Uploaded byProfessionalVMware
PPTX, PDF3,381 views

Couch to open_stack_keystone

This document provides an overview and introduction to the Keystone identity service in OpenStack. It defines key concepts in Keystone including users, tenants, roles, tokens, services, and endpoints. It also provides examples of using the keystone CLI to list and get information about users, tenants, services, and endpoints. The document concludes by assigning homework of setting up additional roles, endpoints, and services in Keystone to enable the Glance image service, and installing Glance in preparation for the next session.

Embed presentation

Downloaded 70 times
Identity - Keystone Couch To OpenStack
- Subscribe & Recordings: http://bit.ly/BrownbagPodcast - Sign up for the rest of the series: http://openstack.prov12n.com/about-couch-to-openstack/ Some Logistics
On Twitter: #vBrownBag Also: @cody_bunch Join the conversation
- New Edition: http://www.packtpub.com/openstack-cloud- computing-cookbook-second-edition/book - Old Edition: http://amzn.to/12eI6rX Buy the Book
7/2/2013 – Intro to OpenStack < Recording here: http://buff.ly/1cQZ3xC 7/9/2013 – Vagrant Primer < Recording here: http://bit.ly/149FnWt 7/16/2013 – Identity services (Keystone) << We Are Here 7/23/2013 – Image services (Glance) 7/30/2013 – Compute Services (Nova) 8/6/2013 – Block Storage / Volume Services (Cinder) 8/13/2013 – Networking Services (Quantum) 8/20/2013 - Monitoring & Troubleshooting 8/27/2013 - HA OpenStack 9/3/2013 – DevOps Deployments Note: Dates are subject to change depending on how far we get in each lesson. The Rest of the Series
Y’all did the homework right? Remember we have a G+ Support group here: https://plus.google.com/communities/1016630525883821 71429 Homework Review
- git clone https://github.com/bunchc/Couch_to_OpenStack.git - cd Couch_to_OpenStack - vagrant up Build Time!
- Adds the Grizzly packages for Ubuntu - Set’s a bunch of variables - Installs MySQL - Creates a DB - Creates a User - Assigns User to DB - Installs keystone - Configs keystone - Creates a user / tenant / endpoint, etc Build – What’s it doing?
- Identity Management Service - Provides centralized Authentication and Authorization for OpenStack Services - … Let’s take a look: Keystone Intro
Keystone Intro
- Users - A User or Service - Set of credentials - User / Pass - User / API Key - User / RSA Token - etc Concepts - Users
- Tenant - A collection of resources - Instances in Nova - Networks in Neutron - Images in Glance - aka “projects” Concepts - Tenants
- Role - Binds a user to a tenant - Privileges or Rights on a set of resources - For example - Access to networks - Ability to upload images - Access to consoles Concepts - Roles
- Token - Arbitrary bit of text - Provides context & scope for authorization - PKI Tokens in Grizzly - keystone.token.providers.pki.Provider - Additional providers in the future Concepts – Token
- Service - An OpenStack Service - Keystone - Cinder - Nova - etc - Provides “endpoints”, or URLs users can use to operate the services Concepts – Service
- Endpoint - Network Address / URL for a service - Admin - Internal - Public Concepts – Endpoint
- http://docs.openstack.org/trunk/openstack- identity/admin/content/Identity-Service-Concepts- e1362.html - http://www.slideshare.net/kamesh001/openstack- keystone - http://docs.openstack.org/developer/keystone/configur ation.html Concepts – Reference
- vagrant ssh controller - sudo su - - cat .stackrc - export OS_TENANT_NAME=cookbook - export OS_USERNAME=admin - export OS_PASSWORD=openstack - export OS_AUTH_URL=http://${MY_IP}:5000/v2.0/ - source .stackrc Using Keystone!
- keystone service-list +----------------------------------+----------+----------+---------------------------+ | id | name | type | description | +----------------------------------+----------+----------+---------------------------+ | cd9aedf1430e48aa9d63af7c52581aa0 | cinder | volume | Cinder Volume Service | | 9ed2fcefaf70476896b7b5dd3fff1a8c | ec2 | ec2 | EC2 Compatibility Layer | | 830ed2c03fd742a586c5c378f6c540e0 | glance | image | Glance Image Service | | 9103fbbc247248ea9132025e91ba7025 | keystone | identity | Keystone Identity Service | | e75645d65beb4a95a79d1b3cabf7f256 | nova | compute | Nova Compute Service | +----------------------------------+----------+----------+---------------------------+ - keystone service-get <UUID> +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Keystone Identity Service | | id | 9103fbbc247248ea9132025e91ba7025 | | name | keystone | | type | identity | +-------------+----------------------------------+ List Services
