Keystone

No comments

keystone provides 4 services:

  1. Identity (Authentication)
  2. Token
  3. Policy (Authorization)
  4. Catalog (List of available service endpoints)

Catalog

This is nothing more than a list of the services that OpenStack is configured to provide and their REST-compatible URLs. Cloud be file or DB (recommended)

Keystone configuration

keystone.conf

the keystone DB config is very important, it can’t work properly without it.

other important part of config file is Token and Cache
Token parameters can affect keystone performance
keystone using memcache for caching, we can find config under Cache setting

CLI

we have 2 option 1st openstack cli, 2nd keystone cli (legacy)

we have USERs ,TENANTs and ROLEs

  • openstack user list — to list user accounts defined in Keystone
  • openstack project create — to create a tenant
  • openstack catalog list — to display the service catalog

we also have keystone middleware, which is used for communication broker. services use it to connect to keystone

Keystone Credential

openstack first authenticate each user with username/password through keystone then, assign a token to use it for accessing other openstack services
user should have these to get the token:
1. where is keyston
2. tenant and username
3. password
each openstack command need above informations, although the convenient way is to use environment variable

Setting up your shell environment

These are the minimum required environment variables to set up the OpenStack credentials.

export OS_AUTH_URL=http://<keystone_ip_address>:5000/v2.0/
export OS_USERNAME=admin
export OS_PASSWORD=<password>
export OS_TENANT_NAME=admin

setup environment automatically
create a file “openstackrc”
put the variable above in it
source the file: “source openstackrc”

we can add the source to .bashrc to fully automate it

Keystone Commands

openstack project create <project_name>
openstack project list
openstakc user create --project <> --pasword <> --enable <user_name>
openstack user list
openstack role list
openstack role add ..... #assigne a role to user
openstack token issue
openstack catalog list
openstakc --help
openstack --debug catalog list
openstack user list
openstack role assignment list
Tags

Leave a Reply

Your email address will not be published. Required fields are marked *