Couch to open_stack_keystone

  • 2,204 views
Uploaded on

 

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
2,204
On Slideshare
0
From Embeds
0
Number of Embeds
7

Actions

Shares
Downloads
46
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Identity - Keystone Couch To OpenStack
  • 2. - Subscribe & Recordings: http://bit.ly/BrownbagPodcast - Sign up for the rest of the series: http://openstack.prov12n.com/about-couch-to-openstack/ Some Logistics
  • 3. On Twitter: #vBrownBag Also: @cody_bunch Join the conversation
  • 4. - New Edition: http://www.packtpub.com/openstack-cloud- computing-cookbook-second-edition/book - Old Edition: http://amzn.to/12eI6rX Buy the Book
  • 5. 7/2/2013 – Intro to OpenStack < Recording here: http://buff.ly/1cQZ3xC 7/9/2013 – Vagrant Primer < Recording here: http://bit.ly/149FnWt 7/16/2013 – Identity services (Keystone) << We Are Here 7/23/2013 – Image services (Glance) 7/30/2013 – Compute Services (Nova) 8/6/2013 – Block Storage / Volume Services (Cinder) 8/13/2013 – Networking Services (Quantum) 8/20/2013 - Monitoring & Troubleshooting 8/27/2013 - HA OpenStack 9/3/2013 – DevOps Deployments Note: Dates are subject to change depending on how far we get in each lesson. The Rest of the Series
  • 6. Y’all did the homework right? Remember we have a G+ Support group here: https://plus.google.com/communities/1016630525883821 71429 Homework Review
  • 7. - git clone https://github.com/bunchc/Couch_to_OpenStack.git - cd Couch_to_OpenStack - vagrant up Build Time!
  • 8. - Adds the Grizzly packages for Ubuntu - Set’s a bunch of variables - Installs MySQL - Creates a DB - Creates a User - Assigns User to DB - Installs keystone - Configs keystone - Creates a user / tenant / endpoint, etc Build – What’s it doing?
  • 9. - Identity Management Service - Provides centralized Authentication and Authorization for OpenStack Services - … Let’s take a look: Keystone Intro
  • 10. Keystone Intro
  • 11. - Users - A User or Service - Set of credentials - User / Pass - User / API Key - User / RSA Token - etc Concepts - Users
  • 12. - Tenant - A collection of resources - Instances in Nova - Networks in Neutron - Images in Glance - aka “projects” Concepts - Tenants
  • 13. - Role - Binds a user to a tenant - Privileges or Rights on a set of resources - For example - Access to networks - Ability to upload images - Access to consoles Concepts - Roles
  • 14. - Token - Arbitrary bit of text - Provides context & scope for authorization - PKI Tokens in Grizzly - keystone.token.providers.pki.Provider - Additional providers in the future Concepts – Token
  • 15. - Service - An OpenStack Service - Keystone - Cinder - Nova - etc - Provides “endpoints”, or URLs users can use to operate the services Concepts – Service
  • 16. - Endpoint - Network Address / URL for a service - Admin - Internal - Public Concepts – Endpoint
  • 17. - http://docs.openstack.org/trunk/openstack- identity/admin/content/Identity-Service-Concepts- e1362.html - http://www.slideshare.net/kamesh001/openstack- keystone - http://docs.openstack.org/developer/keystone/configur ation.html Concepts – Reference
  • 18. - vagrant ssh controller - sudo su - - cat .stackrc - export OS_TENANT_NAME=cookbook - export OS_USERNAME=admin - export OS_PASSWORD=openstack - export OS_AUTH_URL=http://${MY_IP}:5000/v2.0/ - source .stackrc Using Keystone!
  • 19. - keystone service-list +----------------------------------+----------+----------+---------------------------+ | id | name | type | description | +----------------------------------+----------+----------+---------------------------+ | cd9aedf1430e48aa9d63af7c52581aa0 | cinder | volume | Cinder Volume Service | | 9ed2fcefaf70476896b7b5dd3fff1a8c | ec2 | ec2 | EC2 Compatibility Layer | | 830ed2c03fd742a586c5c378f6c540e0 | glance | image | Glance Image Service | | 9103fbbc247248ea9132025e91ba7025 | keystone | identity | Keystone Identity Service | | e75645d65beb4a95a79d1b3cabf7f256 | nova | compute | Nova Compute Service | +----------------------------------+----------+----------+---------------------------+ - keystone service-get <UUID> +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Keystone Identity Service | | id | 9103fbbc247248ea9132025e91ba7025 | | name | keystone | | type | identity | +-------------+----------------------------------+ List Services
