Editing Keystone Services

Edited the document for clarity: addressed punctuation
points in the keystone services section, and also added edits
to clarify the Identity Concepts section. Moved Content from the
Keystone Services section to the Identity Concepts
Section.

Change-Id: I94d21ba16f89ea2ba12166bab3f6893091bccbbf
Implements: blueprint installation-guide-improvements
This commit is contained in:
Joseph Robinson 2014-06-05 14:08:51 +10:00
parent 726fa1da31
commit ca395c88ec
2 changed files with 55 additions and 52 deletions

View File

@ -16,8 +16,12 @@
endpoints.</para> endpoints.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>When installing OpenStack Identity service, you must register
each service in your OpenStack installation. Identity service
can then track which OpenStack services are installed, and
where they are located on the network.</para>
<para>To understand OpenStack Identity, you must understand the <para>To understand OpenStack Identity, you must understand the
following concepts:</para> following concepts:</para>
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term>User</term> <term>User</term>
@ -35,10 +39,10 @@
<varlistentry> <varlistentry>
<term>Credentials</term> <term>Credentials</term>
<listitem> <listitem>
<para>Data that confirms the user's identity. For example, user <para>Data that confirms the user's identity. For
name and password; user name and API key; or an example: user name and password, user name and API
authentication token provided by the Identity key, or an authentication token provided by the
Service.</para> Identity Service.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -49,7 +53,7 @@
by validating a set of credentials supplied by the by validating a set of credentials supplied by the
user.</para> user.</para>
<para>These credentials are initially a user name and <para>These credentials are initially a user name and
password; or a user name and API key. When user password, or a user name and API key. When user
credentials are validated, OpenStack Identity issues an credentials are validated, OpenStack Identity issues an
authentication token which the user provides in subsequent authentication token which the user provides in subsequent
requests.</para> requests.</para>
@ -58,34 +62,34 @@
<varlistentry> <varlistentry>
<term>Token</term> <term>Token</term>
<listitem> <listitem>
<para>An arbitrary bit of text that is used to access <para>An alpha-numeric string of text used to access
resources. Each token has information which defines OpenStack APIs and resources. A token may be
access to resources. A token may be revoked at any time revoked at any time and is valid for a
and is valid for a finite duration.</para> finite duration.</para>
<para>While OpenStack Identity supports token-based <para>While OpenStack Identity supports token-based
authentication in this release, the intention is authentication in this release, the intention is
to support additional protocols in the future. Its main to support additional protocols in the future.
purpose is to be an integration service, and not aspire to Its main purpose is to be an integration service,
be a full-fledged identity store and management and not aspire to be a full-fledged identity store
solution.</para> and management solution.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>Tenant</term> <term>Tenant</term>
<listitem> <listitem>
<para>A container used to group or isolate resources <para>A container used to group or isolate resources.
and/or identity objects. Depending on the service Tenants also group or isolate identity objects.
operator, a tenant may map to a customer, account, Depending on the service operator, a tenant may map
organization, or project.</para> to a customer, account, organization, or project.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>Service</term> <term>Service</term>
<listitem> <listitem>
<para>An OpenStack service, such as Compute (nova), <para>An OpenStack service, such as Compute (nova),
Object Storage (swift), or Image Service (glance). It Object Storage (swift), or Image Service (glance).
provides one or more endpoints through which users can It provides one or more endpoints in which
access resources and perform operations.</para> users can access resources and perform operations.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -110,6 +114,17 @@
resources each role grants access.</para> resources each role grants access.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term>Keystone Client</term>
<listitem>
<para>A command line interface for the OpenStack
Identity API. For example, users can run the
<command>keystone service-create</command> and
<command>keystone endpoint-create</command> commands
to register services in their OpenStack
installations.</para>
</listitem>
</varlistentry>
</variablelist> </variablelist>
<para>The following diagram shows the OpenStack Identity process <para>The following diagram shows the OpenStack Identity process
flow:</para> flow:</para>
@ -117,12 +132,12 @@
<imageobject role="fo"> <imageobject role="fo">
<imagedata <imagedata
fileref="figures/SCH_5002_V00_NUAC-Keystone.png" fileref="figures/SCH_5002_V00_NUAC-Keystone.png"
format="PNG" scale="40"/> format="PNG" contentwidth="6in"/>
</imageobject> </imageobject>
<imageobject role="html"> <imageobject role="html">
<imagedata <imagedata
fileref="figures/SCH_5002_V00_NUAC-Keystone.png" fileref="figures/SCH_5002_V00_NUAC-Keystone.png"
format="PNG" scale="10"/> format="PNG" contentwidth="6in"/>
</imageobject> </imageobject>
</mediaobject> </mediaobject>
</section> </section>

