Atom feed of this document
  
 

 Configure Identity Service for Networking

 

Procedure 7.15. To configure the Identity Service for use with Networking

  1. Create the get_id() function

    The get_id() function stores the ID of created objects, and removes the need to copy and paste object IDs in later steps:

    1. Add the following function to your .bashrc file:

      function get_id () {
      echo `"$@" | awk '/ id / { print $4 }'`
      }
    2. Source the .bashrc file:

      $ source .bashrc
  2. Create the Networking service entry

    Networking must be available in the Compute service catalog. Create the service:

    $ NEUTRON_SERVICE_ID=$(get_id keystone service-create --name neutron --type network --description 'OpenStack Networking Service')
  3. Create the Networking service endpoint entry

    The way that you create a Networking endpoint entry depends on whether you are using the SQL or the template catalog driver:

    • If you use the SQL driver, run the following command with the specified region ($REGION), IP address of the Networking server ($IP), and service ID ($NEUTRON_SERVICE_ID, obtained in the previous step).

      $ keystone endpoint-create --region $REGION --service-id $NEUTRON_SERVICE_ID \
         --publicurl 'http://$IP:9696/' --adminurl 'http://$IP:9696/' --internalurl 'http://$IP:9696/'

      For example:

      $ keystone endpoint-create --region myregion --service-id $NEUTRON_SERVICE_ID \
         --publicurl "http://10.211.55.17:9696/" --adminurl "http://10.211.55.17:9696/" --internalurl "http://10.211.55.17:9696/" 
    • If you are using the template driver, specify the following parameters in your Compute catalog template file (default_catalog.templates), along with the region ($REGION) and IP address of the Networking server ($IP).

      catalog.$REGION.network.publicURL = http://$IP:9696
      catalog.$REGION.network.adminURL = http://$IP:9696
      catalog.$REGION.network.internalURL = http://$IP:9696
      catalog.$REGION.network.name = Network Service

      For example:

      catalog.$Region.network.publicURL = http://10.211.55.17:9696
      catalog.$Region.network.adminURL = http://10.211.55.17:9696
      catalog.$Region.network.internalURL = http://10.211.55.17:9696
      catalog.$Region.network.name = Network Service
  4. Create the Networking service user

    You must provide admin user credentials that Compute and some internal Networking components can use to access the Networking API. Create a special service tenant and a neutron user within this tenant, and assign an admin role to this role.

    1. Create the admin role:

      $ ADMIN_ROLE=$(get_id keystone role-create --name=admin)
      
    2. Create the neutron user:

      $ NEUTRON_USER=$(get_id keystone user-create --name=neutron --pass="$NEUTRON_PASSWORD" [email protected] --tenant-id service)
      
    3. Create the service tenant:

      $ SERVICE_TENANT=$(get_id keystone tenant-create --name service --description "Services Tenant")
    4. Establish the relationship among the tenant, user, and role:

      $ keystone user-role-add --user_id $NEUTRON_USER --role_id $ADMIN_ROLE --tenant_id $SERVICE_TENANT

For information about how to create service entries and users, see the OpenStack Installation Guide for your distribution (docs.openstack.org).

Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page

loading table of contents...