  • 20. # keystone user-list +----------------------------------+------------+---------+-------+ | id | name | enabled | email | +----------------------------------+------------+---------+-------+ | 390f2da1b41447aea3fa87f3feb77159 | admin | True | | | e2d55836f1d64e7d9131eedb222803ea | cinder | True | | | 690ba1fd20104b7db99873c02d7497a3 | glance | True | | | 62b9f4c6924749deb80c2f3e0ed86df8 | monitoring | True | | | 3b57d891ef9649c087d6c7259f0cdf80 | nova | True | | +----------------------------------+------------+---------+-------+ # keystone user-get 3b57d891ef9649c087d6c7259f0cdf80 +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | 3b57d891ef9649c087d6c7259f0cdf80 | | name | nova | | tenantId | 5551bace71ff4d3f891176fe22cb3016 | +----------+----------------------------------+ List Users
  • 21. # keystone tenant-list +----------------------------------+---------+---------+ | id | name | enabled | +----------------------------------+---------+---------+ | e9f36d967ce249398f223da966fac706 | admin | True | | 5551bace71ff4d3f891176fe22cb3016 | service | True | +----------------------------------+---------+---------+ # keystone tenant-get 5551bace71ff4d3f891176fe22cb3016 +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | service Tenant | | enabled | True | | id | 5551bace71ff4d3f891176fe22cb3016 | | name | service | +-------------+----------------------------------+ List Tenants
  • 22. # keystone endpoint-list +----------------------------------+-----------+-------------------------------------------+--------------------------- ----------------+-------------------------------------------+----------------------------------+ | id | region | publicurl | internalurl | adminurl | service_id | +----------------------------------+-----------+-------------------------------------------+--------------------------- ----------------+-------------------------------------------+----------------------------------+ | 087c7b7b7a4c433c97414db7187d0ac1 | RegionOne | http://10.178.22.42:8773/services/Cloud | http://10.178.22.42:8773/services/Cloud | http://10.178.22.42:8773/services/Admin | 9ed2fcefaf70476896b7b5dd3fff1a8c | | 520e98d49f5e4c23a93f278cf12a4b22 | RegionOne | http://10.178.22.42:5000/v2.0 | http://10.178.22.42:5000/v2.0 | http://10.178.22.42:35357/v2.0 | 9103fbbc247248ea9132025e91ba7025 | | 8c253aea03cb445fbe5549bf65baf430 | RegionOne | http://10.178.22.42:9292/v1 | http://10.178.22.42:9292/v1 | http://10.178.22.42:9292/v1 | 830ed2c03fd742a586c5c378f6c540e0 | | ec3a2237002c4dbdb4db365fbc961aa1 | RegionOne | http://10.178.22.42:8776/v1/%(tenant_id)s | http://10.178.22.42:8776/v1/%(tenant_id)s | http://10.178.22.42:8776/v1/%(tenant_id)s | cd9aedf1430e48aa9d63af7c52581aa0 | | f9aa590ca08346a6a4a228b993cdcf39 | RegionOne | http://10.178.22.42:8774/v2/%(tenant_id)s | http://10.178.22.42:8774/v2/%(tenant_id)s | http://10.178.22.42:8774/v2/%(tenant_id)s | e75645d65beb4a95a79d1b3cabf7f256 | +----------------------------------+-----------+-------------------------------------------+--------------------------- ----------------+-------------------------------------------+----------------------------------+ # keystone endpoint-get --service identity +--------------------+-------------------------------+ | Property | Value | +--------------------+-------------------------------+ | identity.publicURL | http://10.178.22.42:5000/v2.0 | +--------------------+-------------------------------+ List Endpoints
  • 23. We’re going to need some things to make Glance work next week. Specifically, you’ll want a role, endpoint, service, and maybe some others in keystone. Additionally, like getting keystone up and running, let’s try to get glance installed for next week as well. Homework!