API tools faq
paste
Advertisement
FlorianOtel

Untitled

FlorianOtel
Feb 22nd, 2012
229
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.91 KB | None | 0 0
raw download clone embed print report
  1. # Creating Users, Tenants and Roles in Keystone.
  2.  
  3. root@Swift1:/etc/keystone# keystone-manage tenant add MyTenant
  4. SUCCESS: Tenant MyTenant created.
  5. root@Swift1:/etc/keystone# keystone-manage user add myuser mypassword MyTenant
  6. SUCCESS: User myuser created.
  7. root@Swift1:/etc/keystone# keystone-manage role add Admin
  8. SUCCESS: Role Admin created successfully.
  9. root@Swift1:/etc/keystone# keystone-manage role grant Admin myuser
  10. SUCCESS: Granted Admin the myuser role on None.
  11. root@Swift1:/etc/keystone# keystone-manage role grant Admin myuser MyTenant
  12. SUCCESS: Granted Admin the myuser role on MyTenant.
  13. root@Swift1:/etc/keystone# keystone-manage token add 999888777666 myuser MyTenant 2015-02-05T00:00
  14. SUCCESS: Token 999888777666 created.
  15.  
  16. ### Create enpoint templates....Result:
  17.  
  18. root@Swift1:/etc/keystone# mysql -u root -pmysqlpasswd keystone -e 'select * from endpoint_templates;'
  19. +----+-----------+----------+--------------------------------------------+-----------------------------------------+--------------------------------------------+---------+-----\
  20. ------+
  21. | id | region | service | public_url | admin_url | internal_url | enabled | is_g\
  22. lobal |
  23. +----+-----------+----------+--------------------------------------------+-----------------------------------------+--------------------------------------------+---------+-----\
  24. ------+
  25. | 1 | RegionOne | nova | http://10.2.20.51:8774/v1.1/%tenant_id% | http://10.2.20.51:8774/v1.1/%tenant_id% | http://10.2.20.51:8774/v1.1/%tenant_id% | 1 | \
  26. 1 |
  27. | 2 | RegionOne | glance | http://10.2.20.51:9292/v1.1/%tenant_id% | http://10.2.20.51:9292/v1.1/%tenant_id% | http://10.2.20.51:9292/v1.1/%tenant_id% | 1 | \
  28. 1 |
  29. | 3 | RegionOne | keystone | http://10.2.20.51:5000/v2.0 | http://10.2.20.51:5001/v2.0 | http://10.2.20.51:5000/v2.0 | 1 | \
  30. 1 |
  31. | 4 | RegionOne | swift | http://10.2.20.51:8080/v1/AUTH_%tenant_id% | http://10.2.20.51:8080/ | http://10.2.20.51:8080/v1/AUTH_%tenant_id% | 1 | \
  32. 1 |
  33. +----+-----------+----------+--------------------------------------------+-----------------------------------------+--------------------------------------------+---------+-----\
  34. ------+
  35.  
  36. ### Adding more users & tenants. And the result.
  37.  
  38. root@Swift1:/etc/swift# keystone-manage tenant add TestTenant
  39. SUCCESS: Tenant TestTenant created.
  40.  
  41. root@Swift1:/etc/swift# keystone-manage user add TestUser Testpasswd
  42. SUCCESS: User TestUser created.
  43. root@Swift1:/etc/swift# keystone-manage role add Member
  44. SUCCESS: Role Member created successfully.
  45. root@Swift1:/etc/swift# keystone-manage role grant Member TestUser
  46. SUCCESS: Granted Member the TestUser role on None.
  47. root@Swift1:/etc/swift# keystone-manage role grant Admin TestUser TestTenant
  48. SUCCESS: Granted Admin the TestUser role on TestTenant.
  49. root@Swift1:/etc/swift# keystone-manage role grant Member TestUser MyTenant
  50. SUCCESS: Granted Member the TestUser role on MyTenant.
  51.  
  52. root@Swift1:/etc/swift# mysql -u root -pmysqlpasswd -e 'select * from keystone.users;'
  53. +----------+------------+-------+---------+-----------+
  54. | id | password | email | enabled | tenant_id |
  55. +----------+------------+-------+---------+-----------+
  56. | myuser | mypassword | NULL | 1 | MyTenant |
  57. | TestUser | Testpasswd | NULL | 1 | NULL |
  58. +----------+------------+-------+---------+-----------+
  59.  
