[Openstack] [openstack] [keystone] how to configure multiple object-store entries with different endpoints
Peter Brouwer
peter.brouwer at oracle.com
Mon Mar 6 16:44:25 UTC 2017
Hi
How do you setup different object stores for a different set of users,
like oversimplified example, presales users go to different object store
as users from postsales?
I get the a mix of two endpoints showing up under one user, only way to
get the groups is using different region but user still get endpoints
for both.
openstack role list
+----------------------------------+-------------+
| ID | Name |
+----------------------------------+-------------+
| 3af2ab60862c4f85a3139aa7a4ecb297 | admin |
| 7209bcb5362845589f1fb80fc02d91e8 | swift_users |
| 87a552a90bda418a891fc4ae31ef5e68 | user |
+----------------------------------+-------------+
root at ubuntu1:~/scripts# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 2d5f98a58ebb4aeeae8112000f24c9ee | admin |
| 32597a8cde2f43e780c10a317041aaad | swift |
| 77d906e5efee455e939a6f8d5bac0812 | demo |
| a524fb94470d450191a8e446ed4b3ddd | bob |
+----------------------------------+-------+
root at ubuntu1:~/scripts# openstack user show bob
+--------------------+----------------------------------+
| Field | Value |
+--------------------+----------------------------------+
| default_project_id | 8e698265b04549d0980e918c87738d86 |
| description | AfterSales member |
| domain_id | default |
| email | bob at aftersales.local |
| enabled | True |
| id | a524fb94470d450191a8e446ed4b3ddd |
| name | bob |
+--------------------+----------------------------------+
openstack project show service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Default service project |
| domain_id | default |
| enabled | True |
| id | 51ded72073e340b2a2f99cb344dc2bad |
| is_domain | False |
| name | service |
| parent_id | default |
+-------------+----------------------------------+
root at ubuntu1:~/scripts# openstack project show aftersales
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| domain_id | default |
| enabled | True |
| id | 8e698265b04549d0980e918c87738d86 |
| is_domain | False |
| name | aftersales |
| parent_id | default |
+-------------+----------------------------------+
openstack catalog show aftersales
+-----------+------------------------------------------------+
| Field | Value |
+-----------+------------------------------------------------+
| endpoints | RegionTwo |
| | internal: http://192.168.0.210/v1/aftersales |
| | RegionTwo |
| | admin: http://192.168.0.210/v1/aftersales |
| | RegionTwo |
| | public: http://192.168.0.210/v1/aftersales |
| | |
| id | 9c825bf5c2d947448bc9e834e820b647 |
| name | aftersales |
| type | object-store |
+-----------+------------------------------------------------+
r catalog show swift
+-----------+----------------------------------------------------------+
| Field | Value |
+-----------+----------------------------------------------------------+
| endpoints | RegionOne |
| | public: http://192.168.0.200/v1/export/kswift |
| | RegionOne |
| | internal: http://192.168.0.200/v1/export/kswift |
| | RegionOne |
| | admin: http://192.168.0.200/v1/export/kswift |
| | |
| id | af8477214a834d959abd3f0718dd88fb |
| name | swift |
| type | object-store |
+-----------+----------------------------------------------------------+
root at ubuntu1:~/scripts# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------------------------+
| ID | Region | Service Name | Service
Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------------------------+
| 59233fd046f241679323f5913c99278e | RegionOne | swift |
object-store | True | public |
http://192.168.0.200/object/v1/export/kswift |
| 5dc0344bd0e2441facf1a50daac6dcb0 | RegionTwo | aftersales |
object-store | True | internal |
http://192.168.0.200/v1/aftersales |
| 68aa6b200eaa443fbcd5c8d54990ff36 | RegionOne | swift |
object-store | True | internal |
http://192.168.0.200/object/v1/export/kswift |
| 7228845023bd40088e68f5e3baf56305 | RegionOne | keystone |
identity | True | internal |
http://ubuntu1:35357/v3/ |
| 7ffc7661be7a4a309004a24c8c28b7ab | RegionTwo | aftersales |
object-store | True | admin |
http://192.168.0.200/v1/aftersales |
| bce72c93209447e08c0c5c040730059c | RegionTwo | aftersales |
object-store | True | public |
http://192.168.0.200/v1/aftersales |
| cfe95067e2314b7eaa0feb3c76b09bd7 | RegionOne | keystone |
identity | True | public |
http://ubuntu1:5000/v3/ |
| e431073400f64b54846308a2bfcdba3c | RegionOne | keystone |
identity | True | admin |
http://ubuntu1:35357/v3/ |
| f677511232434b35806304ed23fee220 | RegionOne | swift |
object-store | True | admin |
http://192.168.0.200/object/v1/export/kswift |
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------------------------+
curl authenticate response for user bob:
{
"access": {
"token": {
"issued_at": "2017-03-06T16:00:03.000000Z",
"expires": "2017-03-06T17:00:03Z",
"id":
"gAAAAABYvYeDV1eBlwWnGiW-clj49tGPfO3PeiwlDAUwfePmex9Kr_w9I54ppxmFO-vprdrvkq_ogq-4ci_bECE_eoRTZXG3J8xhm_-AltinA34vzcpbEyoAlGrQUc7JqfPXbHMxsipzP0SBtn0c49wxZD5lo81RJ50ZIfO2Bp0mW4XqOh6vAL4",
"tenant": {
"description": "Aftersales object storage",
"enabled": true,
"id": "8e698265b04549d0980e918c87738d86",
"name": "aftersales"
},
"audit_ids": [
"OMrzk0i4RIG5U0EYFgW0lA"
]
},
"serviceCatalog": [
{
"endpoints": [
{
"adminURL": "http://192.168.0.200/object/v1/export/kswift",
"region": "RegionOne",
"internalURL": "http://192.168.0.200/object/v1/export/kswift",
"id": "59233fd046f241679323f5913c99278e",
"publicURL": "http://192.168.0.200/object/v1/export/kswift"
},
{
"adminURL": "http://192.168.0.200/v1/aftersales",
"region": "RegionTwo",
"internalURL": "http://192.168.0.200/v1/aftersales",
"id": "5dc0344bd0e2441facf1a50daac6dcb0",
"publicURL": "http://192.168.0.200/v1/aftersales"
}
],
"endpoints_links": [],
"type": "object-store",
"name": "aftersales"
},
{
"endpoints": [
{
"adminURL": "http://ubuntu1:35357/v3/",
"region": "RegionOne",
"internalURL": "http://ubuntu1:35357/v3/",
"id": "7228845023bd40088e68f5e3baf56305",
"publicURL": "http://ubuntu1:5000/v3/"
}
],
"endpoints_links": [],
"type": "identity",
"name": "keystone"
}
],
"user": {
"username": "bob",
"roles_links": [],
"id": "a524fb94470d450191a8e446ed4b3ddd",
"roles": [
{
"name": "swift_users"
}
],
"name": "bob"
},
"metadata": {
"is_admin": 0,
"roles": [
"7209bcb5362845589f1fb80fc02d91e8"
]
}
}
}
--
Regards,
Peter Brouwer, Principal Software Engineer,
Oracle Application Integration Engineering.
Phone: +44 1506 672767, Mobile +44 7720 598 226
E-Mail: Peter.Brouwer at Oracle.com
More information about the Openstack
mailing list