Init keystone data step by step ( by quqi99 )
2013-01-02 22:05
190 查看
Init keystone data step by step ( by quqi99 )
作者:张华 发表于:2013-01-02
COMPUTE_ID=$(keystone service-create --name=nova --type=compute --description="Nova Compute Service" |awk -F "|" '$2 ~ /id/ {print $3}')
keystone service-create --name nova-volume --type volume --description 'OpenStack Nova Volume Service'
keystone service-create --name glance --type image --description 'OpenStack Image Service'
keystone service-create --name keystone --type identity --description 'OpenStack Identity Service'
keystone service-create --name quantum --type network --description 'Openstack Network Service'
[root@node1 ~]# keystone service-list
+----------------------------------+-------------+----------+-------------------------------+
| id | name | type | description |
+----------------------------------+-------------+----------+-------------------------------+
| 08c9dda3576347c49290eebebb7a39cb | quantum | network | Openstack Network Service |
| 5c4fd5fb7b054ce4af29ac4c17b7bee0 | nova | compute | OpenStack Compute Service |
| 70490f9d704e4c368e697126c771e250 | keystone | identity | OpenStack Identity Service |
| 7955a55492064fa8b70783616688f881 | glance | image | OpenStack Image Service |
| d0e33c89f72b4cffa2738a6e0ffb1828 | nova-volume | volume | OpenStack Nova Volume Service |
+----------------------------------+-------------+----------+-------------------------------+
8.2 Create the endpoints:
IDENTITY_ID=70490f9d704e4c368e697126c771e250
COMPUTE_ID=5c4fd5fb7b054ce4af29ac4c17b7bee0
VOLUME_ID=d0e33c89f72b4cffa2738a6e0ffb1828
IMAGE_ID=7955a55492064fa8b70783616688f881
NETWORD_ID=08c9dda3576347c49290eebebb7a39cb
keystone endpoint-create --region=RegionOne --service_id=$IDENTITY_ID --publicurl='http://node1:$(public_port)s/v2.0' --internalurl='http://node1:$(public_port)s/v2.0' --adminurl='http://node1:$(admin_port)s/v2.0'
keystone endpoint-create --region=RegionOne --service_id=$COMPUTE_ID --publicurl='http://node1:$(compute_port)s/v1.1/$(tenant_id)s' --internalurl='http://node1:$(compute_port)s/v1.1/$(tenant_id)s' --adminurl='http://node1:$(compute_port)s/v1.1/$(tenant_id)s'
keystone endpoint-create --region=RegionOne --service_id=$VOLUME_ID --publicurl='http://node1:8776/v1/$(tenant_id)s' --internalurl='http://node1:8776/v1/$(tenant_id)s' --adminurl='http://node1:8776/v1/$(tenant_id)s'
keystone endpoint-create --region=RegionOne --service_id=$IMAGE_ID --publicurl='http://node1:9292/v1' --internalurl='http://node1:9292/v1' --adminurl='http://node1:9292/v1'
keystone endpoint-create --region=RegionOne --service_id=$NETWORD_ID --publicurl='http://node1:9696/' --internalurl='http://node1:9696/' --adminurl='http://node1:9696/'
8.3 You can use following scripts to create admin user:
SERVICE_TOKEN=ADMIN
ADMIN_PASSWORD=password
SERVICE_ENDPOINT=http://node1:35357/v2.0
export SERVICE_TOKEN=$SERVICE_TOKEN
export SERVICE_ENDPOINT=$SERVICE_ENDPOINT
function get_id(){
echo`$@ |grep id |awk '{print$4}'`
}
ADMIN_TENANT=`get_id keystonetenant-create --name=admin`
ADMIN_USER=`get_id keystoneuser -create --name=admin --pass="$ADMIN_PASSWORD" --email=admin@example.com`
ADMIN_ROLE=`get_id keystonerole -create --name=admin`
KEYSTONESERVICE_ROLE=`get_id keystonerole -create --name=KeystoneServiceAdmin`
keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant_id $ADMIN_TENANT
keystone user-role-add --user-id $ADMIN_USER --role-id $KEYSTONESERVICE_ROLE --tenant_id$ADMIN_TENANT
echo$?