# keystone user-list +----------------------------------+------------+---------+-------+ | id | name | enabled | email | +----------------------------------+------------+---------+-------+ | 390f2da1b41447aea3fa87f3feb77159 | admin | True | | | e2d55836f1d64e7d9131eedb222803ea | cinder | True | | | 690ba1fd20104b7db99873c02d7497a3 | glance | True | | | 62b9f4c6924749deb80c2f3e0ed86df8 | monitoring | True | | | 3b57d891ef9649c087d6c7259f0cdf80 | nova | True | | +----------------------------------+------------+---------+-------+ # keystone user-get 3b57d891ef9649c087d6c7259f0cdf80 +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | 3b57d891ef9649c087d6c7259f0cdf80 | | name | nova | | tenantId | 5551bace71ff4d3f891176fe22cb3016 | +----------+----------------------------------+ List Users
# keystone tenant-list +----------------------------------+---------+---------+ | id | name | enabled | +----------------------------------+---------+---------+ | e9f36d967ce249398f223da966fac706 | admin | True | | 5551bace71ff4d3f891176fe22cb3016 | service | True | +----------------------------------+---------+---------+ # keystone tenant-get 5551bace71ff4d3f891176fe22cb3016 +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | service Tenant | | enabled | True | | id | 5551bace71ff4d3f891176fe22cb3016 | | name | service | +-------------+----------------------------------+ List Tenants
# keystone endpoint-list +----------------------------------+-----------+-------------------------------------------+--------------------------- ----------------+-------------------------------------------+----------------------------------+ | id | region | publicurl | internalurl | adminurl | service_id | +----------------------------------+-----------+-------------------------------------------+--------------------------- ----------------+-------------------------------------------+----------------------------------+ | 087c7b7b7a4c433c97414db7187d0ac1 | RegionOne | http://10.178.22.42:8773/services/Cloud | http://10.178.22.42:8773/services/Cloud | http://10.178.22.42:8773/services/Admin | 9ed2fcefaf70476896b7b5dd3fff1a8c | | 520e98d49f5e4c23a93f278cf12a4b22 | RegionOne | http://10.178.22.42:5000/v2.0 | http://10.178.22.42:5000/v2.0 | http://10.178.22.42:35357/v2.0 | 9103fbbc247248ea9132025e91ba7025 | | 8c253aea03cb445fbe5549bf65baf430 | RegionOne | http://10.178.22.42:9292/v1 | http://10.178.22.42:9292/v1 | http://10.178.22.42:9292/v1 | 830ed2c03fd742a586c5c378f6c540e0 | | ec3a2237002c4dbdb4db365fbc961aa1 | RegionOne | http://10.178.22.42:8776/v1/%(tenant_id)s | http://10.178.22.42:8776/v1/%(tenant_id)s | http://10.178.22.42:8776/v1/%(tenant_id)s | cd9aedf1430e48aa9d63af7c52581aa0 | | f9aa590ca08346a6a4a228b993cdcf39 | RegionOne | http://10.178.22.42:8774/v2/%(tenant_id)s | http://10.178.22.42:8774/v2/%(tenant_id)s | http://10.178.22.42:8774/v2/%(tenant_id)s | e75645d65beb4a95a79d1b3cabf7f256 | +----------------------------------+-----------+-------------------------------------------+--------------------------- ----------------+-------------------------------------------+----------------------------------+ # keystone endpoint-get --service identity +--------------------+-------------------------------+ | Property | Value | +--------------------+-------------------------------+ | identity.publicURL | http://10.178.22.42:5000/v2.0 | +--------------------+-------------------------------+ List Endpoints
We’re going to need some things to make Glance work next week. Specifically, you’ll want a role, endpoint, service, and maybe some others in keystone. Additionally, like getting keystone up and running, let’s try to get glance installed for next week as well. Homework!

