Red Hat Summit Red Hat SummitApoyoConsolaDesarrolladoresIniciar una pruebaContacto

Este contenido no está disponible en el idioma seleccionado.

3.6. Create the Identity Service Endpoint

Once the Identity service has been started, its API endpoint must be defined. Some OpenStack services, including the dashboard, will not work unless this record is present.
All steps in this procedure must be performed on the Identity server, while logged in as the root user.

Procedure 3.10. Creating the Identity Service Endpoint

  1. Set up the shell to access Keystone as the admin user: 
    # source ~/keystonerc_admin
    Copy to Clipboard Toggle word wrap
  2. Set the OS_SERVICE_TOKEN environment variable to the administration token. This is done by reading the token file created when setting the administration token: 
    [(keystone_admin)]# export OS_SERVICE_TOKEN=`cat ~/ks_admin_token`
    Copy to Clipboard Toggle word wrap
  3. Set the OS_SERVICE_ENDPOINT environment variable to point to the server hosting the Identity service: 
    [(keystone_admin]# export OS_SERVICE_ENDPOINT='http://IP:35357/v2.0'
    Copy to Clipboard Toggle word wrap
    Replace IP with the IP address or host name of the Identity server.
  4. Create a service entry for the Identity service: 
    [(keystone_admin)]# keystone service-create --name=keystone --type=identity \
   --description="Keystone Identity service"
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |     Keystone Identity service    |
| enabled     |               True               |
| id          | a8bff1db381f4751bd8ac126464511ae |
| name        |             keystone             |
| type        |             identity             |
+-------------+----------------------------------+
    Copy to Clipboard Toggle word wrap
  5. Create an endpoint entry for the v2.0 API Identity service: 
    [(keystone_admin)]# keystone endpoint-create \
   --service keystone \
   --publicurl 'https://IP:443/v2.0' \
   --adminurl 'https://IP:443/v2.0' \
   --internalurl 'https://IP:5000/v2.0' \
   --region 'RegionOne'
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| adminurl    |       https://IP:443/keystone/admin       |
| id          | 1295011fdc874a838f702518e95a0e13 |
| internalurl |       https://IP:5000/v2.0        |
| publicurl   |       https://IP:443/keystone/main        |
| region      |             RegionOne            |
| service_id  |                 ID               |
+-------------+----------------------------------+
    Copy to Clipboard Toggle word wrap
    Replace IP with the IP address or host name of the Identity server.

    Note

    By default, the endpoint is created in the default region, RegionOne. If you need to specify a different region when creating an endpoint, use the --region argument.

3.6.1. Service Regions
Copiar enlace

Each service cataloged in the Identity service is identified by its region, which typically represents a geographical location, and its endpoint. In a Red Hat OpenStack Platform environment with multiple Compute deployments, regions allow for the discrete separation of services, and are a robust way to share some infrastructure between Compute installations, while allowing for a high degree of failure tolerance.
Administrators determine which services are shared between regions and which services are used only with a specific region. By default, when an endpoint is defined and no region is specified, it is created in the region named RegionOne.
To begin using separate regions, specify the --region argument when adding service endpoints: 
[(keystone_admin)]# keystone endpoint-create --region 'RegionOne' \
   --service SERVICENAME\   
   --publicurl PUBLICURL
   --adminurl ADMINURL
   --internalurl INTERNALURL
Copy to Clipboard Toggle word wrap
Replace REGION with the name of the region to which the endpoint belongs. When sharing an endpoint between regions, create an endpoint entry containing the same URLs for each applicable region. For information on setting the URLs for each service, see the Identity service configuration information of the service in question.

Example 3.1. Endpoints Within Discrete Regions

In this example, the APAC and EMEA regions share an Identity server (identity.example.com) endpoint, while providing region specific compute API endpoints: 
$ keystone endpoint-list
+---------+--------+------------------------------------------------------+
|   id    | region |                      publicurl                       |
+---------+--------+------------------------------------------------------+
| 0d8b... |  APAC  |         http://identity.example.com:5000/v3          |
| 769f... |  EMEA  |         http://identity.example.com:5000/v3          |
| 516c... |  APAC  |  http://nova-apac.example.com:8774/v2/%(tenant_id)s  |
| cf7e... |  EMEA  |  http://nova-emea.example.com:8774/v2/%(tenant_id)s  |
+---------+--------+------------------------------------------------------+
Copy to Clipboard Toggle word wrap
Volver arriba
Red Hat logoGithubredditYoutubeTwitter

Aprender

Pruebe, compre y venda

Comunidades

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar. Explore nuestras recientes actualizaciones.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

Theme

© 2025 Red Hat