Or you can do it step by step as bellow:
8.3.1 Create the roles:
keystone role-create --name KeystoneServiceAdmin
keystone role-create --name Admin
keystone role-create --name Member
keystone role-create --name sysadmin
keystone role-create --name netadmin
8.3.2 Create users and tenants, one user can visit multi tenants, admin user can visit all tenants.
keystone tenant-create --name admin
keystone tenant-create --name tenant1
keystone tenant-create --name tenant2
keystone user-create --name admin --tenant_id cfdf5ed5e5b44d04a608627775a8c5ed --pass password --email admin@cn.ibm.com --enabled true
keystone user-create --name hua --tenant_id 82f45edf672b4d9280b59a046d906ef9 --pass password --email hua@cn.ibm.com --enabled true
Note: for another tenant of user hua, we will associate using following command in the bellow:
keystone user-role-add --user-id 10b10ece31cb4617ac36dac10249791c --role-id 0e79b691e5934e2ab41882f931fa8b7d --tenant_id=0215ab0266c54f578d34614d01a7d05d
[root@node1 ~]# keystone tenant-list
+----------------------------------+---------+---------+
| id | name | enabled |
+----------------------------------+---------+---------+
| 0215ab0266c54f578d34614d01a7d05d | tenant2 | True |
| 82f45edf672b4d9280b59a046d906ef9 | tenant1 | True |
| cfdf5ed5e5b44d04a608627775a8c5ed | admin | True |
+----------------------------------+---------+---------+
[root@node1 ~]# keystone user-list
+----------------------------------+-------+---------+------------------+
| id | name | enabled | email |
+----------------------------------+-------+---------+------------------+
| 10b10ece31cb4617ac36dac10249791c | hua | True | hua@cn.ibm.com |
| 198cb7a91a5d4e03b959924a16bf2fc9 | admin | True | admin@cn.ibm.com |
+----------------------------------+-------+---------+------------------+
[root@node1 ~]# keystone role-list
+----------------------------------+----------------------+
| id | name |
+----------------------------------+----------------------+
| 0e79b691e5934e2ab41882f931fa8b7d | Member |
| 1fc6404b6b194e768a6b79b365c15523 | sysadmin |
| 5beddbed11c6457989ef29295a3b6a05 | KeystoneServiceAdmin |
| 968b63e22684429fa3e66d99865038c4 | Admin |
| c81ea6a629274de6bc5863640723d6bf | netadmin |
+----------------------------------+----------------------+
8.3.3 Only admin user can manage keystone, so need add the KeystoneServiceAdmin role to the admin user for each tenant:
keystone user-role-add --user-id 198cb7a91a5d4e03b959924a16bf2fc9 --role-id 5beddbed11c6457989ef29295a3b6a05 --tenant_id=0215ab0266c54f578d34614d01a7d05d
keystone user-role-add --user-id 198cb7a91a5d4e03b959924a16bf2fc9 --role-id 5beddbed11c6457989ef29295a3b6a05 --tenant_id=82f45edf672b4d9280b59a046d906ef9
keystone user-role-add --user-id 198cb7a91a5d4e03b959924a16bf2fc9 --role-id 5beddbed11c6457989ef29295a3b6a05 --tenant_id=cfdf5ed5e5b44d04a608627775a8c5ed
8.3.4 Add the Admin role to the admin user for each tenant:
keystone user-role-add --user-id 198cb7a91a5d4e03b959924a16bf2fc9 --role-id 968b63e22684429fa3e66d99865038c4 --tenant_id=0215ab0266c54f578d34614d01a7d05d
keystone user-role-add --user-id 198cb7a91a5d4e03b959924a16bf2fc9 --role-id 968b63e22684429fa3e66d99865038c4 --tenant_id=82f45edf672b4d9280b59a046d906ef9
