OpenStack Mitaka (三鷹) : Keystone 設定#22016/05/20 |
|
Keystone に ユーザやロール、OpenStack 各コンポーネントが利用するサービスを登録しておきます。
|
|
| [1] | 環境変数を事前に読み込んでおきます。 「OS_TOKEN」は keystone.conf で「admin_token」に設定した値 「OS_URL」は Keystone サーバーのホスト名またはIPアドレス |
|
root@dlp:~# export OS_TOKEN=admintoken root@dlp:~# export OS_URL=http://10.0.0.30:35357/v3 root@dlp:~# export OS_IDENTITY_API_VERSION=3 root@dlp:~# openstack domain create --description "Default Domain" default +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Default Domain | | enabled | True | | id | 780b41cee03242da9ec0c73e1a76dc6e | | name | default | +-------------+----------------------------------+ |
| [2] | プロジェクトを作成します。 |
|
# admin プロジェクト作成 root@dlp:~# openstack project create --domain default --description "Admin Project" admin +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Admin Project | | domain_id | 780b41cee03242da9ec0c73e1a76dc6e | | enabled | True | | id | 61bb62a97e394b8db8f95aa05a678771 | | is_domain | False | | name | admin | | parent_id | 780b41cee03242da9ec0c73e1a76dc6e | +-------------+----------------------------------+ # service プロジェクト作成 root@dlp:~# openstack project create --domain default --description "Service Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | 780b41cee03242da9ec0c73e1a76dc6e | | enabled | True | | id | 004097e8a2da45e6a68f6474b5bd7207 | | is_domain | False | | name | service | | parent_id | 780b41cee03242da9ec0c73e1a76dc6e | +-------------+----------------------------------+ # 設定確認 root@dlp:~# openstack project list +----------------------------------+---------+ | ID | Name | +----------------------------------+---------+ | 004097e8a2da45e6a68f6474b5bd7207 | service | | 61bb62a97e394b8db8f95aa05a678771 | admin | +----------------------------------+---------+ |
| [3] | ロールを作成します。 |
|
# admin ロール作成 root@dlp:~# openstack role create admin +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | e1e1affa1ec2439c8f02fb235bd5ab99 | | name | admin | +-----------+----------------------------------+ # Member ロール作成 root@dlp:~# openstack role create Member +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | b052cd2daeb542ce8ef94bbd45b6a09a | | name | Member | +-----------+----------------------------------+ # 設定確認 root@dlp:~# openstack role list +----------------------------------+--------+ | ID | Name | +----------------------------------+--------+ | b052cd2daeb542ce8ef94bbd45b6a09a | Member | | e1e1affa1ec2439c8f02fb235bd5ab99 | admin | +----------------------------------+--------+ |
| [4] | ユーザーを作成します。 |
|
# admin ユーザー作成 (admin プロジェクト所属) root@dlp:~# openstack user create --domain default --project admin --password adminpassword admin +--------------------+----------------------------------+ | Field | Value | +--------------------+----------------------------------+ | default_project_id | 61bb62a97e394b8db8f95aa05a678771 | | domain_id | 780b41cee03242da9ec0c73e1a76dc6e | | enabled | True | | id | 45bb5ebf547f4be2a21bf4a07c83ad85 | | name | admin | +--------------------+----------------------------------+ # admin ユーザーを admin ロール に加える root@dlp:~# openstack role add --project admin --user admin admin
# 設定確認 root@dlp:~# openstack user list +----------------------------------+-------+ | ID | Name | +----------------------------------+-------+ | 45bb5ebf547f4be2a21bf4a07c83ad85 | admin | +----------------------------------+-------+ |
| [5] | サービス用のエントリを作成します。 |
|
# keystone 用サービスエントリ作成 root@dlp:~# openstack service create --name keystone --description "OpenStack Identity" identity +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Identity | | enabled | True | | id | 183be1ca31444bd8a7f23649b96d9efe | | name | keystone | | type | identity | +-------------+----------------------------------+ # 設定確認 root@dlp:~# openstack service list +----------------------------------+----------+----------+ | ID | Name | Type | +----------------------------------+----------+----------+ | 183be1ca31444bd8a7f23649b96d9efe | keystone | identity | +----------------------------------+----------+----------+ |
| [6] | エンドポイントを作成します。 |
|
# 自ホストを定義しておく root@dlp:~# export controller=10.0.0.30
# keystone 用エンドポイント作成 (public) root@dlp:~# openstack endpoint create --region RegionOne identity public http://$controller:5000/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 264e269106b94e6c8dbdfe545729568a | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 183be1ca31444bd8a7f23649b96d9efe | | service_name | keystone | | service_type | identity | | url | http://10.0.0.30:5000/v3 | +--------------+----------------------------------+ # keystone 用エンドポイント作成 (internal ) root@dlp:~# openstack endpoint create --region RegionOne identity internal http://$controller:5000/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | ae02a38b514446bf8a41f5fbd6a6c845 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 183be1ca31444bd8a7f23649b96d9efe | | service_name | keystone | | service_type | identity | | url | http://10.0.0.30:5000/v3 | +--------------+----------------------------------+ # keystone 用エンドポイント作成 (admin ) root@dlp:~# openstack endpoint create --region RegionOne identity admin http://$controller:35357/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 474a90b389da4a54bdc2e2599b1184f5 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 183be1ca31444bd8a7f23649b96d9efe | | service_name | keystone | | service_type | identity | | url | http://10.0.0.30:35357/v3 | +--------------+----------------------------------+ # 設定確認 root@dlp:~# openstack endpoint list +----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+ | ID | Region | Service Name | Service Type | Enabled | Interface | URL | +----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+ | 264e269106b94e6c8dbdfe545729568a | RegionOne | keystone | identity | True | public | http://10.0.0.30:5000/v3 | | 474a90b389da4a54bdc2e2599b1184f5 | RegionOne | keystone | identity | True | admin | http://10.0.0.30:35357/v3 | | ae02a38b514446bf8a41f5fbd6a6c845 | RegionOne | keystone | identity | True | internal | http://10.0.0.30:5000/v3 | +----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+ |
| Sponsored Link |