CentOS 7
Sponsored Link

OpenStack Mitaka (三鷹) : Keystone 設定#2
2016/04/12
 
Keystone に ユーザやロール、OpenStack 各コンポーネントが利用するサービスを登録しておきます。
[1] 環境変数を事前に読み込んでおきます。また、デフォルトドメインを作成しておきます。
「OS_TOKEN」は keystone.conf で「admin_token」に設定した値です。
「OS_URL」は Keystone サーバーのホスト名またはIPアドレスです。
[root@dlp ~]#
export OS_TOKEN=admintoken

[root@dlp ~]#
export OS_URL=http://10.0.0.30:35357/v3

[root@dlp ~]#
export OS_IDENTITY_API_VERSION=3

[root@dlp ~]#
openstack domain create --description "Default Domain" default

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Default Domain                   |
| enabled     | True                             |
| id          | 25abd10294da4cb28aee485cd9587b87 |
| name        | default                          |
+-------------+----------------------------------+
[2] プロジェクトを作成します。
# admin プロジェクト作成

[root@dlp ~]#
openstack project create --domain default --description "Admin Project" admin

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Admin Project                    |
| domain_id   | 25abd10294da4cb28aee485cd9587b87 |
| enabled     | True                             |
| id          | c70760f08db7408e908c7d035eae109a |
| is_domain   | False                            |
| name        | admin                            |
| parent_id   | 25abd10294da4cb28aee485cd9587b87 |
+-------------+----------------------------------+

# service プロジェクト作成

[root@dlp ~]#
openstack project create --domain default --description "Service Project" service

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | 25abd10294da4cb28aee485cd9587b87 |
| enabled     | True                             |
| id          | 0eb5f28ee57743c2a56c049caa97b7d2 |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | 25abd10294da4cb28aee485cd9587b87 |
+-------------+----------------------------------+

# 設定確認

[root@dlp ~]#
openstack project list

+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 0eb5f28ee57743c2a56c049caa97b7d2 | service |
| c70760f08db7408e908c7d035eae109a | admin   |
+----------------------------------+---------+
[3] ロールを作成します。
# admin ロール作成

[root@dlp ~]#
openstack role create admin

+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 9f13cceb926347ae8010e2cf90f5d639 |
| name      | admin                            |
+-----------+----------------------------------+

# Member ロール作成

[root@dlp ~]#
openstack role create Member

+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 6f5a5ab4bd664a1da548c40d0852c134 |
| name      | Member                           |
+-----------+----------------------------------+

# 設定確認

[root@dlp ~]#
openstack role list

+----------------------------------+--------+
| ID                               | Name   |
+----------------------------------+--------+
| 6f5a5ab4bd664a1da548c40d0852c134 | Member |
| 9f13cceb926347ae8010e2cf90f5d639 | admin  |
+----------------------------------+--------+
[4] ユーザーを作成します。
# admin ユーザー作成 (admin プロジェクト所属)

[root@dlp ~]#
openstack user create --domain default --project admin --password adminpassword admin

+--------------------+----------------------------------+
| Field              | Value                            |
+--------------------+----------------------------------+
| default_project_id | c70760f08db7408e908c7d035eae109a |
| domain_id          | 25abd10294da4cb28aee485cd9587b87 |
| enabled            | True                             |
| id                 | a8ecde7bd78c430d903ff7aa7672559e |
| name               | admin                            |
+--------------------+----------------------------------+

# admin ユーザーを admin ロール に加える

[root@dlp ~]#
openstack role add --project admin --user admin admin
# 設定確認

[root@dlp ~]#
openstack user list

+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| a8ecde7bd78c430d903ff7aa7672559e | admin |
+----------------------------------+-------+
[5] サービス用のエントリを作成します。
# keystone 用サービスエントリ作成

[root@dlp ~]#
openstack service create --name keystone --description "OpenStack Identity" identity

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Identity               |
| enabled     | True                             |
| id          | 0bd5980ef9754f93a5a97fa416760680 |
| name        | keystone                         |
| type        | identity                         |
+-------------+----------------------------------+

# 設定確認

[root@dlp ~]#
openstack service list

+----------------------------------+----------+----------+
| ID                               | Name     | Type     |
+----------------------------------+----------+----------+
| 0bd5980ef9754f93a5a97fa416760680 | keystone | identity |
+----------------------------------+----------+----------+
[6] エンドポイントを作成します。
# 自ホストを定義しておく

[root@dlp ~]#
export controller=10.0.0.30
# keystone 用エンドポイント作成 (public)

[root@dlp ~]#
openstack endpoint create --region RegionOne identity public http://$controller:5000/v3

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 1c5a0fd610634fa4aa8391b5b5f32305 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 0bd5980ef9754f93a5a97fa416760680 |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://10.0.0.30:5000/v3         |
+--------------+----------------------------------+

# keystone 用エンドポイント作成 (internal )

[root@dlp ~]#
openstack endpoint create --region RegionOne identity internal http://$controller:5000/v3

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 1cb252e4446b4aa8ac83a4908d6f171c |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 0bd5980ef9754f93a5a97fa416760680 |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://10.0.0.30:5000/v3         |
+--------------+----------------------------------+

# keystone 用エンドポイント作成 (admin )

[root@dlp ~]#
openstack endpoint create --region RegionOne identity admin http://$controller:35357/v3

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 697a4517fd8b483cba17daa25ded3501 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 0bd5980ef9754f93a5a97fa416760680 |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://10.0.0.30:35357/v3        |
+--------------+----------------------------------+

# 設定確認

[root@dlp ~]#
openstack endpoint list

+----------+-----------+--------------+--------------+---------+-----------+---------------------------+
| ID       | Region    | Service Name | Service Type | Enabled | Interface | URL                       |
+----------+-----------+--------------+--------------+---------+-----------+---------------------------+
| 1c5a0... | RegionOne | keystone     | identity     | True    | public    | http://10.0.0.30:5000/v3  |
| 1cb25... | RegionOne | keystone     | identity     | True    | internal  | http://10.0.0.30:5000/v3  |
| 697a4... | RegionOne | keystone     | identity     | True    | admin     | http://10.0.0.30:35357/v3 |
+----------+-----------+--------------+--------------+---------+-----------+---------------------------+
関連コンテンツ
 
Tweet