Atom feed of this document
 

 Identity Service

 

Procedure 4.1. To configure the Identity Service for use with Networking

  1. Create the get_id() function

    The get_id() function stores the ID of created objects, and removes error-prone copying and pasting of object IDs in later steps:

    1. Add the following function to your .bashrc file:

      $ function get_id () {
      echo `"$@" | awk '/ id / { print $4 }'`
      }
    2. Source the .bashrc file:

      $ source .bashrc
  2. Create the Networking service entry

    OpenStack Networking must be available in the OpenStack Compute service catalog. Create the service:

    $ NEUTRON_SERVICE_ID=$(get_id keystone service-create --name neutron --type network --description 'OpenStack Networking Service')
  3. Create the Networking service endpoint entry

    The way that you create an OpenStack Networking endpoint entry depends on whether you are using the SQL catalog driver or the template catalog driver:

    • If you use the SQL driver, run these command with these parameters: specified region ($REGION), IP address of the OpenStack Networking server ($IP), and service ID ($NEUTRON_SERVICE_ID, obtained in the previous step).

      $ keystone endpoint-create --region $REGION --service-id $NEUTRON_SERVICE_ID --publicurl 'http://$IP:9696/' --adminurl 'http://$IP:9696/' --internalurl 'http://$IP:9696/'

      For example:

      $ keystone endpoint-create --region myregion --service-id $NEUTRON_SERVICE_ID \
      --publicurl "http://10.211.55.17:9696/" --adminurl "http://10.211.55.17:9696/" --internalurl "http://10.211.55.17:9696/" 
    • If you are using the template driver, add the following content to your OpenStack Compute catalog template file (default_catalog.templates), using these parameters: given region ($REGION) and IP address of the OpenStack Networking server ($IP).

      catalog.$REGION.network.publicURL = http://$IP:9696
      catalog.$REGION.network.adminURL = http://$IP:9696
      catalog.$REGION.network.internalURL = http://$IP:9696
      catalog.$REGION.network.name = Network Service

      For example:

      catalog.$Region.network.publicURL = http://10.211.55.17:9696
      catalog.$Region.network.adminURL = http://10.211.55.17:9696
      catalog.$Region.network.internalURL = http://10.211.55.17:9696
        catalog.$Region.network.name = Network Service
  4. Create the Networking service user

    You must provide admin user credentials that OpenStack Compute and some internal components of OpenStack Networking can use to access the OpenStack Networking API. The suggested approach is to create a special service tenant, create a neutron user within this tenant, and to assign this user an admin role.

    1. Create the admin role:

      $ ADMIN_ROLE=$(get_id keystone role-create --name=admin)
      
    2. Create the neutron user:

      $ NEUTRON_USER=$(get_id keystone user-create --name=neutron --pass="$NEUTRON_PASSWORD" [email protected] --tenant-id service)
      
    3. Create the service tenant:

      $ SERVICE_TENANT=$(get_id keystone tenant-create --name service --description "Services Tenant")
    4. Establish the relationship among the tenant, user, and role:

      $ keystone user-role-add --user_id $NEUTRON_USER --role_id $ADMIN_ROLE --tenant_id $SERVICE_TENANT

For information about how to create service entries and users. see the OpenStack Installation Guide for your distribution (docs.openstack.org).

Log a bug against this page

loading table of contents...