Atom feed of this document
 

 Keystone Configuration for Quantum

 

Procedure 3.1. To Configure Keystone for Quantum

  1. To Create a Quantum Service Entry

    Quantum needs to be available in the  Keystone service catalog.  The steps for this depend on whether you are using Keystone's SQL catalog driver or the template catalog driver.

    With the SQL driver, for a given region ($REGION), IP address of the Quantum server ($IP), and service ID ($ID) returned by the Keystone service catalog, run:

    keystone service-create --name quantum --type network --description 'OpenStack Networking Service'

    Make a note of the ID returned by keystone and put it in the $ID location.

    keystone endpoint-create --region $REGION --service-id $ID --publicurl 'http://$IP:9696/' --adminurl 'http://$IP:9696/' --internalurl 'http://$IP:9696/'

    Here's an example with real values:

    $ keystone service-create --name quantum --type network --description 'OpenStack Networking Service'
    +-------------+----------------------------------+
    |   Property  |              Value               |
    +-------------+----------------------------------+
    | description | OpenStack Networking Service     |
    | id          | 26a55b340e254ad5bb78c0b14391e153 |
    | name        | quantum                          |
    | type        | network                          |
    +-------------+----------------------------------+
    $ keystone endpoint-create --region myregion --service-id 26a55b340e254ad5bb78c0b14391e153 \
    --publicurl "http://10.211.55.17:9696/" --adminurl "http://10.211.55.17:9696/" --internalurl "http://10.211.55.17:9696/" 

    With the template driver, for a given region ($REGION) and IP address of the Quantum server ($IP), add the following content to your keystone catalog template file (default_catalog.templates).

    catalog.$REGION.network.publicURL = http://$IP:9696
    catalog.$REGION.network.adminURL = http://$IP:9696
    catalog.$REGION.network.internalURL = http://$IP:9696
    catalog.$REGION.network.name = Network Service 

    Here is an example with real values:

    catalog.$Region.network.publicURL = http://10.211.55.17:9696
    catalog.$Region.network.adminURL = http://10.211.55.17:9696
    catalog.$Region.network.internalURL = http://10.211.55.17:9696
    catalog.$Region.network.name = Network Service
  2. Create Quantum Service User

    For Nova to speak to the Quantum API, and for some internal components of Quantum to communicate with the Quantum API, you need to provide them with admin user credentials that they can use when accessing the Quantum API.  The suggested approach is to create a special 'service' tenant, create a ‘quantum’ user within this tenant, and to assign this user an 'admin' role. Kindly check the ID for user, role and tenant.

    For example:

    $ ADMIN_ROLE=$(get_id keystone role-create --name=admin)
    
    $ QUANTUM_USER=$(get_id keystone user-create --name=quantum --pass="$QUANTUM_PASSWORD" --email=demo@example.com --tenant-id service)
    
    $   keystone user-role-add --user_id $QUANTUM_USER --role_id $ADMIN_ROLE --tenant_id service

See the Keystone Administrator Guide for more details about creating service entries and service users.



loading table of contents...