openstack/openstack-manuals
Code Issues Proposed changes
6a01aa42d1
openstack-manuals/doc/install-guide/source/keystone-openrc.rst
Matthew Kassawara bd9b8b65d4 Install: Keystone updates for Mitaka 
Update keystone configuration for Mitaka.

1) Change token type from UUID with Memcached to Fernet.
2) Complete migration to the Identity v3 API. As testing
   progresses, some services may require additional
   changes.

Note: Still contemplating use of clouds.yaml. Initial
      investigation indicates insufficient positive
      impact for the changes necessary to implement it.

Note: The keystone authentication library for services
      (keystoneauth1) requires Memcached in Mitaka. A
      future patch will move installation of Memcached
      to the environment content.

Change-Id: Ifdf96c285f1b260822922661668bc30629328ade
Implements: bp installguide-mitaka
2016-02-12 12:56:09 -07:00

3.1 KiB
Raw Blame History

Create OpenStack client environment scripts

The previous section used a combination of environment variables and command options to interact with the Identity service via the openstack client. To increase efficiency of client operations, OpenStack supports simple client environment scripts also known as OpenRC files. These scripts typically contain common options for all clients, but also support unique options. For more information, see the OpenStack User Guide <http://docs.openstack.org/user-guide/common/ cli_set_environment_variables_using_openstack_rc.html>__.

Creating the scripts

Create client environment scripts for the admin and demo projects and users. Future portions of this guide reference these scripts to load appropriate credentials for client operations.

  1. Edit the admin-openrc.sh file and add the following content:

    export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3

    Replace ADMIN_PASS with the password you chose for the admin user in the Identity service.

  2. Edit the demo-openrc.sh file and add the following content:

    export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3

    Replace DEMO_PASS with the password you chose for the demo user in the Identity service.

Using the scripts

To run clients as a specific project and user, you can simply load the associated client environment script prior to running them. For example:

  1. Load the admin-openrc.sh file to populate environment variables with the location of the Identity service and the admin project and user credentials:

    $ source admin-openrc.sh

  2. Request an authentication token:

    $ openstack token issue
+------------+-----------------------------------------------------------------+
| Field      | Value                                                           |
+------------+-----------------------------------------------------------------+
| expires    | 2016-02-12T20:44:35.659723Z                                     |
| id         | gAAAAABWvjYj-Zjfg8WXFaQnUd1DMYTBVrKw4h3fIagi5NoEmh21U72SrRv2trl |
|            | JWFYhLi2_uPR31Igf6A8mH2Rw9kv_bxNo1jbLNPLGzW_u5FC7InFqx0yYtTwa1e |
|            | eq2b0f6-18KZyQhs7F3teAta143kJEWuNEYET-y7u29y0be1_64KYkM7E       |
| project_id | 343d245e850143a096806dfaefa9afdc                                |
| user_id    | ac3377633149401296f6c0d92d79dc16                                |
+------------+-----------------------------------------------------------------+