View File

@ -2,25 +2,12 @@
xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="keystone-services" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="keystone-services"
version="5.0" os="rhel;centos;fedora;opensuse;sles;ubuntu"> version="5.0" os="rhel;centos;fedora;opensuse;sles;ubuntu">
<title>Define services and API endpoints</title> <title>Define services and API endpoints</title>
<para>So that the Identity Service can track which OpenStack services are
installed and where they are located on the network, you must register each
service in your OpenStack installation. To register a service, run these
commands:</para>
<itemizedlist>
<listitem>
<para><command>keystone service-create</command>. Describes the
service.</para>
</listitem>
<listitem>
<para><command>keystone endpoint-create</command>. Associates
<glossterm baseform="API endpoint">API endpoints</glossterm>
with the service.</para>
</listitem>
</itemizedlist>
<para>You must also register the Identity Service itself. Use the
<code>OS_SERVICE_TOKEN</code> environment variable, as set previously, for
authentication.</para>
<procedure> <procedure>
<step>
<para>Register the identity service itself using the
<code>OS_SERVICE_TOKEN</code> environment variable, as set
previously, for authentication.</para>
</step>
<step> <step>
<para>Create a service entry for the Identity Service:</para> <para>Create a service entry for the Identity Service:</para>
<screen><prompt>$</prompt> <userinput>keystone service-create --name=keystone --type=identity \ <screen><prompt>$</prompt> <userinput>keystone service-create --name=keystone --type=identity \
@ -33,15 +20,16 @@
| name | keystone | | name | keystone |
| type | identity | | type | identity |
+-------------+----------------------------------+</computeroutput></screen> +-------------+----------------------------------+</computeroutput></screen>
<para>The service ID is randomly generated and is different from the one <para>The service ID is randomly generated and is different from
shown here.</para> the one shown here.</para>
</step> </step>
<step> <step>
<para>Specify an API endpoint for the Identity Service by using the <para>Specify an API endpoint for the Identity Service by using
returned service ID. When you specify an endpoint, you provide URLs for the returned service ID. When you specify an endpoint, you
the public API, internal API, and admin API. In this guide, the provide URLs for the public API, internal API, and admin API.
<literal>controller</literal> host name is used. Note that the In this guide, the <literal>controller</literal> host name is
Identity Service uses a different port for the admin API.</para> used. Note that the Identity Service uses a different port for
the admin API.</para>
<screen><prompt>$</prompt> <userinput>keystone endpoint-create \ <screen><prompt>$</prompt> <userinput>keystone endpoint-create \
--service-id=$(keystone service-list | awk '/ identity / {print $2}') \ --service-id=$(keystone service-list | awk '/ identity / {print $2}') \
--publicurl=http://<replaceable>controller</replaceable>:5000/v2.0 \ --publicurl=http://<replaceable>controller</replaceable>:5000/v2.0 \
@ -61,10 +49,10 @@
</procedure> </procedure>
<note> <note>
<para> <para>
You will need to create an additional endpoint for each service added to You will need to create an additional endpoint for each service
your OpenStack environment. The sections of this guide associated with added to your OpenStack environment. The sections of this guide
the installation of each service include the endpoint creation step associated with the installation of each service include the
specific to the service. endpoint creation step specific to the service.
</para> </para>
</note> </note>
</section> </section>