How to Create the Service Tenant and Service Users
Harish
harish.appmajix at gmail.com
Wed Jan 20 13:21:17 UTC 2021
Creating the Service Tenant and Service Users
After you install the Identity service, create tenants
(projects), users and roles for your environment to authenticate
against. Without users, OpenStack cloud does not have much value
as they allow access to services and endpoints.
With the service endpoints already created, we can now configure
them so that our OpenStack services can utilize them. To do this,
each service is configured with a username and password within a
special service tenant. Configuring each service to have their
own username and password allows for greater security,
troubleshooting and, auditing within our environment. For each
service that uses an OpenStack Identity service for
authentication and authorization, we specify these details in
their relevant configuration file, when setting up that service.
Each service itself has to authenticate with keystone in order
for it to be available within OpenStack. The configuration of
that service is then done using these credentials. For example,
for ‘glance’ we specify the following in /etc/
glance/glance-registry-api.ini, when used with OpenStack Identity
service, which matches what we have created previously:
[filter:authtoken]
paste.filter_factory =
keystone.middleware.auth_token:filter_factory
service_protocol = http
service_host = 172.16.0.200
service_port = 5000
auth_host = 172.16.0.200
auth_port = 35357
auth_protocol = http
auth_uri = https:// 172.16.0.200: 5000/
admin_tenant_name = service
admin_user = glance
admin_password = glance
Getting started
To begin with, ensure you’re logged into our OpenStack Controller
host— where OpenStack Identity service has been installed— or an
appropriate Ubuntu client that has access to where OpenStack
Identity service is installed.
To log on to our OpenStack Controller host that was created using
Vagrant, issue the following command:
vagrant ssh controller
If the keystone client tool isn’t available, this can be
installed on an Ubuntu client to manage our OpenStack Identity
service, by issuing the following command:
sudo apt-get update
sudo apt-get -y install python-keystoneclient
Ensure that we have our environment set correctly to access our
OpenStack environment:
export ENDPOINT = 1172.16.0.200
export SERVICE_TOKEN = ADMIN
export
SERVICE_ENDPOINT = https:// ${ ENDPOINT}: 35357/ v2.0
How to achieve it…
To configure an appropriate service tenant, carry out the
following steps:
1) Create the service tenant (these are the organizational units
in cloud to which you can assign users) as follows:
keystone tenant-create
–name service
–description “Service Tenant”
–enabled true
Read More
-https://mindmajix.com/openstack/description-for-creating-service-tenant-and-service-users
More information about the Digitalmars-d
mailing list