CentOS 7
Sponsored Link

OpenStack Juno : Keystone 設定#2
2015/01/08
 
Keystone に ユーザやロール、OpenStack 各コンポーネントが利用するサービスを登録しておきます。
[1] 環境変数を事前に読み込んでおきます。
「SERVICE_TOKEN」は keystone.conf で「admin_token」に設定した値
「SERVICE_ENDPOINT」は Keystoneサーバーのホスト名またはIPアドレス
[root@dlp ~]#
export SERVICE_TOKEN=admintoken

[root@dlp ~]#
export SERVICE_ENDPOINT=http://10.0.0.30:35357/v2.0/

[2] テナント(グループ)を作成します。
# admin テナント作成

[root@dlp ~]#
keystone tenant-create --name admin --description "Admin Tenant" --enabled true

+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |           Admin Tenant           |
|   enabled   |               True               |
|      id     | e8f6ac69de5f46afa189fcefd99c8a1a |
|     name    |              admin               |
+-------------+----------------------------------+

# service テナント作成

[root@dlp ~]#
keystone tenant-create --name service --description "Service Tenant" --enabled true

+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |          Service Tenant          |
|   enabled   |               True               |
|      id     | 9e657ab1d2344de5aa9d86006732c7f0 |
|     name    |             service              |
+-------------+----------------------------------+

# 設定確認

[root@dlp ~]#
keystone tenant-list

+----------------------------------+---------+---------+
|                id                |   name  | enabled |
+----------------------------------+---------+---------+
| e8f6ac69de5f46afa189fcefd99c8a1a |  admin  |   True  |
| 9e657ab1d2344de5aa9d86006732c7f0 | service |   True  |
+----------------------------------+---------+---------+
[3] ロールを作成します。
# admin ロール作成

[root@dlp ~]#
keystone role-create --name admin

+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|    id    | ce96cec74ac4441daeae2f2c266f75e6 |
|   name   |              admin               |
+----------+----------------------------------+

# Member ロール作成

[root@dlp ~]#
keystone role-create --name Member

+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|    id    | 47b8e54a5177426bafb9de8b2b963b74 |
|   name   |              Member              |
+----------+----------------------------------+

# 設定確認

[root@dlp ~]#
keystone role-list

+----------------------------------+--------+
|                id                |  name  |
+----------------------------------+--------+
| 47b8e54a5177426bafb9de8b2b963b74 | Member |
| ce96cec74ac4441daeae2f2c266f75e6 | admin  |
+----------------------------------+--------+
[4] ユーザーを作成します。
# admin ユーザー作成 (admin テナント所属)

[root@dlp ~]#
keystone user-create --tenant admin --name admin --pass adminpassword --enabled true

+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |                                  |
| enabled  |               True               |
|    id    | a527628886774ee08b7f2d54d602b5c4 |
|   name   |              admin               |
| tenantId | e8f6ac69de5f46afa189fcefd99c8a1a |
| username |              admin               |
+----------+----------------------------------+

# admin ユーザーを adminロール に加える

[root@dlp ~]#
keystone user-role-add --user admin --tenant admin --role admin
# glance ユーザー作成 (service テナント所属)

[root@dlp ~]#
keystone user-create --tenant service --name glance --pass servicepassword --enabled true

+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |                                  |
| enabled  |               True               |
|    id    | af36762b54824d7d8009ebc25d3d8793 |
|   name   |              glance              |
| tenantId | 9e657ab1d2344de5aa9d86006732c7f0 |
| username |              glance              |
+----------+----------------------------------+

# glance ユーザーを adminロール に加える

[root@dlp ~]#
keystone user-role-add --user glance --tenant service --role admin
# nova ユーザー作成 (service テナント)

[root@dlp ~]#
keystone user-create --tenant service --name nova --pass servicepassword --enabled true

+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |                                  |
| enabled  |               True               |
|    id    | 11a963a3fac34ac5bf39f8989a099d36 |
|   name   |               nova               |
| tenantId | 9e657ab1d2344de5aa9d86006732c7f0 |
| username |               nova               |
+----------+----------------------------------+

# nova ユーザーを adminロール に加える

[root@dlp ~]#
keystone user-role-add --user nova --tenant service --role admin
# 設定確認

[root@dlp ~]#
keystone user-list

+----------------------------------+--------+---------+-------+
|                id                |  name  | enabled | email |
+----------------------------------+--------+---------+-------+
| a527628886774ee08b7f2d54d602b5c4 | admin  |   True  |       |
| af36762b54824d7d8009ebc25d3d8793 | glance |   True  |       |
| 11a963a3fac34ac5bf39f8989a099d36 |  nova  |   True  |       |
+----------------------------------+--------+---------+-------+
[5] サービス用のエントリを作成します。
# keystone用サービスエントリ作成

[root@dlp ~]#
keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"

+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |    Keystone Identity Service     |
|   enabled   |               True               |
|      id     | b558710dca124cba8c6948c1389fa910 |
|     name    |             keystone             |
|     type    |             identity             |
+-------------+----------------------------------+

# glance用サービスエントリ作成

[root@dlp ~]#
keystone service-create --name=glance --type=image --description="Glance Image Service"

+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |       Glance Image Service       |
|   enabled   |               True               |
|      id     | 50ad417b1246468aacad9386e28d539b |
|     name    |              glance              |
|     type    |              image               |
+-------------+----------------------------------+

