Configure Identity Service for Networking

Procedure 7.15. To configure the Identity Service for use with Networking

1. Create the get_id() function

   The get_id() function stores the ID of created objects, and removes the need to copy and paste object IDs in later steps:

   1. Add the following function to your .bashrc file:

      function get_id () {
      echo `"$@" | awk '/ id / { print $4 }'`
      }

   2. Source the .bashrc file:

      $ source .bashrc

2. Create the Networking service entry

   Networking must be available in the Compute service catalog. Create the service:

   $ NEUTRON_SERVICE_ID=$(get_id keystone service-create --name neutron --type network --description 'OpenStack Networking Service')

3. Create the Networking service endpoint entry

   The way that you create a Networking endpoint entry depends on whether you are using the SQL or the template catalog driver:

   • If you use the SQL driver, run the following command with the specified region ($REGION), IP address of the Networking server ($IP), and service ID ($NEUTRON_SERVICE_ID, obtained in the previous step).

     $ keystone endpoint-create --region $REGION --service-id $NEUTRON_SERVICE_ID \
        --publicurl 'http://$IP:9696/' --adminurl 'http://$IP:9696/' --internalurl 'http://$IP:9696/'

     For example:

     $ keystone endpoint-create --region myregion --service-id $NEUTRON_SERVICE_ID \
        --publicurl "http://10.211.55.17:9696/" --adminurl "http://10.211.55.17:9696/" --internalurl "http://10.211.55.17:9696/" 

   • If you are using the template driver, specify the following parameters in your Compute catalog template file (default_catalog.templates), along with the region ($REGION) and IP address of the Networking server ($IP).

     catalog.$REGION.network.publicURL = http://$IP:9696
     catalog.$REGION.network.adminURL = http://$IP:9696
     catalog.$REGION.network.internalURL = http://$IP:9696
     catalog.$REGION.network.name = Network Service

     For example:

     catalog.$Region.network.publicURL = http://10.211.55.17:9696
     catalog.$Region.network.adminURL = http://10.211.55.17:9696
     catalog.$Region.network.internalURL = http://10.211.55.17:9696
     catalog.$Region.network.name = Network Service

4. Create the Networking service user

   You must provide admin user credentials that Compute and some internal Networking components can use to access the Networking API. Create a special service tenant and a neutron user within this tenant, and assign an admin role to this role.

   1. Create the admin role:

      $ ADMIN_ROLE=$(get_id keystone role-create --name=admin)
      

   2. Create the neutron user:

      $ NEUTRON_USER=$(get_id keystone user-create --name=neutron --pass="$NEUTRON_PASSWORD" [email protected] --tenant-id service)
      

   3. Create the service tenant:

      $ SERVICE_TENANT=$(get_id keystone tenant-create --name service --description "Services Tenant")

   4. Establish the relationship among the tenant, user, and role:

      $ keystone user-role-add --user_id $NEUTRON_USER --role_id $ADMIN_ROLE --tenant_id $SERVICE_TENANT