More Related Content

PPTX
Couch to OpenStack: Neutron (Quantum) - August 13, 2013 Featuring Sean Winn
byTrevor Roberts Jr.
 
PPTX
Couch to OpenStack: Nova - July, 30, 2013
byTrevor Roberts Jr.
 
PPTX
Couch to OpenStack: Glance - July, 23, 2013
byTrevor Roberts Jr.
 
PPTX
Couch to OpenStack: Cinder - August 6, 2013
byTrevor Roberts Jr.
 
PDF
Kubernetes internals (Kubernetes 해부하기)
byDongHyeon Kim
 
PDF
Weird things we've seen with OpenStack Neutron
byNick Jones
 
PDF
Painless ruby deployment on shelly cloud
byGiedrius Rimkus
 
PDF
CloudStack and cloud-init
byMarcusS13
 
Couch to OpenStack: Neutron (Quantum) - August 13, 2013 Featuring Sean Winn
byTrevor Roberts Jr.
 
Couch to OpenStack: Nova - July, 30, 2013
byTrevor Roberts Jr.
 
Couch to OpenStack: Glance - July, 23, 2013
byTrevor Roberts Jr.
 
Couch to OpenStack: Cinder - August 6, 2013
byTrevor Roberts Jr.
 
Kubernetes internals (Kubernetes 해부하기)
byDongHyeon Kim
 
Weird things we've seen with OpenStack Neutron
byNick Jones
 
Painless ruby deployment on shelly cloud
byGiedrius Rimkus
 
CloudStack and cloud-init
byMarcusS13
 

What's hot

PDF
How to operate containerized OpenStack
byNalee Jang
 
PPTX
Vagrant
byDenys Haryachyy
 
PDF
2015 DockerCon Using Docker in production at bity.com
byMathieu Buffenoir
 
PDF
Small, Simple, and Secure: Alpine Linux under the Microscope
byDocker, Inc.
 
PDF
openstack源码分析(1)
bycannium
 
PDF
CoreOSによるDockerコンテナのクラスタリング
byYuji ODA
 
PPTX
[오픈소스컨설팅] Linux Network Troubleshooting
byOpen Source Consulting
 
PPT
On MongoDB backup
byWilliam Yeh
 
PDF
Openstack at NTT Feb 7, 2011
byOpen Stack
 
PPTX
Mininet multiple controller
byCatur Mei Rahayu
 
PDF
Nova: Openstack Compute-as-a-service
byPratik Bandarkar
 
PDF
Trivadis TechEvent 2017 With the CLI through the Oracle Cloud Martin Berger
byTrivadis
 
PDF
OpenNebulaConf2015 2.02 Backing up your VM’s with Bacula - Alberto García
byOpenNebula Project
 
PDF
Declare your infrastructure: InfraKit, LinuxKit and Moby
byMoby Project
 
PPTX
Seamless migration from nova network to neutron in e bay production
byChengyuan Li
 
PDF
CloudOps CloudStack Days, Austin April 2015
byCloudOps2005
 
PDF
Build Your Own CaaS (Container as a Service)
byHungWei Chiu
 
ODP
Testing Wi-Fi with OSS Tools
byAll Things Open
 
PDF
CloudInit Introduction
byPublicis Sapient Engineering
 
PPTX
Cloud init and cloud provisioning [openstack summit vancouver]
byJoshua Harlow
 
How to operate containerized OpenStack
byNalee Jang
 
Vagrant
byDenys Haryachyy
 
2015 DockerCon Using Docker in production at bity.com
byMathieu Buffenoir
 
Small, Simple, and Secure: Alpine Linux under the Microscope
byDocker, Inc.
 
