3c42bf4f1b
This patch adds Debian specifics for the Keystone install chapter. Note that this is a break-down of: https://review.openstack.org/54394/ into smaller patches. backport: havana Change-Id: I9c7383f3daffab06fbe12d35208923eda00b5207
64 lines
3.0 KiB
XML
64 lines
3.0 KiB
XML
<section xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
xml:id="keystone-services"
|
|
os="rhel;centos;fedora;opensuse;sles;ubuntu">
|
|
<title>Defining Services and API Endpoints</title>
|
|
|
|
<para>The Identity Service also tracks what OpenStack services are
|
|
installed and where to locate them on the network. For each service
|
|
on your OpenStack installation, you must call
|
|
<command>keystone service-create</command> to describe the service
|
|
and <command>keystone endpoint-create</command> to specify the API
|
|
endpoints associated with the service.</para>
|
|
|
|
<para>For now, create a service for the Identity Service itself.
|
|
This will allow you to stop using the authorization token and instead
|
|
use normal authentication when using the <command>keystone</command>
|
|
command in the future.</para>
|
|
|
|
<para>First, create a service entry for the Identity Service.</para>
|
|
|
|
<screen><prompt>#</prompt> <userinput>keystone service-create --name=keystone --type=identity \
|
|
--description="Keystone Identity Service"</userinput>
|
|
<computeroutput>+-------------+----------------------------------+
|
|
| Property | Value |
|
|
+-------------+----------------------------------+
|
|
| description | Keystone Identity Service |
|
|
| id | 15c11a23667e427e91bc31335b45f4bd |
|
|
| name | keystone |
|
|
| type | identity |
|
|
+-------------+----------------------------------+</computeroutput></screen>
|
|
|
|
<para>The service id is randomly generated, and will be different
|
|
from the one shown above when you run the command. Next, specify
|
|
an API endpoint for the Identity Service using the service id you
|
|
received. When you specify an endpoint, you provide three URLs
|
|
for the public API, the internal API, and the admin API. In this
|
|
guide, we use the hostname <literal>controller</literal>. Note
|
|
that the Identity Service uses a different port for the admin
|
|
API.</para>
|
|
|
|
<screen><prompt>#</prompt> <userinput>keystone endpoint-create \
|
|
--service-id=<replaceable>the_service_id_above</replaceable> \
|
|
--publicurl=http://<replaceable>controller</replaceable>:5000/v2.0 \
|
|
--internalurl=http://<replaceable>controller</replaceable>:5000/v2.0 \
|
|
--adminurl=http://<replaceable>controller</replaceable>:35357/v2.0</userinput>
|
|
<computeroutput>+-------------+-----------------------------------+
|
|
| Property | Value |
|
|
+-------------+-----------------------------------+
|
|
| adminurl | http://controller:35357/v2.0 |
|
|
| id | 11f9c625a3b94a3f8e66bf4e5de2679f |
|
|
| internalurl | http://controller:5000/v2.0 |
|
|
| publicurl | http://controller:5000/v2.0 |
|
|
| region | regionOne |
|
|
| service_id | 15c11a23667e427e91bc31335b45f4bd |
|
|
+-------------+-----------------------------------+
|
|
</computeroutput>
|
|
</screen>
|
|
|
|
<para>As you add other services to your OpenStack installation, you
|
|
will call these commands again to register those services with the
|
|
Identity Service.</para>
|
|
|
|
</section>
|