# nova用サービスエントリ作成

[root@dlp ~]#
keystone service-create --name=nova --type=compute --description="Nova Compute Service"

+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |       Nova Compute Service       |
|   enabled   |               True               |
|      id     | 1c8361d96a954b568f3171b2fb6e3992 |
|     name    |               nova               |
|     type    |             compute              |
+-------------+----------------------------------+

# 設定確認

[root@dlp ~]#
keystone service-list

+----------------------------------+----------+----------+---------------------------+
|                id                |   name   |   type   |        description        |
+----------------------------------+----------+----------+---------------------------+
| 50ad417b1246468aacad9386e28d539b |  glance  |  image   |    Glance Image Service   |
| b558710dca124cba8c6948c1389fa910 | keystone | identity | Keystone Identity Service |
| 1c8361d96a954b568f3171b2fb6e3992 |   nova   | compute  |    Nova Compute Service   |
+----------------------------------+----------+----------+---------------------------+
[6] エンドポイントを作成します。
# 自ホストを定義しておく

[root@dlp ~]#
export my_host=10.0.0.30
# keystone 用エンドポイント作成

[root@dlp ~]#
keystone endpoint-create --region RegionOne \
--service keystone \
--publicurl "http://$my_host:\$(public_port)s/v2.0" \
--internalurl "http://$my_host:\$(public_port)s/v2.0" \
--adminurl "http://$my_host:\$(admin_port)s/v2.0"

+-------------+---------------------------------------+
|   Property  |                 Value                 |
+-------------+---------------------------------------+
|   adminurl  |  http://10.0.0.30:$(admin_port)s/v2.0 |
|      id     |    a55d2a7992894a3fa886a46e72e95ecb   |
| internalurl | http://10.0.0.30:$(public_port)s/v2.0 |
|  publicurl  | http://10.0.0.30:$(public_port)s/v2.0 |
|    region   |               RegionOne               |
|  service_id |    b558710dca124cba8c6948c1389fa910   |
+-------------+---------------------------------------+

# glance 用エンドポイント作成

[root@dlp ~]#
keystone endpoint-create --region RegionOne \
--service glance \
--publicurl "http://$my_host:9292/v1" \
--internalurl "http://$my_host:9292/v1" \
--adminurl "http://$my_host:9292/v1"

+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
|   adminurl  |     http://10.0.0.30:9292/v1     |
|      id     | 59027c4f4a0f427d915afe7909a9a252 |
| internalurl |     http://10.0.0.30:9292/v1     |
|  publicurl  |     http://10.0.0.30:9292/v1     |
|    region   |            RegionOne             |
|  service_id | 50ad417b1246468aacad9386e28d539b |
+-------------+----------------------------------+

# nova 用エンドポイント作成

[root@dlp ~]#
keystone endpoint-create --region RegionOne \
--service nova \
--publicurl "http://$my_host:\$(compute_port)s/v2/\$(tenant_id)s" \
--internalurl "http://$my_host:\$(compute_port)s/v2/\$(tenant_id)s" \
--adminurl "http://$my_host:\$(compute_port)s/v2/\$(tenant_id)s"

+-------------+----------------------------------------------------+
|   Property  |                       Value                        |
+-------------+----------------------------------------------------+
|   adminurl  | http://10.0.0.30:$(compute_port)s/v2/$(tenant_id)s |
|      id     |          b42ae430e14d4d05882eb7ffa778490f          |
| internalurl | http://10.0.0.30:$(compute_port)s/v2/$(tenant_id)s |
|  publicurl  | http://10.0.0.30:$(compute_port)s/v2/$(tenant_id)s |
|    region   |                     RegionOne                      |
|  service_id |          1c8361d96a954b568f3171b2fb6e3992          |
+-------------+----------------------------------------------------+

# 設定確認

[root@dlp ~]#
keystone endpoint-list

+----------------------------------+-----------+----------------------------------------------------+
|                id                |   region  |                     publicurl                      |
+----------------------------------+-----------+----------------------------------------------------+
| 59027c4f4a0f427d915afe7909a9a252 | RegionOne |              http://10.0.0.30:9292/v1              |
| a55d2a7992894a3fa886a46e72e95ecb | RegionOne |       http://10.0.0.30:$(public_port)s/v2.0        |
| b42ae430e14d4d05882eb7ffa778490f | RegionOne | http://10.0.0.30:$(compute_port)s/v2/$(tenant_id)s |
+----------------------------------+-----------+----------------------------------------------------+
+----------------------------------------------------+----------------------------------------------------+
|                    internalurl                     |                      adminurl                      |
+----------------------------------------------------+----------------------------------------------------+
|              http://10.0.0.30:9292/v1              |              http://10.0.0.30:9292/v1              |
|       http://10.0.0.30:$(public_port)s/v2.0        |        http://10.0.0.30:$(admin_port)s/v2.0        |
| http://10.0.0.30:$(compute_port)s/v2/$(tenant_id)s | http://10.0.0.30:$(compute_port)s/v2/$(tenant_id)s |
+----------------------------------------------------+----------------------------------------------------+
+----------------------------------+
|            service_id            |
+----------------------------------+
| 50ad417b1246468aacad9386e28d539b |
| b558710dca124cba8c6948c1389fa910 |
| 1c8361d96a954b568f3171b2fb6e3992 |
+----------------------------------+
関連コンテンツ
 
Tweet