------------+--------+ | 6f5a5ab4bd664a1da548c40d0852c134 | Member | | 9f13cceb926347ae8010e2cf90f5d639 | admin | +----------------------------------+--------+ |
| [4] | ユーザーを作成します。 |
|
# admin ユーザー作成 (admin プロジェクト所属) [root@dlp ~]# openstack user create --domain default --project admin --password adminpassword admin +--------------------+----------------------------------+ | Field | Value | +--------------------+----------------------------------+ | default_project_id | c70760f08db7408e908c7d035eae109a | | domain_id | 25abd10294da4cb28aee485cd9587b87 | | enabled | True | | id | a8ecde7bd78c430d903ff7aa7672559e | | name | admin | +--------------------+----------------------------------+ # admin ユーザーを admin ロール に加える [root@dlp ~]# openstack role add --project admin --user admin admin
# 設定確認 [root@dlp ~]# openstack user list +----------------------------------+-------+ | ID | Name | +----------------------------------+-------+ | a8ecde7bd78c430d903ff7aa7672559e | admin | +----------------------------------+-------+ |
| [5] | サービス用のエントリを作成します。 |
|
# keystone 用サービスエントリ作成 [root@dlp ~]# openstack service create --name keystone --description "OpenStack Identity" identity +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Identity | | enabled | True | | id | 0bd5980ef9754f93a5a97fa416760680 | | name | keystone | | type | identity | +-------------+----------------------------------+ # 設定確認 [root@dlp ~]# openstack service list +----------------------------------+----------+----------+ | ID | Name | Type | +----------------------------------+----------+----------+ | 0bd5980ef9754f93a5a97fa416760680 | keystone | identity | +----------------------------------+----------+----------+ |
| [6] | エンドポイントを作成します。 |
|
# 自ホストを定義しておく [root@dlp ~]# export controller=10.0.0.30
# keystone 用エンドポイント作成 (public) [root@dlp ~]# openstack endpoint create --region RegionOne identity public http://$controller:5000/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 1c5a0fd610634fa4aa8391b5b5f32305 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 0bd5980ef9754f93a5a97fa416760680 | | service_name | keystone | | service_type | identity | | url | http://10.0.0.30:5000/v3 | +--------------+----------------------------------+ # keystone 用エンドポイント作成 (internal ) [root@dlp ~]# openstack endpoint create --region RegionOne identity internal http://$controller:5000/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 1cb252e4446b4aa8ac83a4908d6f171c | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 0bd5980ef9754f93a5a97fa416760680 | | service_name | keystone | | service_type | identity | | url | http://10.0.0.30:5000/v3 | +--------------+----------------------------------+ # keystone 用エンドポイント作成 (admin ) [root@dlp ~]# openstack endpoint create --region RegionOne identity admin http://$controller:35357/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 697a4517fd8b483cba17daa25ded3501 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 0bd5980ef9754f93a5a97fa416760680 | | service_name | keystone | | service_type | identity | | url | http://10.0.0.30:35357/v3 | +--------------+----------------------------------+ # 設定確認 [root@dlp ~]# openstack endpoint list +----------+-----------+--------------+--------------+---------+-----------+---------------------------+ | ID | Region | Service Name | Service Type | Enabled | Interface | URL | +----------+-----------+--------------+--------------+---------+-----------+---------------------------+ | 1c5a0... | RegionOne | keystone | identity | True | public | http://10.0.0.30:5000/v3 | | 1cb25... | RegionOne | keystone | identity | True | internal | http://10.0.0.30:5000/v3 | | 697a4... | RegionOne | keystone | identity | True | admin | http://10.0.0.30:35357/v3 | +----------+-----------+--------------+--------------+---------+-----------+---------------------------+ |
| Sponsored Link |