openstack源码分析(1)
bycannium
 
CoreOSによるDockerコンテナのクラスタリング
byYuji ODA
 
[오픈소스컨설팅] Linux Network Troubleshooting
byOpen Source Consulting
 
On MongoDB backup
byWilliam Yeh
 
Openstack at NTT Feb 7, 2011
byOpen Stack
 
Mininet multiple controller
byCatur Mei Rahayu
 
Nova: Openstack Compute-as-a-service
byPratik Bandarkar
 
Trivadis TechEvent 2017 With the CLI through the Oracle Cloud Martin Berger
byTrivadis
 
OpenNebulaConf2015 2.02 Backing up your VM’s with Bacula - Alberto García
byOpenNebula Project
 
Declare your infrastructure: InfraKit, LinuxKit and Moby
byMoby Project
 
Seamless migration from nova network to neutron in e bay production
byChengyuan Li
 
CloudOps CloudStack Days, Austin April 2015
byCloudOps2005
 
Build Your Own CaaS (Container as a Service)
byHungWei Chiu
 
Testing Wi-Fi with OSS Tools
byAll Things Open
 
CloudInit Introduction
byPublicis Sapient Engineering
 
Cloud init and cloud provisioning [openstack summit vancouver]
byJoshua Harlow
 

Viewers also liked

PDF
Making Glance tasks work for you - OpenStack Summit May 2015 Vancouver
byBrian Rosmaita
 
PDF
8 Key Facts about the Keystone Pipeline
byU.S. Chamber of Commerce
 
PDF
Open stack networking_101_part-1
byyfauser
 
PPTX
OpenStack Storage Overview
byBharat Kumar Kobagana
 
PDF
OpenStack keystone identity service
byopenstackindia
 
PPTX
Deep Dive into Keystone Tokens and Lessons Learned
byPriti Desai
 
PDF
OpenStack Architecture
byMirantis
 
Making Glance tasks work for you - OpenStack Summit May 2015 Vancouver
byBrian Rosmaita
 
8 Key Facts about the Keystone Pipeline
byU.S. Chamber of Commerce
 
Open stack networking_101_part-1
byyfauser
 
OpenStack Storage Overview
byBharat Kumar Kobagana
 
OpenStack keystone identity service
byopenstackindia
 
Deep Dive into Keystone Tokens and Lessons Learned
byPriti Desai
 
OpenStack Architecture
byMirantis
 

Similar to Couch to open_stack_keystone

PPTX
Aptira presents OpenStack keystone identity service
byOpenStack
 
PPTX
OpenStack Keystone
byDeepti Ramakrishna
 
PPTX
Keystone - Openstack Identity Service
byPrasad Mukhedkar
 
PPTX
Identity service keystone ppt
byuniversity of Gujrat, pakistan
 
PDF
Oct 2012 state of project keystone
byJoseph Heck
 
ODP
Getting started with RDO Havana
byDan Radez
 
PPT
Openstack presentation
bySankalp Jain
 
PDF
Openstack 101
byPOSSCON
 
PDF
Openstack 2013 1
byLuis Gervaso
 
PPTX
OpenStack GDL : Hacking keystone | 20 Octubre 2014
byVictor Morales
 
PDF
OpenStack: Security Beyond Firewalls
byGiuseppe Paterno'
 
PDF
Openstack: security beyond firewalls
byGARL
 
PPTX
Building IAM for OpenStack
bySteve Martinelli
 
PDF
Red Hat Forum Tokyo - OpenStack Architecture
byDan Radez
 
PPTX
OpenStack Toronto Meetup - Keystone 101
bySteve Martinelli
 
PDF
CIS 2015- Building IAM for OpenStack- Steve Martinelli
byCloudIDSummit
 
PDF
Spring 2012 state of project keystone
byJoseph Heck
 
PPT
Shmoocon 2013 - OpenStack Security Brief
byopenfly
 
PDF
Build your own private openstack cloud
byNUTC, imac
 
PDF
Openstack on Fedora, Fedora on Openstack: An Introduction to cloud IaaS
bySadique Puthen
 
