You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
“Enter current password for root (enter for none):”
Leave empty
“Set root password? [Y/n] y”
Say yes and copy your password
“Remove anonymous users? [Y/n] n”
Say no
“Disallow root login remotely? [Y/n] n”
Say no
“Remove test database and access to it? [Y/n] n”
Say no
“Reload privilege tables now? [Y/n] y”
Say yes
Put your password on the commands bellow before you copy them into the Database:
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY '***YOUR PASSWORD HERE***';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY '***YOUR PASSWORD HERE***';
openstack project create --domain default \
--description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | eb8dbd3a6d1040288d3bb4c3d7275c8b |
| is_domain | False |
| name | service |
| parent_id | default |
+-------------+----------------------------------+
openstack project create --domain default \
--description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 4bcf45bbcd894dd58b196cee3090636a |
| is_domain | False |
| name | demo |
| parent_id | default |
+-------------+----------------------------------+
openstack user create --domain default \
--password-prompt demo
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 5960dcaf********452a8 |
| name | demo |
| password_expires_at | None |
+---------------------+----------------------------------+
openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 1bb78c2b5ae54449b7689450905d1fd6 |
| name | user |
+-----------+----------------------------------+
openstack role add --project demo --user demo user
For security reasons, disable the temporary authentication token mechanism:
Edit the /etc/keystone/keystone-paste.ini file and remove admin_token_auth from the [pipeline:public_api], [pipeline:admin_api], and [pipeline:api_v3] sections.
sudo vim /etc/keystone/keystone-paste.ini
unset OS_AUTH_URL OS_PASSWORD
update /etc/hosts to set controller to resolve to localhost:
ubuntu@stan:~$ sudo vi /etc/hosts
ubuntu@stan:~$ grep controller /etc/hosts
127.0.0.1 localhost controller
ubuntu@stan:~$
ubuntu@stan:~$ ping -c 1 controller
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.039 ms
--- localhost ping statistics ---
1 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.039/0.042/0.045/0.003 ms
As the admin user, request an authentication token:
ubuntu@stan:~$ sudo mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 50
Server version: 10.0.34-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE glance;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY '**************';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY '**************';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> \q
Bye
ubuntu@stan:~$
Source the admin credentials to gain access to admin-only CLI commands:
ubuntu@stan:~$ . admin-openrc
To create the service credentials, complete these steps:
openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 937d2b35*****************c8f4131 |
| name | glance |
| password_expires_at | None |
+---------------------+----------------------------------+
openstack role add --project service --user glance admin
openstack service create --name glance \
--description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | d54131c0******************779ee5 |
| name | glance |
| type | image |
+-------------+----------------------------------+
openstack endpoint create --region RegionOne \
image public http://localhost:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 210598e********************adae8 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d54131**********************9ee5 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne \
image internal http://localhost:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0761e2*******************40e9582 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d54131**********************9ee5 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne \
image admin http://localhost:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 69034a*********************a23e8 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d5413********************9779ee5 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
Install and configure components
Install the packages:
sudo apt install glance
Edit the /etc/glance/glance-api.conf file and complete the following actions:
sudo vim /etc/glance/glance-api.conf
In the [database] section, configure database access:
ubuntu@stan:~$ sudo mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 59
Server version: 10.0.34-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE nova_api;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE nova;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY '***************';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY ''***************';';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY ''***************';';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY ''***************';';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> \q
Bye
ubuntu@stan:~$
Source the admin credentials to gain access to admin-only CLI commands:
. admin-openrc
To create the service credentials, complete these steps:
openstack user create --domain default \
--password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 960f8749*****************2a7f517 |
| name | nova |
| password_expires_at | None |
+---------------------+----------------------------------+
Add the admin role to the nova user:
openstack role add --project service --user nova admin
openstack service create --name nova \
--description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 4f104***********************048f |
| name | nova |
| type | compute |
+-------------+----------------------------------+