openstack/openstack-manuals
Code Issues Proposed changes
6f3b65f959
openstack-manuals/doc/install-guide/section_keystone-services.xml
Matthew Kassawara 1496c9b050 Update keystone content for Juno 
I updated keystone content in the installation guide for Juno
as follows:

1) Added step to manually create '_member_' role because
   source/package no longer creates it automatically.
2) Removed defunct 'log_dir' workaround for Ubuntu.
3) Explicitly created endpoint with 'regionOne' region to avoid
   inconsistent defaults.
4) Recommended enabling verbose logging.
5) Removed prompts specific to MySQL because most distributions
   will use MariaDB.
6) Improved consistency with similar content from other services
   as approved with the installation guide improvements project.

Change-Id: I46a95f9a29bfab4da9961d2393f33ff65c46aec4
2014-09-15 14:15:36 -05:00

85 lines
4.2 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink"
version="5.0"
xml:id="keystone-services"
os="ubuntu;rhel;centos;fedora;sles;opensuse">
<title>Create the service entity and API endpoint</title>
<para>After you create tenants, users, and roles, you must create the
<glossterm>service</glossterm> entity and
<glossterm>API endpoint</glossterm> for the Identity service.</para>
<procedure>
<title>To configure prerequisites</title>
<step>
<para>Set the <envar>OS_SERVICE_TOKEN</envar> and
<envar>OS_SERVICE_ENDPOINT</envar> environment variables, as described
in <xref linkend="keystone-users"/>.</para>
</step>
</procedure>
<procedure>
<title>To create the service entity and API endpoint</title>
<step>
<para>The Identity service manages a catalog of services in your
OpenStack environment. Services use this catalog to locate other
services in your environment.</para>
<para>Create the service entity for the Identity service:</para>
<screen><prompt>$</prompt> <userinput>keystone service-create --name keystone --type identity \
--description "OpenStack Identity"</userinput>
<computeroutput>+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | 15c11a23667e427e91bc31335b45f4bd |
| name | keystone |
| type | identity |
+-------------+----------------------------------+</computeroutput></screen>
<note>
<para>Because OpenStack generates IDs dynamically, you will see
different values from this example command output.</para>
</note>
</step>
<step>
<para>The Identity service manages a catalog of API endpoints associated
with the services in your OpenStack environment. Services use this
catalog to determine how to communicate with other services in your
environment.</para>
<para>OpenStack provides three API endpoint variations for each service:
admin, internal, and public. In a production environment, the variants
might reside on separate networks that service different types of users
for security reasons. Also, OpenStack supports multiple regions for
scalability. For simplicity, this configuration uses the management
network for all endpoint variations and the
<literal>regionOne</literal> region.</para>
<para>Create the API endpoint for the Identity service:</para>
<screen><prompt>$</prompt> <userinput>keystone endpoint-create \
--service-id $(keystone service-list | awk '/ identity / {print $2}') \
--publicurl http://<replaceable>controller</replaceable>:5000/v2.0 \
--internalurl http://<replaceable>controller</replaceable>:5000/v2.0 \
--adminurl http://<replaceable>controller</replaceable>:35357/v2.0 \
--region regionOne</userinput>
<computeroutput>+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://controller:35357/v2.0 |
| id | 11f9c625a3b94a3f8e66bf4e5de2679f |
| internalurl | http://controller:5000/v2.0 |
| publicurl | http://controller:5000/v2.0 |
| region | regionOne |
| service_id | 15c11a23667e427e91bc31335b45f4bd |
+-------------+----------------------------------+</computeroutput></screen>
<note>
<para>This command references the ID of the service that you created
in the previous step.</para>
</note>
</step>
</procedure>
<note>
<para>Each service that you add to your OpenStack environment requires
adding information such as API endpoints to the Identity service. The
sections of this guide that cover service installation include steps
to add the appropriate information to the Identity service.</para>
</note>
</section>
View Git Blame Copy Permalink