openstack/magnum
Code Issues Proposed changes
magnum/install-guide/source/common/prerequisites.rst
Spyros Trigazis 67de6c537a Add user-domain in role creation 
We must add the user-domain to ensure than the user is from
the magnum domain.

Change-Id: I8defb35f745f7df2e20deea759a43ef1bb47d248
Closes-bug: #1635202
2016-11-01 14:06:44 +01:00

189 lines
7.5 KiB
ReStructuredText
Raw Blame History

Prerequisites
-------------
Before you install and configure the Container Infrastructure Management
service, you must create a database, service credentials, and API endpoints.
#. To create the database, complete these steps:
* Use the database access client to connect to the database
server as the ``root`` user:
.. code-block:: console
$ mysql -u root -p
* Create the ``magnum`` database:
.. code-block:: console
CREATE DATABASE magnum;
* Grant proper access to the ``magnum`` database:
.. code-block:: console
GRANT ALL PRIVILEGES ON magnum.* TO 'magnum'@'controller' \
IDENTIFIED BY 'MAGNUM_DBPASS';
GRANT ALL PRIVILEGES ON magnum.* TO 'magnum'@'%' \
IDENTIFIED BY 'MAGNUM_DBPASS';
Replace ``MAGNUM_DBPASS`` with a suitable password.
* Exit the database access client.
#. Source the ``admin`` credentials to gain access to
admin-only CLI commands:
.. code-block:: console
$ . admin-openrc
#. To create the service credentials, complete these steps:
* Create the ``magnum`` user:
.. code-block:: console
$ openstack user create --domain default \
--password-prompt magnum
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | a8ebafc275c54d389dfc1bff8b4fe286 |
| name | magnum |
+-----------+----------------------------------+
* Add the ``admin`` role to the ``magnum`` user:
.. code-block:: console
$ openstack role add --project service --user magnum admin
.. note::
This command provides no output.
* Create the ``magnum`` service entity:
.. code-block:: console
$ openstack service create --name magnum \
--description "OpenStack Container Infrastructure Management Service" \
container-infra
+-------------+-------------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------------+
| description | OpenStack Container Infrastructure Management Service |
| enabled | True |
| id | 194faf83e8fd4e028e5ff75d3d8d0df2 |
| name | magnum |
| type | container-infra |
+-------------+-------------------------------------------------------+
#. Create the Container Infrastructure Management service API endpoints:
.. code-block:: console
$ openstack endpoint create --region RegionOne \
container-infra public http://controller:9511/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | cb137e6366ad495bb521cfe92d8b8858 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0f7f62a1f1a247d2a4cb237642814d0e |
| service_name | magnum |
| service_type | container-infra |
| url | http://controller:9511/v1 |
+--------------+----------------------------------+
$ openstack endpoint create --region RegionOne \
container-infra internal http://controller:9511/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 17cbc3b6f51449a0a818118d6d62868d |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0f7f62a1f1a247d2a4cb237642814d0e |
| service_name | magnum |
| service_type | container-infra |
| url | http://controller:9511/v1 |
+--------------+----------------------------------+
$ openstack endpoint create --region RegionOne \
container-infra admin http://controller:9511/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 30f8888e6b6646d7b5cd14354c95a684 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0f7f62a1f1a247d2a4cb237642814d0e |
| service_name | magnum |
| service_type | container-infra |
| url | http://controller:9511/v1 |
+--------------+----------------------------------+
#. Magnum requires additional information in the Identity service to
manage COE clusters. To add this information, complete these steps:
* Create the ``magnum`` domain that contains projects and users:
.. code-block:: console
$ openstack domain create --description "Owns users and projects \
created by magnum" magnum
+-------------+-------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------+
| description | Owns users and projects created by magnum |
| enabled | True |
| id | 66e0469de9c04eda9bc368e001676d20 |
| name | magnum |
+-------------+-------------------------------------------+
* Create the ``magnum_domain_admin`` user to manage projects and users
in the ``magnum`` domain:
.. code-block:: console
$ openstack user create --domain magnum --password-prompt \
magnum_domain_admin
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 66e0469de9c04eda9bc368e001676d20 |
| enabled | True |
| id | 529b81cf35094beb9784c6d06c090c2b |
| name | magnum_domain_admin |
+-----------+----------------------------------+
* Add the ``admin`` role to the ``magnum_domain_admin`` user in the
``magnum`` domain to enable administrative management privileges
by the ``magnum_domain_admin`` user:
.. code-block:: console
$ openstack role add --domain magnum --user-domain magnum --user \
magnum_domain_admin admin
.. note::
This command provides no output.
View Git Blame Copy Permalink