openstack/openstack-manuals
Code Issues Proposed changes
721139f880
openstack-manuals/doc/install-guide/source/keystone-services.rst
Andreas Jaeger 25d1b7d617 Remove DocBook XML files for Install Guide 
Remove DocBook XML files and rename directory from install-guide-rst to
install-guide.

Adjust everything so that publishing works.
Update README to remove DocBook XML Install Guide specific instructions.

Implements: blueprint installguide-liberty
Change-Id: If723c44c3c0383dc8ab8e53798d82e7f0ee2cc57
2015-08-19 16:35:31 +02:00

5.0 KiB
Raw Blame History

Create the service entity and API endpoint

The Identity service provides a catalog of services and their locations. Each service that you add to your OpenStack environment requires a service entity and several API endpoints<API endpoint> in the catalog.

To configure prerequisites

obs or rdo or ubuntu

By default, the Identity service database contains no information to support conventional authentication and catalog services. You must use a temporary authentication token that you created in the section called keystone-install to initialize the service entity and API endpoint for the Identity service.

You must pass the value of the authentication token to the openstack command with the --os-token parameter or set the OS_TOKEN environment variable. Similarly, you must also pass the value of the Identity service URL to the openstack command with the --os-url parameter or set the OS_URL environment variable. This guide uses environment variables to reduce command length.

Warning

For security reasons, do not use the temporary authentication token for longer than necessary to initialize the Identity service.

  1. Configure the authentication token:

    $ export OS_TOKEN=ADMIN_TOKEN

    obs or rdo or ubuntu

    Replace ADMIN_TOKEN with the authentication token that you generated in the section called keystone-install. For example:

    $ export OS_TOKEN=294a4c8a8a475f9b9836

  2. Configure the endpoint URL:

    $ export OS_URL=http://controller:35357/v2.0

    debian

    Note

    The packages can automatically create the service entity and API endpoint.

To create the service entity and API endpoint

  1. The Identity service manages a catalog of services in your OpenStack environment. Services use this catalog to determine the other services available in your environment.

    Create the service entity for the Identity service:

    $ openstack service create \
  --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Identity               |
| enabled     | True                             |
| id          | 4ddaae90388b4ebc9d252ec2252d8d10 |
| name        | keystone                         |
| type        | identity                         |
+-------------+----------------------------------+

    Note

    OpenStack generates IDs dynamically, so you will see different values in the example command output.

  2. The Identity service manages a catalog of API endpoints associated with the services in your OpenStack environment. Services use this catalog to determine how to communicate with other services in your environment.

    OpenStack uses three API endpoint variants for each service: admin, internal, and public. The admin API endpoint allows modifying users and tenants by default, while the public and internal APIs do not. In a production environment, the variants might reside on separate networks that service different types of users for security reasons. For instance, the public API network might be reachable from outside the cloud for management tools, the admin API network might be protected, while the internal API network is connected to each host. Also, OpenStack supports multiple regions for scalability. For simplicity, this guide uses the management network for all endpoint variations and the default RegionOne region.

    Create the Identity service API endpoint:

    $ openstack endpoint create \
  --publicurl http://controller:5000/v2.0 \
  --internalurl http://controller:5000/v2.0 \
  --adminurl http://controller:35357/v2.0 \
  --region RegionOne \
  identity
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| adminurl     | http://controller:35357/v2.0     |
| id           | 4a9ffc04b8eb4848a49625a3df0170e5 |
| internalurl  | http://controller:5000/v2.0      |
| publicurl    | http://controller:5000/v2.0      |
| region       | RegionOne                        |
| service_id   | 4ddaae90388b4ebc9d252ec2252d8d10 |
| service_name | keystone                         |
| service_type | identity                         |
+--------------+----------------------------------+

    Note

    Each service that you add to your OpenStack environment requires one or more service entities and one API endpoint in the Identity service.