Procedure 3.1. To Configure Keystone for Quantum
To Create a Quantum Service Entry
Quantum needs to be available in the Keystone service catalog. The steps for this depend on whether you are using Keystone's SQL catalog driver or the template catalog driver.
With the SQL driver, for a given region ($REGION), IP address of the Quantum server ($IP), and service ID ($ID) returned by the Keystone service catalog, run:
keystone service-create --name quantum --type network --description 'OpenStack Networking Service'
Make a note of the ID returned by keystone and put it in the $ID location.
keystone endpoint-create --region $REGION --service-id $ID --publicurl 'http://$IP:9696/' --adminurl 'http://$IP:9696/' --internalurl 'http://$IP:9696/'
Here's an example with real values:
$ keystone service-create --name quantum --type network --description 'OpenStack Networking Service'
+-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | OpenStack Networking Service | | id | 26a55b340e254ad5bb78c0b14391e153 | | name | quantum | | type | network | +-------------+----------------------------------+
$ keystone endpoint-create --region myregion --service-id 26a55b340e254ad5bb78c0b14391e153 \ --publicurl "http://10.211.55.17:9696/" --adminurl "http://10.211.55.17:9696/" --internalurl "http://10.211.55.17:9696/"
With the template driver, for a given region ($REGION) and IP address of the Quantum server ($IP), add the following content to your keystone catalog template file (default_catalog.templates).
catalog.$REGION.network.publicURL = http://$IP:9696 catalog.$REGION.network.adminURL = http://$IP:9696 catalog.$REGION.network.internalURL = http://$IP:9696 catalog.$REGION.network.name = Network Service
Here is an example with real values:
catalog.$Region.network.publicURL = http://10.211.55.17:9696 catalog.$Region.network.adminURL = http://10.211.55.17:9696 catalog.$Region.network.internalURL = http://10.211.55.17:9696 catalog.$Region.network.name = Network Service
Create Quantum Service User
For Nova to speak to the Quantum API, and for some internal components of Quantum to communicate with the Quantum API, you need to provide them with admin user credentials that they can use when accessing the Quantum API. The suggested approach is to create a special 'service' tenant, create a ‘quantum’ user within this tenant, and to assign this user an 'admin' role. Kindly check the ID for user, role and tenant.
For example:
$ ADMIN_ROLE=$(get_id keystone role-create --name=admin)
$ QUANTUM_USER=$(get_id keystone user-create --name=quantum --pass="$QUANTUM_PASSWORD" --email=demo@example.com --tenant-id service)
$ keystone user-role-add --user_id $QUANTUM_USER --role_id $ADMIN_ROLE --tenant_id service
See the Keystone Administrator Guide for more details about creating service entries and service users.