• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Couch to open_stack_keystone
 

Couch to open_stack_keystone

on

  • 2,125 views

 

Statistics

Views

Total Views
2,125
Views on SlideShare
722
Embed Views
1,403

Actions

Likes
1
Downloads
41
Comments
0

6 Embeds 1,403

http://openstack.prov12n.com 1367
https://twitter.com 21
http://cloud.feedly.com 8
https://www.google.com 3
http://www.google.co.uk 2
http://www.google.com 2

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Couch to open_stack_keystone Couch to open_stack_keystone Presentation Transcript

    • Identity - Keystone Couch To OpenStack
    • - Subscribe & Recordings: http://bit.ly/BrownbagPodcast - Sign up for the rest of the series: http://openstack.prov12n.com/about-couch-to-openstack/ Some Logistics
    • On Twitter: #vBrownBag Also: @cody_bunch Join the conversation
    • - New Edition: http://www.packtpub.com/openstack-cloud- computing-cookbook-second-edition/book - Old Edition: http://amzn.to/12eI6rX Buy the Book
    • 7/2/2013 – Intro to OpenStack < Recording here: http://buff.ly/1cQZ3xC 7/9/2013 – Vagrant Primer < Recording here: http://bit.ly/149FnWt 7/16/2013 – Identity services (Keystone) << We Are Here 7/23/2013 – Image services (Glance) 7/30/2013 – Compute Services (Nova) 8/6/2013 – Block Storage / Volume Services (Cinder) 8/13/2013 – Networking Services (Quantum) 8/20/2013 - Monitoring & Troubleshooting 8/27/2013 - HA OpenStack 9/3/2013 – DevOps Deployments Note: Dates are subject to change depending on how far we get in each lesson. The Rest of the Series
    • Y’all did the homework right? Remember we have a G+ Support group here: https://plus.google.com/communities/1016630525883821 71429 Homework Review
    • - git clone https://github.com/bunchc/Couch_to_OpenStack.git - cd Couch_to_OpenStack - vagrant up Build Time!
    • - Adds the Grizzly packages for Ubuntu - Set’s a bunch of variables - Installs MySQL - Creates a DB - Creates a User - Assigns User to DB - Installs keystone - Configs keystone - Creates a user / tenant / endpoint, etc Build – What’s it doing?
    • - Identity Management Service - Provides centralized Authentication and Authorization for OpenStack Services - … Let’s take a look: Keystone Intro
    • Keystone Intro
    • - Users - A User or Service - Set of credentials - User / Pass - User / API Key - User / RSA Token - etc Concepts - Users
    • - Tenant - A collection of resources - Instances in Nova - Networks in Neutron - Images in Glance - aka “projects” Concepts - Tenants
    • - Role - Binds a user to a tenant - Privileges or Rights on a set of resources - For example - Access to networks - Ability to upload images - Access to consoles Concepts - Roles
    • - Token - Arbitrary bit of text - Provides context & scope for authorization - PKI Tokens in Grizzly - keystone.token.providers.pki.Provider - Additional providers in the future Concepts – Token
    • - Service - An OpenStack Service - Keystone - Cinder - Nova - etc - Provides “endpoints”, or URLs users can use to operate the services Concepts – Service
    • - Endpoint - Network Address / URL for a service - Admin - Internal - Public Concepts – Endpoint
    • - http://docs.openstack.org/trunk/openstack- identity/admin/content/Identity-Service-Concepts- e1362.html - http://www.slideshare.net/kamesh001/openstack- keystone - http://docs.openstack.org/developer/keystone/configur ation.html Concepts – Reference
    • - vagrant ssh controller - sudo su - - cat .stackrc - export OS_TENANT_NAME=cookbook - export OS_USERNAME=admin - export OS_PASSWORD=openstack - export OS_AUTH_URL=http://${MY_IP}:5000/v2.0/ - source .stackrc Using Keystone!
    • - keystone service-list +----------------------------------+----------+----------+---------------------------+ | id | name | type | description | +----------------------------------+----------+----------+---------------------------+ | cd9aedf1430e48aa9d63af7c52581aa0 | cinder | volume | Cinder Volume Service | | 9ed2fcefaf70476896b7b5dd3fff1a8c | ec2 | ec2 | EC2 Compatibility Layer | | 830ed2c03fd742a586c5c378f6c540e0 | glance | image | Glance Image Service | | 9103fbbc247248ea9132025e91ba7025 | keystone | identity | Keystone Identity Service | | e75645d65beb4a95a79d1b3cabf7f256 | nova | compute | Nova Compute Service | +----------------------------------+----------+----------+---------------------------+ - keystone service-get <UUID> +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Keystone Identity Service | | id | 9103fbbc247248ea9132025e91ba7025 | | name | keystone | | type | identity | +-------------+----------------------------------+ List Services