Aptira presents OpenStack keystone identity service
byOpenStack
 
OpenStack Keystone
byDeepti Ramakrishna
 
Keystone - Openstack Identity Service
byPrasad Mukhedkar
 
Identity service keystone ppt
byuniversity of Gujrat, pakistan
 
Oct 2012 state of project keystone
byJoseph Heck
 
Getting started with RDO Havana
byDan Radez
 
Openstack presentation
bySankalp Jain
 
Openstack 101
byPOSSCON
 
Openstack 2013 1
byLuis Gervaso
 
OpenStack GDL : Hacking keystone | 20 Octubre 2014
byVictor Morales
 
OpenStack: Security Beyond Firewalls
byGiuseppe Paterno'
 
Openstack: security beyond firewalls
byGARL
 
Building IAM for OpenStack
bySteve Martinelli
 
Red Hat Forum Tokyo - OpenStack Architecture
byDan Radez
 
OpenStack Toronto Meetup - Keystone 101
bySteve Martinelli
 
CIS 2015- Building IAM for OpenStack- Steve Martinelli
byCloudIDSummit
 
Spring 2012 state of project keystone
byJoseph Heck
 
Shmoocon 2013 - OpenStack Security Brief
byopenfly
 
Build your own private openstack cloud
byNUTC, imac
 
Openstack on Fedora, Fedora on Openstack: An Introduction to cloud IaaS
bySadique Puthen
 

More from ProfessionalVMware

PPTX
#vBrownBag OpenStack - Review & Kickoff for Phase 2
byProfessionalVMware
 
PPTX
Portland VMware User Conference 2013 - Afternoon Keynote
byProfessionalVMware
 
PPTX
Vagrant
byProfessionalVMware
 
PPTX
ProfessionalVMware BrownBag VCP5 Section3: Storage
byProfessionalVMware
 
PPTX
vCloud Architecture BrownBag
byProfessionalVMware
 
PPTX
BrownBag - vCloud Networking
byProfessionalVMware
 
PPTX
ProfessionalVMware BrownBag - SMB Design
byProfessionalVMware
 
PDF
Wade Holmes vCloud Architecture Toolkit
byProfessionalVMware
 
PDF
ProfessionalVMware BrownBag (Jason Boche) - VCAP-DCD Objective 1
byProfessionalVMware
 
PPTX
VMworld 2011 - PowerCLI 101
byProfessionalVMware
 
PPTX
ProfessionalVMware VCAP BrownBag Section 2
byProfessionalVMware
 
PPTX
vSphere vStorage: Troubleshooting Performance
byProfessionalVMware
 
PPT
VCAP-DCA Lightning Round Q&A
byProfessionalVMware
 
PPTX
Vcap dca section 1
byProfessionalVMware
 
#vBrownBag OpenStack - Review & Kickoff for Phase 2
byProfessionalVMware
 
Portland VMware User Conference 2013 - Afternoon Keynote
byProfessionalVMware
 
Vagrant
byProfessionalVMware
 
ProfessionalVMware BrownBag VCP5 Section3: Storage
byProfessionalVMware
 
vCloud Architecture BrownBag
byProfessionalVMware
 
BrownBag - vCloud Networking
byProfessionalVMware
 
ProfessionalVMware BrownBag - SMB Design
byProfessionalVMware
 
Wade Holmes vCloud Architecture Toolkit
byProfessionalVMware
 
ProfessionalVMware BrownBag (Jason Boche) - VCAP-DCD Objective 1
byProfessionalVMware
 
VMworld 2011 - PowerCLI 101
byProfessionalVMware
 
ProfessionalVMware VCAP BrownBag Section 2
byProfessionalVMware
 
vSphere vStorage: Troubleshooting Performance
byProfessionalVMware
 
VCAP-DCA Lightning Round Q&A
byProfessionalVMware
 
Vcap dca section 1
byProfessionalVMware
 

Recently uploaded

PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PPTX
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
PPTX
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
PPTX
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
PDF
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PPTX
PPTX game guess the logo with a twistppt
byAdrianAnig
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PDF
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PDF
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
PDF
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PPTX game guess the logo with a twistppt
byAdrianAnig
 