keystone user-role-add --user-id 198cb7a91a5d4e03b959924a16bf2fc9 --role-id 968b63e22684429fa3e66d99865038c4 --tenant_id=cfdf5ed5e5b44d04a608627775a8c5ed
8.3.5 The common user hua have two tenants, should add the Member role to the hua user for each tenant:
keystone user-role-add --user-id 10b10ece31cb4617ac36dac10249791c --role-id 0e79b691e5934e2ab41882f931fa8b7d --tenant_id=0215ab0266c54f578d34614d01a7d05d
keystone user-role-add --user-id 10b10ece31cb4617ac36dac10249791c --role-id 0e79b691e5934e2ab41882f931fa8b7d --tenant_id=82f45edf672b4d9280b59a046d906ef9
作者:张华 发表于:2013-01-02
版权声明:可以任意转载,转载时请务必以超链接形式标明文章原始出处和作者信息及本版权声明
( http://blog.csdn.net/quqi99 )
8.1 Create the services:COMPUTE_ID=$(keystone service-create --name=nova --type=compute --description="Nova Compute Service" |awk -F "|" '$2 ~ /id/ {print $3}')
keystone service-create --name nova-volume --type volume --description 'OpenStack Nova Volume Service'
keystone service-create --name glance --type image --description 'OpenStack Image Service'
keystone service-create --name keystone --type identity --description 'OpenStack Identity Service'
keystone service-create --name quantum --type network --description 'Openstack Network Service'
[root@node1 ~]# keystone service-list
+----------------------------------+-------------+----------+-------------------------------+
| id | name | type | description |
+----------------------------------+-------------+----------+-------------------------------+
| 08c9dda3576347c49290eebebb7a39cb | quantum | network | Openstack Network Service |
| 5c4fd5fb7b054ce4af29ac4c17b7bee0 | nova | compute | OpenStack Compute Service |
| 70490f9d704e4c368e697126c771e250 | keystone | identity | OpenStack Identity Service |
| 7955a55492064fa8b70783616688f881 | glance | image | OpenStack Image Service |
| d0e33c89f72b4cffa2738a6e0ffb1828 | nova-volume | volume | OpenStack Nova Volume Service |
+----------------------------------+-------------+----------+-------------------------------+
8.2 Create the endpoints:
IDENTITY_ID=70490f9d704e4c368e697126c771e250
COMPUTE_ID=5c4fd5fb7b054ce4af29ac4c17b7bee0
VOLUME_ID=d0e33c89f72b4cffa2738a6e0ffb1828
IMAGE_ID=7955a55492064fa8b70783616688f881
NETWORD_ID=08c9dda3576347c49290eebebb7a39cb
keystone endpoint-create --region=RegionOne --service_id=$IDENTITY_ID --publicurl='http://node1:$(public_port)s/v2.0' --internalurl='http://node1:$(public_port)s/v2.0' --adminurl='http://node1:$(admin_port)s/v2.0'
keystone endpoint-create --region=RegionOne --service_id=$COMPUTE_ID --publicurl='http://node1:$(compute_port)s/v1.1/$(tenant_id)s' --internalurl='http://node1:$(compute_port)s/v1.1/$(tenant_id)s' --adminurl='http://node1:$(compute_port)s/v1.1/$(tenant_id)s'
keystone endpoint-create --region=RegionOne --service_id=$VOLUME_ID --publicurl='http://node1:8776/v1/$(tenant_id)s' --internalurl='http://node1:8776/v1/$(tenant_id)s' --adminurl='http://node1:8776/v1/$(tenant_id)s'
keystone endpoint-create --region=RegionOne --service_id=$IMAGE_ID --publicurl='http://node1:9292/v1' --internalurl='http://node1:9292/v1' --adminurl='http://node1:9292/v1'