  60. root@Swift1:/etc/swift# mysql -u root -pmysqlpasswd -e 'select * from keystone.tenants;'
  61. +------------+------+---------+
  62. | id | desc | enabled |
  63. +------------+------+---------+
  64. | MyTenant | NULL | 1 |
  65. | TestTenant | NULL | 1 |
  66. +------------+------+---------+
  67.  
  68. root@Swift1:/etc/swift# mysql -u root -pmysqlpasswd -e 'select * from keystone.token;'
  69. +--------------+---------+-----------+---------------------+
  70. | id | user_id | tenant_id | expires |
  71. +--------------+---------+-----------+---------------------+
  72. | 999888777666 | myuser | MyTenant | 2015-02-05 00:00:00 |
  73. +--------------+---------+-----------+---------------------+
  74.  
  75. root@Swift1:/etc/swift# mysql -u root -pmysqlpasswd -e 'select * from keystone.tenants;'
  76. +------------+------+---------+
  77. | id | desc | enabled |
  78. +------------+------+---------+
  79. | MyTenant | NULL | 1 |
  80. | TestTenant | NULL | 1 |
  81. +------------+------+---------+
  82.  
  83. ### Keystone config file:
  84. root@Swift1:~# cat /etc/keystone/keystone.conf
  85. [DEFAULT]
  86. # Show more verbose log output (sets INFO log level output)
  87. verbose = False
  88.  
  89. # Show debugging output in logs (sets DEBUG log level output)
  90. debug = False
  91.  
  92. # Which backend store should Keystone use by default.
  93. # Default: 'sqlite'
  94. # Available choices are 'sqlite' [future will include LDAP, PAM, etc]
  95. default_store = sqlite
  96.  
  97. # Log to this file. Make sure you do not set the same log
  98. # file for both the API and registry servers!
  99. log_file = /var/log/keystone/keystone.log
  100.  
  101. # List of backends to be configured
  102. backends = keystone.backends.sqlalchemy
  103. #For LDAP support, add: ,keystone.backends.ldap
  104.  
  105. # Dictionary Maps every service to a header.Missing services would get header
  106. # X_(SERVICE_NAME) Key => Service Name, Value => Header Name
  107. service-header-mappings = {
  108. 'nova' : 'X-Server-Management-Url',
  109. 'swift' : 'X-Storage-Url',
  110. 'cdn' : 'X-CDN-Management-Url'}
  111.  
  112. # Address to bind the API server
  113. # TODO Properties defined within app not available via pipeline.
  114. service_host = 0.0.0.0
  115.  
  116. # Port the bind the API server to
  117. service_port = 5000
  118.  
  119. # Address to bind the Admin API server
  120. admin_host = 0.0.0.0
  121.  
  122. # Port the bind the Admin API server to
  123. admin_port = 5001
  124.  
  125. #Role that allows to perform admin operations.
  126. keystone-admin-role = Admin
  127.  
  128. #Role that allows to perform service admin operations.
  129. keystone-service-admin-role = KeystoneServiceAdmin
  130.  
  131. [keystone.backends.sqlalchemy]
  132. # SQLAlchemy connection string for the reference implementation registry
  133. # server. Any valid SQLAlchemy connection string is fine.
  134. # See: http://bit.ly/ideIpI
  135. sql_connection = mysql://keystonedbadmin:keystonedbadminpasswd@127.0.0.1/keystone
  136. backend_entities = ['UserRoleAssociation', 'Endpoints', 'Role', 'Tenant',
  137. 'User', 'Credentials', 'EndpointTemplates', 'Token',
  138. 'Service']
  139.  
  140. # Period in seconds after which SQLAlchemy should reestablish its connection
  141. # to the database.
  142. sql_idle_timeout = 30
  143.  
  144. [pipeline:admin]
  145. pipeline =
  146. urlrewritefilter
  147. admin_api
  148.  
  149. [pipeline:keystone-legacy-auth]
  150. pipeline =
  151. urlrewritefilter
  152. legacy_auth
  153. RAX-KEY-extension
  154. service_api
  155.  
  156. [app:service_api]
  157. paste.app_factory = keystone.server:service_app_factory
  158.  
  159. [app:admin_api]
  160. paste.app_factory = keystone.server:admin_app_factory
  161.  