Workflow and decision Automation with Flowable
bychakib ch
 
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 

Couch to open_stack_keystone

  • 1.
  • 2.
    - Subscribe &Recordings: http://bit.ly/BrownbagPodcast - Sign up for the rest of the series: http://openstack.prov12n.com/about-couch-to-openstack/ Some Logistics
  • 3.
    On Twitter: #vBrownBag Also:@cody_bunch Join the conversation
  • 4.
    - New Edition:http://www.packtpub.com/openstack-cloud- computing-cookbook-second-edition/book - Old Edition: http://amzn.to/12eI6rX Buy the Book
  • 5.
    7/2/2013 – Introto OpenStack < Recording here: http://buff.ly/1cQZ3xC 7/9/2013 – Vagrant Primer < Recording here: http://bit.ly/149FnWt 7/16/2013 – Identity services (Keystone) << We Are Here 7/23/2013 – Image services (Glance) 7/30/2013 – Compute Services (Nova) 8/6/2013 – Block Storage / Volume Services (Cinder) 8/13/2013 – Networking Services (Quantum) 8/20/2013 - Monitoring & Troubleshooting 8/27/2013 - HA OpenStack 9/3/2013 – DevOps Deployments Note: Dates are subject to change depending on how far we get in each lesson. The Rest of the Series
  • 6.
    Y’all did thehomework right? Remember we have a G+ Support group here: https://plus.google.com/communities/1016630525883821 71429 Homework Review
  • 7.
    - git clone https://github.com/bunchc/Couch_to_OpenStack.git -cd Couch_to_OpenStack - vagrant up Build Time!
  • 8.
    - Adds theGrizzly packages for Ubuntu - Set’s a bunch of variables - Installs MySQL - Creates a DB - Creates a User - Assigns User to DB - Installs keystone - Configs keystone - Creates a user / tenant / endpoint, etc Build – What’s it doing?
  • 9.
    - Identity ManagementService - Provides centralized Authentication and Authorization for OpenStack Services - … Let’s take a look: Keystone Intro
  • 10.
  • 11.
    - Users - AUser or Service - Set of credentials - User / Pass - User / API Key - User / RSA Token - etc Concepts - Users
  • 12.
    - Tenant - Acollection of resources - Instances in Nova - Networks in Neutron - Images in Glance - aka “projects” Concepts - Tenants
  • 13.
    - Role - Bindsa user to a tenant - Privileges or Rights on a set of resources - For example - Access to networks - Ability to upload images - Access to consoles Concepts - Roles
  • 14.
    - Token - Arbitrarybit of text - Provides context & scope for authorization - PKI Tokens in Grizzly - keystone.token.providers.pki.Provider - Additional providers in the future Concepts – Token
  • 15.
    - Service - AnOpenStack Service - Keystone - Cinder - Nova - etc - Provides “endpoints”, or URLs users can use to operate the services Concepts – Service
  • 16.
    - Endpoint - NetworkAddress / URL for a service - Admin - Internal - Public Concepts – Endpoint
  • 17.
  • 18.
    - vagrant sshcontroller - sudo su - - cat .stackrc - export OS_TENANT_NAME=cookbook - export OS_USERNAME=admin - export OS_PASSWORD=openstack - export OS_AUTH_URL=http://${MY_IP}:5000/v2.0/ - source .stackrc Using Keystone!
  • 19.
    - keystone service-list +----------------------------------+----------+----------+---------------------------+ |id | name | type | description | +----------------------------------+----------+----------+---------------------------+ | cd9aedf1430e48aa9d63af7c52581aa0 | cinder | volume | Cinder Volume Service | | 9ed2fcefaf70476896b7b5dd3fff1a8c | ec2 | ec2 | EC2 Compatibility Layer | | 830ed2c03fd742a586c5c378f6c540e0 | glance | image | Glance Image Service | | 9103fbbc247248ea9132025e91ba7025 | keystone | identity | Keystone Identity Service | | e75645d65beb4a95a79d1b3cabf7f256 | nova | compute | Nova Compute Service | +----------------------------------+----------+----------+---------------------------+ - keystone service-get <UUID> +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Keystone Identity Service | | id | 9103fbbc247248ea9132025e91ba7025 | | name | keystone | | type | identity | +-------------+----------------------------------+ List Services
