Форумы

Geek's Notes Universe :: Форумы :: OpenStack

How to switch from Keystone V2.0 to V3?

root
[ Истинный ДАО ]
Сообщений: 493
This blog describes end-to-end process for switching from Keystone V2.0 to V3.

Running a small experiment on single node OpenStack Havana instance on Ubuntu 12.04.4 LTS Precise Pangolin. I have used DevStack for deploying and configuring OpenStack which by default comes with Keystone V2.0. We had a requirement to test Domains functionality which was introduced in Keystone V3.

Making sure that we have a working version of OpenStack instance with Keystone V2.0.

Setup environment:

export OS_USERNAME=UserName 
export OS_TENANT_NAME=ProjectName
export OS_PASSWORD=Password
export OS_AUTH_URL=http://127.0.0.1:5000/v2.0
export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0
export SERVICE_TOKEN=KeystoneServiceToken



Run few CLIs and verify that they all succeed. Using CLI for initial testing, you can use REST APIs as well.

List Users:

keystone user-list


List Servers:

nova server-list


List VM Images:

glance image-list


Workflow:

Step 1: Keystone Policy File

Apply appropriate version of policy.json. Keystone V3 (domain feature) is not supported in default policy.json located at /etc/keystone/policy.json. The appropriate version of policy file is packaged with Keystone source code under /opt/stack/keystone/etc/policy.v3cloudsample.json.

mv /etc/keystone/policy.json /etc/keystone/policy.json.bak


cp /opt/stack/keystone/etc/policy.v3cloudsample.json /etc/keystone/policy.json


Step 2: Update Keystone Endpoints

Update Keystone endpoint in MySQL database. Keystone endpoints has three types of interfaces, "internal", "public", and "admin". They all must be set to V2.0. Internal and Public interface are set to the same URL.

$ mysql

mysql> use keystone;
mysql> select interface, url from endpoint e, service s where s.id=e.service_id and s.type="identity";
+-----------+-----------------------------+
| interface | url                         |
+-----------+-----------------------------+
| internal  | http://127.0.0.1:5000/v2.0  |
| public    | http://127.0.0.1:5000/v2.0  |
| admin     | http://127.0.0.1:35357/v2.0 |
+-----------+-----------------------------+
3 rows in set (0.00 sec)


Now, update all three URLs, change V2.0 API to V3 with:

mysql> select id from service where type="identity";

+----------------------------------+
| id                               |
+----------------------------------+
| b0bbb0370ee4402eb3770129fdc0c328 |
+----------------------------------+
1 row in set (0.00 sec)

mysql> update endpoint set url="http://127.0.0.1:5000/v3" where url="http://127.0.0.1:5000/v2.0" and service_id="b0bbb0370ee4402eb3770129fdc0c328";
mysql> update endpoint set url="http://127.0.0.1:35357/v3" where url="http://127.0.0.1:35357/v2.0" and service_id="b0bbb0370ee4402eb3770129fdc0c328";


Confirm that you have all three endpoints updated to V3:

mysql> select interface, url from endpoint e, service s where s.id=e.service_id and s.type="identity";

+-----------+---------------------------+
| interface | url                       |
+-----------+---------------------------+
| internal  | http://127.0.0.1:5000/v3  |
| public    | http://127.0.0.1:5000/v3  |
| admin     | http://127.0.0.1:35357/v3 |
+-----------+---------------------------+

3 rows in set (0.00 sec)


Step 3: Restart OpenStack Services

Restart Keystone, Nova, and Glance by re-joining DevStack screen session, locate screen for Keystone (named "key"). Hit "Ctrl + Z" followed by up arrow key + Enter.

$ cd devstack
$ ./rejoin-stack.sh


Step 4: Verification

Update Environment to update Keystone Endpoint:

export OS_AUTH_URL=http://127.0.0.1:5000/v3
export SERVICE_ENDPOINT=http://127.0.0.1:35357/v3


List Users:

You can either Keystone CLI or REST API.

keystone user-list 


curl -s GET http://127.0.0.1:35357/v3/users -H X-Auth-Token:$SERVICE_TOKEN  | jq .


List Servers:

Nova CLI is not supported with Keystone V3 so please use CLI reference to OpenStack APIs:

openstack --os-identity-api-version=3 image list


List Images:

Glance CLI is not supported with Keystone V3 so please use CLI reference to OpenStack APIs:

openstack --os-identity-api-version=3 server list

Модераторы: root, andrey, AndreikA, faerie.qveene, slavok

<< Предыдущая тема | Следующая тема >>

Перейти:     Наверх