Consolidate catalog management guide
We already have an admin guide on creating services in the catalog and creating service users, so reduce the duplication in the configuration guide. Change-Id: I1de964753b8c6c95af10b8c84501e4f74ca382e4
This commit is contained in:
parent
b25a655793
commit
fed5f52c8a
|
@ -128,13 +128,27 @@ Create service users
|
|||
+-------------+----------------------------------+
|
||||
|
||||
#. Create service users for the relevant services for your
|
||||
deployment.
|
||||
deployment. For example:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
$ openstack user create nova --password Sekr3tPass
|
||||
+---------------------+----------------------------------+
|
||||
| Field | Value |
|
||||
+---------------------+----------------------------------+
|
||||
| domain_id | default |
|
||||
| enabled | True |
|
||||
| id | 95ec3e1d5dd747f5a512d261731d29c7 |
|
||||
| name | nova |
|
||||
| options | {} |
|
||||
| password_expires_at | None |
|
||||
+---------------------+----------------------------------+
|
||||
|
||||
#. Assign the admin role to the user-project pair.
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
$ openstack role add --project service --user SERVICE_USER_NAME admin
|
||||
$ openstack role add --project service --user nova admin
|
||||
+-------+----------------------------------+
|
||||
| Field | Value |
|
||||
+-------+----------------------------------+
|
||||
|
|
|
@ -18,82 +18,6 @@
|
|||
Configuring Keystone
|
||||
====================
|
||||
|
||||
Setting up other OpenStack Services
|
||||
===================================
|
||||
|
||||
Creating Service Users
|
||||
----------------------
|
||||
|
||||
To configure the OpenStack services with service users, we need to create
|
||||
a project for all the services, and then users for each of the services. We
|
||||
then assign those service users an ``admin`` role on the service project. This
|
||||
allows them to validate tokens - and to authenticate and authorize other user
|
||||
requests.
|
||||
|
||||
Create a project for the services, typically named ``service`` (however, the
|
||||
name can be whatever you choose):
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
$ openstack project create service
|
||||
|
||||
Create service users for ``nova``, ``glance``, ``swift``, and ``neutron``
|
||||
(or whatever subset is relevant to your deployment):
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
$ openstack user create nova --password Sekr3tPass --project service
|
||||
|
||||
Repeat this for each service you want to enable.
|
||||
|
||||
Create an administrative role for the service accounts, typically named
|
||||
``admin`` (however the name can be whatever you choose). For adding the
|
||||
administrative role to the service accounts, you'll need to know the
|
||||
name of the role you want to add. If you don't have it handy, you can look it
|
||||
up quickly with:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
$ openstack role list
|
||||
|
||||
Once you have it, grant the administrative role to the service users.
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
$ openstack role add admin --project service --user nova
|
||||
|
||||
Defining Services
|
||||
-----------------
|
||||
|
||||
Keystone also acts as a service catalog to let other OpenStack systems know
|
||||
where relevant API endpoints exist for OpenStack Services. The OpenStack
|
||||
Dashboard, in particular, uses this heavily - and this **must** be configured
|
||||
for the OpenStack Dashboard to properly function.
|
||||
|
||||
The endpoints for these services are defined in a template, an example of
|
||||
which is in the project as the file ``etc/default_catalog.templates``.
|
||||
|
||||
Keystone supports two means of defining the services, one is the catalog
|
||||
template, as described above - in which case everything is detailed in that
|
||||
template.
|
||||
|
||||
The other is a SQL backend for the catalog service, in which case after
|
||||
Keystone is online, you need to add the services to the catalog:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
$ openstack service create compute --name nova \
|
||||
--description "Nova Compute Service"
|
||||
$ openstack service create ec2 --name ec2 \
|
||||
--description "EC2 Compatibility Layer"
|
||||
$ openstack service create image --name glance \
|
||||
--description "Glance Image Service"
|
||||
$ openstack service create identity --name keystone \
|
||||
--description "Keystone Identity Service"
|
||||
$ openstack service create object-store --name swift \
|
||||
--description "Swift Service"
|
||||
|
||||
|
||||
Identity sources
|
||||
================
|
||||
|
||||
|
|
Loading…
Reference in New Issue