keystone endpoint-create --region=RegionOne --service_id=$NETWORD_ID --publicurl='http://node1:9696/' --internalurl='http://node1:9696/' --adminurl='http://node1:9696/'
8.3 You can use following scripts to create admin user:
SERVICE_TOKEN=ADMIN
ADMIN_PASSWORD=password
SERVICE_ENDPOINT=http://node1:35357/v2.0
export SERVICE_TOKEN=$SERVICE_TOKEN
export SERVICE_ENDPOINT=$SERVICE_ENDPOINT
function get_id(){
echo`$@ |grep id |awk '{print$4}'`
}
ADMIN_TENANT=`get_id keystonetenant-create --name=admin`
ADMIN_USER=`get_id keystoneuser -create --name=admin --pass="$ADMIN_PASSWORD" --email=admin@example.com`
ADMIN_ROLE=`get_id keystonerole -create --name=admin`
KEYSTONESERVICE_ROLE=`get_id keystonerole -create --name=KeystoneServiceAdmin`
keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant_id $ADMIN_TENANT
keystone user-role-add --user-id $ADMIN_USER --role-id $KEYSTONESERVICE_ROLE --tenant_id$ADMIN_TENANT
echo$?
Or you can do it step by step as bellow:
8.3.1 Create the roles:
keystone role-create --name KeystoneServiceAdmin
keystone role-create --name Admin
keystone role-create --name Member
keystone role-create --name sysadmin
keystone role-create --name netadmin
8.3.2 Create users and tenants, one user can visit multi tenants, admin user can visit all tenants.
keystone tenant-create --name admin
keystone tenant-create --name tenant1
keystone tenant-create --name tenant2
keystone user-create --name admin --tenant_id cfdf5ed5e5b44d04a608627775a8c5ed --pass password --email admin@cn.ibm.com --enabled true
keystone user-create --name hua --tenant_id 82f45edf672b4d9280b59a046d906ef9 --pass password --email hua@cn.ibm.com --enabled true
Note: for another tenant of user hua, we will associate using following command in the bellow:
keystone user-role-add --user-id 10b10ece31cb4617ac36dac10249791c --role-id 0e79b691e5934e2ab41882f931fa8b7d --tenant_id=0215ab0266c54f578d34614d01a7d05d
[root@node1 ~]# keystone tenant-list
+----------------------------------+---------+---------+
| id | name | enabled |
+----------------------------------+---------+---------+
| 0215ab0266c54f578d34614d01a7d05d | tenant2 | True |
| 82f45edf672b4d9280b59a046d906ef9 | tenant1 | True |
| cfdf5ed5e5b44d04a608627775a8c5ed | admin | True |
+----------------------------------+---------+---------+
[root@node1 ~]# keystone user-list
+----------------------------------+-------+---------+------------------+
| id | name | enabled | email |
+----------------------------------+-------+---------+------------------+
| 10b10ece31cb4617ac36dac10249791c | hua | True | hua@cn.ibm.com |
| 198cb7a91a5d4e03b959924a16bf2fc9 | admin | True | admin@cn.ibm.com |
+----------------------------------+-------+---------+------------------+
[root@node1 ~]# keystone role-list
+----------------------------------+----------------------+
| id | name |
+----------------------------------+----------------------+
| 0e79b691e5934e2ab41882f931fa8b7d | Member |
| 1fc6404b6b194e768a6b79b365c15523 | sysadmin |
| 5beddbed11c6457989ef29295a3b6a05 | KeystoneServiceAdmin |
| 968b63e22684429fa3e66d99865038c4 | Admin |
| c81ea6a629274de6bc5863640723d6bf | netadmin |