    • # keystone user-list +----------------------------------+------------+---------+-------+ | id | name | enabled | email | +----------------------------------+------------+---------+-------+ | 390f2da1b41447aea3fa87f3feb77159 | admin | True | | | e2d55836f1d64e7d9131eedb222803ea | cinder | True | | | 690ba1fd20104b7db99873c02d7497a3 | glance | True | | | 62b9f4c6924749deb80c2f3e0ed86df8 | monitoring | True | | | 3b57d891ef9649c087d6c7259f0cdf80 | nova | True | | +----------------------------------+------------+---------+-------+ # keystone user-get 3b57d891ef9649c087d6c7259f0cdf80 +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | 3b57d891ef9649c087d6c7259f0cdf80 | | name | nova | | tenantId | 5551bace71ff4d3f891176fe22cb3016 | +----------+----------------------------------+ List Users
    • # keystone tenant-list +----------------------------------+---------+---------+ | id | name | enabled | +----------------------------------+---------+---------+ | e9f36d967ce249398f223da966fac706 | admin | True | | 5551bace71ff4d3f891176fe22cb3016 | service | True | +----------------------------------+---------+---------+ # keystone tenant-get 5551bace71ff4d3f891176fe22cb3016 +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | service Tenant | | enabled | True | | id | 5551bace71ff4d3f891176fe22cb3016 | | name | service | +-------------+----------------------------------+ List Tenants
    • # keystone endpoint-list +----------------------------------+-----------+-------------------------------------------+--------------------------- ----------------+-------------------------------------------+----------------------------------+ | id | region | publicurl | internalurl | adminurl | service_id | +----------------------------------+-----------+-------------------------------------------+--------------------------- ----------------+-------------------------------------------+----------------------------------+ | 087c7b7b7a4c433c97414db7187d0ac1 | RegionOne | http://10.178.22.42:8773/services/Cloud | http://10.178.22.42:8773/services/Cloud | http://10.178.22.42:8773/services/Admin | 9ed2fcefaf70476896b7b5dd3fff1a8c | | 520e98d49f5e4c23a93f278cf12a4b22 | RegionOne | http://10.178.22.42:5000/v2.0 | http://10.178.22.42:5000/v2.0 | http://10.178.22.42:35357/v2.0 | 9103fbbc247248ea9132025e91ba7025 | | 8c253aea03cb445fbe5549bf65baf430 | RegionOne | http://10.178.22.42:9292/v1 | http://10.178.22.42:9292/v1 | http://10.178.22.42:9292/v1 | 830ed2c03fd742a586c5c378f6c540e0 | | ec3a2237002c4dbdb4db365fbc961aa1 | RegionOne | http://10.178.22.42:8776/v1/%(tenant_id)s | http://10.178.22.42:8776/v1/%(tenant_id)s | http://10.178.22.42:8776/v1/%(tenant_id)s | cd9aedf1430e48aa9d63af7c52581aa0 | | f9aa590ca08346a6a4a228b993cdcf39 | RegionOne | http://10.178.22.42:8774/v2/%(tenant_id)s | http://10.178.22.42:8774/v2/%(tenant_id)s | http://10.178.22.42:8774/v2/%(tenant_id)s | e75645d65beb4a95a79d1b3cabf7f256 | +----------------------------------+-----------+-------------------------------------------+--------------------------- ----------------+-------------------------------------------+----------------------------------+ # keystone endpoint-get --service identity +--------------------+-------------------------------+ | Property | Value | +--------------------+-------------------------------+ | identity.publicURL | http://10.178.22.42:5000/v2.0 | +--------------------+-------------------------------+ List Endpoints
    • We’re going to need some things to make Glance work next week. Specifically, you’ll want a role, endpoint, service, and maybe some others in keystone. Additionally, like getting keystone up and running, let’s try to get glance installed for next week as well. Homework!