Identity Service

Compute
Networking API and credential configuration
Configure security groups
Configure metadata
Example nova.conf (for nova-compute and nova-api)

Procedure 4.1. To configure the Identity Service for use with Networking

Create the get_id() function
The get_id() function stores the ID of created objects, and removes error-prone copying and pasting of object IDs in later steps:
1. Add the following function to your .bashrc file:
```
$ function get_id () {
echo `"$@" | awk '/ id / { print $4 }'`
}
```
2. Source the .bashrc file:
```
$ source .bashrc
```
Create the Networking service entry
OpenStack Networking must be available in the OpenStack Compute service catalog. Create the service:
```
$ NEUTRON_SERVICE_ID=$(get_id keystone service-create --name neutron --type network --description 'OpenStack Networking Service')
```
Create the Networking service endpoint entry
The way that you create an OpenStack Networking endpoint entry depends on whether you are using the SQL catalog driver or the template catalog driver:
- If you use the SQL driver, run these command with these parameters: specified region ($REGION), IP address of the OpenStack Networking server ($IP), and service ID ($NEUTRON_SERVICE_ID, obtained in the previous step).
```
$ keystone endpoint-create --region $REGION --service-id $NEUTRON_SERVICE_ID --publicurl 'http://$IP:9696/' --adminurl 'http://$IP:9696/' --internalurl 'http://$IP:9696/'
```
  For example:
```
$ keystone endpoint-create --region myregion --service-id $NEUTRON_SERVICE_ID \
--publicurl "http://10.211.55.17:9696/" --adminurl "http://10.211.55.17:9696/" --internalurl "http://10.211.55.17:9696/" 
```
- If you are using the template driver, add the following content to your OpenStack Compute catalog template file (default_catalog.templates), using these parameters: given region ($REGION) and IP address of the OpenStack Networking server ($IP).
```
catalog.$REGION.network.publicURL = http://$IP:9696
catalog.$REGION.network.adminURL = http://$IP:9696
catalog.$REGION.network.internalURL = http://$IP:9696
catalog.$REGION.network.name = Network Service
```
  For example:
```
catalog.$Region.network.publicURL = http://10.211.55.17:9696
catalog.$Region.network.adminURL = http://10.211.55.17:9696
catalog.$Region.network.internalURL = http://10.211.55.17:9696
  catalog.$Region.network.name = Network Service
```
Create the Networking service user
You must provide admin user credentials that OpenStack Compute and some internal components of OpenStack Networking can use to access the OpenStack Networking API. The suggested approach is to create a special service tenant, create a neutron user within this tenant, and to assign this user an admin role.
1. Create the admin role:
```
$ ADMIN_ROLE=$(get_id keystone role-create --name=admin)
```
2. Create the neutron user:
```
$ NEUTRON_USER=$(get_id keystone user-create --name=neutron --pass="$NEUTRON_PASSWORD" [email protected] --tenant-id service)
```
3. Create the service tenant:
```
$ SERVICE_TENANT=$(get_id keystone tenant-create --name service --description "Services Tenant")
```
4. Establish the relationship among the tenant, user, and role:
```
$ keystone user-role-add --user_id $NEUTRON_USER --role_id $ADMIN_ROLE --tenant_id $SERVICE_TENANT
```

For information about how to create service entries and users. see the OpenStack Installation Guide for your distribution (docs.openstack.org).

Log a bug against this page

Legal notices