+----------------------------------+----------------------+
8.3.3 Only admin user can manage keystone, so need add the KeystoneServiceAdmin role to the admin user for each tenant:
keystone user-role-add --user-id 198cb7a91a5d4e03b959924a16bf2fc9 --role-id 5beddbed11c6457989ef29295a3b6a05 --tenant_id=0215ab0266c54f578d34614d01a7d05d
keystone user-role-add --user-id 198cb7a91a5d4e03b959924a16bf2fc9 --role-id 5beddbed11c6457989ef29295a3b6a05 --tenant_id=82f45edf672b4d9280b59a046d906ef9
keystone user-role-add --user-id 198cb7a91a5d4e03b959924a16bf2fc9 --role-id 5beddbed11c6457989ef29295a3b6a05 --tenant_id=cfdf5ed5e5b44d04a608627775a8c5ed
8.3.4 Add the Admin role to the admin user for each tenant:
keystone user-role-add --user-id 198cb7a91a5d4e03b959924a16bf2fc9 --role-id 968b63e22684429fa3e66d99865038c4 --tenant_id=0215ab0266c54f578d34614d01a7d05d
keystone user-role-add --user-id 198cb7a91a5d4e03b959924a16bf2fc9 --role-id 968b63e22684429fa3e66d99865038c4 --tenant_id=82f45edf672b4d9280b59a046d906ef9
keystone user-role-add --user-id 198cb7a91a5d4e03b959924a16bf2fc9 --role-id 968b63e22684429fa3e66d99865038c4 --tenant_id=cfdf5ed5e5b44d04a608627775a8c5ed
8.3.5 The common user hua have two tenants, should add the Member role to the hua user for each tenant:
keystone user-role-add --user-id 10b10ece31cb4617ac36dac10249791c --role-id 0e79b691e5934e2ab41882f931fa8b7d --tenant_id=0215ab0266c54f578d34614d01a7d05d
keystone user-role-add --user-id 10b10ece31cb4617ac36dac10249791c --role-id 0e79b691e5934e2ab41882f931fa8b7d --tenant_id=82f45edf672b4d9280b59a046d906ef9
相关文章推荐
- [Step By Step]使用SAP Business Objects Data Services将Mysql中的数据导入到SAP HANA中
- [Step By Step]使用SAP Business Objects Data Services将合并数据导入到SAP HANA中(Merge)
- Step by Step move datafile in Oracle
- 【ASP.NET Step by Step】之十一至十五 Custom Formatting Based Upon Data
- [Step By Step]在SAP Business Objects Data Services中使用SQL Transform将数据导入到SAP HANA中(SQL Transform)
- [Step By Step]在SAP Business Objects Data Services中使用Row Generation Transform数据生成并导入到SAP HANA中(Row Generation Transform)
- Step By Step(userdata)
- BW--Create Data Warehousing: Step by Step(摘自SAP Library)
- [Data Pump]Learning Data Pump Step by Step -- (2) Data Pump Export
- [Step By Step]使用SAP Business Objects Data Services将XML数据导入到SAP HANA中(XML XSD Schema)
- [Step By Step]在SAP Business Objects Data Services中使用Table Comparison Transform表比较功能并导入到SAP HANA中(Table Comparison Transform)
- BW--Create Data Warehousing: Step by Step(摘自SAP Library)
- [Step By Step]在SAP Business Objects Data Services中使用History Preserving Transform表比较功能并导入到SAP HANA中(History Preserving Transform)
- Apache Cassandra Learning Step by Step (4): Data Modeling
- Oracle 11g Active Data Guard step by step: How to create a Physical Standby Database using RMAN
- BW--Create Data Warehousing: Step by Step(摘自SAP Library)
- [Step By Step]如何在SAP Business Object Data Services中连接到SAP HANA 数据库
- [Step By Step]在SAP Business Objects Data Services中使用Date Generation生成日期维度数据并导入到SAP HANA中(Date Generation)
- [Step By Step]在SAP Business Objects Data Services中使用Case Transform数据分离功能区分数据并分别导入到SAP HANA中(Case Transform)
- Enterprise Library Library Data Access Application Block Step By Step