  162. [filter:urlrewritefilter]
  163. paste.filter_factory = keystone.middleware.url:filter_factory
  164.  
  165. [filter:legacy_auth]
  166. paste.filter_factory = keystone.frontends.legacy_token_auth:filter_factory
  167.  
  168. [filter:RAX-KEY-extension]
  169. paste.filter_factory = keystone.contrib.extensions.service.raxkey.frontend:filter_factory
  170.  
  171.  
  172. ## /etc/swift/proxy-server.conf
  173.  
  174. [DEFAULT]
  175. bind_port = 8080
  176. user = swift
  177.  
  178. [pipeline:main]
  179. pipeline = catch_errors cache keystone proxy-server
  180.  
  181. [app:proxy-server]
  182. use = egg:swift#proxy
  183. account_autocreate = true
  184.  
  185. [filter:keystone]
  186. use = egg:keystone#swiftauth
  187. keystone_admin_token = 999888777666
  188. keystone_url = http://10.2.20.51:5001/2.0
  189.  
  190.  
  191. [filter:cache]
  192. use = egg:swift#memcache
  193. set log_name = cache
  194.  
  195. [filter:catch_errors]
  196. use = egg:swift#catch_errors
  197.  
  198. ######
  199. ###### Testing keystone works fine:
  200. ######
  201.  
  202. root@Swift1:/etc/swift# curl -s -d '{"tenantName": "MyTenant", "passwordCredentials": {"username": "myuser", "password": "mypassword"}}' -H 'Content-type: application/json' http
  203. ://10.2.20.51:5001/v2.0/tokens | python -mjson.tool
  204. {
  205. "auth": {
  206. "serviceCatalog": {
  207. "glance": [
  208. {
  209. "adminURL": "http://10.2.20.51:9292/v1.1/MyTenant",
  210. "internalURL": "http://10.2.20.51:9292/v1.1/MyTenant",
  211. "publicURL": "http://10.2.20.51:9292/v1.1/MyTenant",
  212. "region": "RegionOne"
  213. }
  214. ],
  215. "keystone": [
  216. {
  217. "adminURL": "http://10.2.20.51:5001/v2.0",
  218. "internalURL": "http://10.2.20.51:5000/v2.0",
  219. "publicURL": "http://10.2.20.51:5000/v2.0",
  220. "region": "RegionOne"
  221. }
  222. ],
  223. "nova": [
  224. {
  225. "adminURL": "http://10.2.20.51:8774/v1.1/MyTenant",
  226. "internalURL": "http://10.2.20.51:8774/v1.1/MyTenant",
  227. "publicURL": "http://10.2.20.51:8774/v1.1/MyTenant",
  228. "region": "RegionOne"
  229. }
  230. ],
  231. "swift": [
  232. {
  233. "adminURL": "http://10.2.20.51:8080/",
  234. "internalURL": "http://10.2.20.51:8080/v1/AUTH_MyTenant",
  235. "publicURL": "http://10.2.20.51:8080/v1/AUTH_MyTenant",
  236. "region": "RegionOne"
  237. }
  238. ]
  239. },
  240. "token": {
  241. "expires": "2015-02-05T00:00:00",
  242. "id": "999888777666"
  243. }
  244. }
  245.  
  246.  
  247. ##### We can even get a 24 hrs valid token for a newly created User / Tenant combo (and setting up proper endpoints)
  248.  
  249. root@Swift1:/etc/swift# keystone-manage tenant add TestTenant
  250. SUCCESS: Tenant TestTenant created.
  251.  
  252. root@Swift1:/etc/swift# keystone-manage user add TestUser Testpasswd
  253. SUCCESS: User TestUser created.
  254. root@Swift1:/etc/swift# keystone-manage role add Member
  255. SUCCESS: Role Member created successfully.
  256. root@Swift1:/etc/swift# keystone-manage role grant Member TestUser
  257. SUCCESS: Granted Member the TestUser role on None.
  258. root@Swift1:/etc/swift# keystone-manage role grant Admin TestUser TestTenant
