Procedure 7.15. To configure the Identity Service for use with Networking
Create the
get_id()
functionThe
get_id()
function stores the ID of created objects, and removes the need to copy and paste object IDs in later steps:Add the following function to your
.bashrc
file:function get_id () { echo `"$@" | awk '/ id / { print $4 }'` }
Source the
.bashrc
file:$ source .bashrc
Create the Networking service entry
Networking must be available in the Compute service catalog. Create the service:
$ NEUTRON_SERVICE_ID=$(get_id keystone service-create --name neutron --type network --description 'OpenStack Networking Service')
Create the Networking service endpoint entry
The way that you create a Networking endpoint entry depends on whether you are using the SQL or the template catalog driver:
If you use the SQL driver, run the following command with the specified region (
$REGION
), IP address of the Networking server ($IP
), and service ID ($NEUTRON_SERVICE_ID
, obtained in the previous step).$ keystone endpoint-create --region $REGION --service-id $NEUTRON_SERVICE_ID \ --publicurl 'http://$IP:9696/' --adminurl 'http://$IP:9696/' --internalurl 'http://$IP:9696/'
For example:
$ keystone endpoint-create --region myregion --service-id $NEUTRON_SERVICE_ID \ --publicurl "http://10.211.55.17:9696/" --adminurl "http://10.211.55.17:9696/" --internalurl "http://10.211.55.17:9696/"
If you are using the template driver, specify the following parameters in your Compute catalog template file (
default_catalog.templates
), along with the region ($REGION
) and IP address of the Networking server ($IP
).catalog.$REGION.network.publicURL = http://$IP:9696 catalog.$REGION.network.adminURL = http://$IP:9696 catalog.$REGION.network.internalURL = http://$IP:9696 catalog.$REGION.network.name = Network Service
For example:
catalog.$Region.network.publicURL = http://10.211.55.17:9696 catalog.$Region.network.adminURL = http://10.211.55.17:9696 catalog.$Region.network.internalURL = http://10.211.55.17:9696 catalog.$Region.network.name = Network Service
Create the Networking service user
You must provide admin user credentials that Compute and some internal Networking components can use to access the Networking API. Create a special
service
tenant and aneutron
user within this tenant, and assign anadmin
role to this role.Create the
admin
role:$ ADMIN_ROLE=$(get_id keystone role-create --name=admin)
Create the
neutron
user:$ NEUTRON_USER=$(get_id keystone user-create --name=neutron --pass="$NEUTRON_PASSWORD" [email protected] --tenant-id service)
Create the
service
tenant:$ SERVICE_TENANT=$(get_id keystone tenant-create --name service --description "Services Tenant")
Establish the relationship among the tenant, user, and role:
$ keystone user-role-add --user_id $NEUTRON_USER --role_id $ADMIN_ROLE --tenant_id $SERVICE_TENANT
For information about how to create service entries and users, see the OpenStack Installation Guide for your distribution (docs.openstack.org).