  • 20.
    # keystone user-list +----------------------------------+------------+---------+-------+ |id | name | enabled | email | +----------------------------------+------------+---------+-------+ | 390f2da1b41447aea3fa87f3feb77159 | admin | True | | | e2d55836f1d64e7d9131eedb222803ea | cinder | True | | | 690ba1fd20104b7db99873c02d7497a3 | glance | True | | | 62b9f4c6924749deb80c2f3e0ed86df8 | monitoring | True | | | 3b57d891ef9649c087d6c7259f0cdf80 | nova | True | | +----------------------------------+------------+---------+-------+ # keystone user-get 3b57d891ef9649c087d6c7259f0cdf80 +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | 3b57d891ef9649c087d6c7259f0cdf80 | | name | nova | | tenantId | 5551bace71ff4d3f891176fe22cb3016 | +----------+----------------------------------+ List Users
  • 21.
    # keystone tenant-list +----------------------------------+---------+---------+ |id | name | enabled | +----------------------------------+---------+---------+ | e9f36d967ce249398f223da966fac706 | admin | True | | 5551bace71ff4d3f891176fe22cb3016 | service | True | +----------------------------------+---------+---------+ # keystone tenant-get 5551bace71ff4d3f891176fe22cb3016 +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | service Tenant | | enabled | True | | id | 5551bace71ff4d3f891176fe22cb3016 | | name | service | +-------------+----------------------------------+ List Tenants
  • 22.
    # keystone endpoint-list +----------------------------------+-----------+-------------------------------------------+--------------------------- ----------------+-------------------------------------------+----------------------------------+ |id | region | publicurl | internalurl | adminurl | service_id | +----------------------------------+-----------+-------------------------------------------+--------------------------- ----------------+-------------------------------------------+----------------------------------+ | 087c7b7b7a4c433c97414db7187d0ac1 | RegionOne | http://10.178.22.42:8773/services/Cloud | http://10.178.22.42:8773/services/Cloud | http://10.178.22.42:8773/services/Admin | 9ed2fcefaf70476896b7b5dd3fff1a8c | | 520e98d49f5e4c23a93f278cf12a4b22 | RegionOne | http://10.178.22.42:5000/v2.0 | http://10.178.22.42:5000/v2.0 | http://10.178.22.42:35357/v2.0 | 9103fbbc247248ea9132025e91ba7025 | | 8c253aea03cb445fbe5549bf65baf430 | RegionOne | http://10.178.22.42:9292/v1 | http://10.178.22.42:9292/v1 | http://10.178.22.42:9292/v1 | 830ed2c03fd742a586c5c378f6c540e0 | | ec3a2237002c4dbdb4db365fbc961aa1 | RegionOne | http://10.178.22.42:8776/v1/%(tenant_id)s | http://10.178.22.42:8776/v1/%(tenant_id)s | http://10.178.22.42:8776/v1/%(tenant_id)s | cd9aedf1430e48aa9d63af7c52581aa0 | | f9aa590ca08346a6a4a228b993cdcf39 | RegionOne | http://10.178.22.42:8774/v2/%(tenant_id)s | http://10.178.22.42:8774/v2/%(tenant_id)s | http://10.178.22.42:8774/v2/%(tenant_id)s | e75645d65beb4a95a79d1b3cabf7f256 | +----------------------------------+-----------+-------------------------------------------+--------------------------- ----------------+-------------------------------------------+----------------------------------+ # keystone endpoint-get --service identity +--------------------+-------------------------------+ | Property | Value | +--------------------+-------------------------------+ | identity.publicURL | http://10.178.22.42:5000/v2.0 | +--------------------+-------------------------------+ List Endpoints
  • 23.
    We’re going toneed some things to make Glance work next week. Specifically, you’ll want a role, endpoint, service, and maybe some others in keystone. Additionally, like getting keystone up and running, let’s try to get glance installed for next week as well. Homework!