  259. SUCCESS: Granted Admin the TestUser role on TestTenant.
  260. root@Swift1:/etc/swift# keystone-manage role grant Member TestUser MyTenant
  261. SUCCESS: Granted Member the TestUser role on MyTenant.
  262. root@Swift1:/etc/swift# keystone-manage endpoint add TestTenant 1
  263. SUCCESS: Endpoint 1 added to tenant TestTenant.
  264. root@Swift1:/etc/swift# keystone-manage endpoint add TestTenant 2
  265. SUCCESS: Endpoint 2 added to tenant TestTenant.
  266. root@Swift1:/etc/swift# keystone-manage endpoint add TestTenant 3
  267. SUCCESS: Endpoint 3 added to tenant TestTenant.
  268. root@Swift1:/etc/swift# keystone-manage endpoint add TestTenant 4
  269. SUCCESS: Endpoint 4 added to tenant TestTenant.
  270.  
  271. root@Swift1:/etc/swift# curl -s -d '{"tenantName": "TestTenant", "passwordCredentials": {"username": "TestUser", "password": "Testpasswd"}}' -H 'Content-type: application/json' http://10.2.20.51:5001/v2.0/tokens | python -mjson.tool
  272. {
  273. "auth": {
  274. "serviceCatalog": {
  275. "glance": [
  276. {
  277. "adminURL": "http://10.2.20.51:9292/v1.1/%tenant_id%",
  278. "internalURL": "http://10.2.20.51:9292/v1.1/%tenant_id%",
  279. "publicURL": "http://10.2.20.51:9292/v1.1/%tenant_id%",
  280. "region": "RegionOne"
  281. }
  282. ],
  283. "keystone": [
  284. {
  285. "adminURL": "http://10.2.20.51:5001/v2.0",
  286. "internalURL": "http://10.2.20.51:5000/v2.0",
  287. "publicURL": "http://10.2.20.51:5000/v2.0",
  288. "region": "RegionOne"
  289. }
  290. ],
  291. "nova": [
  292. {
  293. "adminURL": "http://10.2.20.51:8774/v1.1/%tenant_id%",
  294. "internalURL": "http://10.2.20.51:8774/v1.1/%tenant_id%",
  295. "publicURL": "http://10.2.20.51:8774/v1.1/%tenant_id%",
  296. "region": "RegionOne"
  297. }
  298. ],
  299. "swift": [
  300. {
  301. "adminURL": "http://10.2.20.51:8080/",
  302. "internalURL": "http://10.2.20.51:8080/v1/AUTH_%tenant_id%",
  303. "publicURL": "http://10.2.20.51:8080/v1/AUTH_%tenant_id%",
  304. "region": "RegionOne"
  305. }
  306. ]
  307. },
  308. "token": {
  309. "expires": "2012-02-22T12:18:34.287003",
  310. "id": "614986da-1a37-480e-b82b-8c95afec8dc3"
  311. }
  312. }
  313.  
  314. ### Closer look at the 24 hrs valid token:
  315.  
  316. oot@Swift1:/etc/swift# mysql -u root -pmysqlpasswd -e 'select * from keystone.token;'
  317. +--------------------------------------+----------+-----------+---------------------+
  318. | id | user_id | tenant_id | expires |
  319. +--------------------------------------+----------+-----------+---------------------+
  320. | 999888777666 | myuser | MyTenant | 2015-02-05 00:00:00 |
  321. | 614986da-1a37-480e-b82b-8c95afec8dc3 | TestUser | NULL | 2012-02-22 12:18:34 |
  322. +--------------------------------------+----------+-----------+---------------------+
  323.  
  324. # And get some details on it:
  325.  
  326. root@Swift1:/etc/swift# curl -H "X-Auth-Token:999888777666" http://10.2.20.51:5001/v2.0/tokens/614986da-1a37-480e-b82b-8c95afec8dc3 | python -mjson.tool
  327. % Total % Received % Xferd Average Speed Time Time Time Current
  328. Dload Upload Total Spent Left Speed
  329. 100 198 100 198 0 0 14593 0 --:--:-- --:--:-- --:--:-- 15230
  330. {
  331. "auth": {
  332. "token": {
  333. "expires": "2012-02-22T12:18:34",
  334. "id": "614986da-1a37-480e-b82b-8c95afec8dc3"
  335. },
  336. "user": {
  337. "roleRefs": [
  338. {
  339. "id": 3,
  340. "roleId": "Member"
  341. }
  342. ],
  343. "tenantId": null,
  344. "username": "TestUser"
  345. }
  346. }
  347. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!