Chapter 3. OpenStack Identity Service Installation
- 3.1. Identity Service Overview
- 3.2. Identity Service Requirements
- 3.3. Install the Identity Packages
- 3.4. Create the Identity Database
- 3.5. Configure the Identity Service
- 3.6. Start the Identity Service
- 3.7. Create the Identity Service Endpoint
- 3.8. Create an Administrator Account
- 3.9. Create a Regular User Account
- 3.10. Create the Services Tenant
- 3.11. Validate the Identity Service Installation
3.1. Identity Service Overview
The Identity service authenticates and authorizes OpenStack users; the service is used by all OpenStack components. The service supports multiple forms of authentication including user name and password credentials, token-based systems, and AWS-style logins (Amazon Web Services).
The Identity service also provides a central catalog of services and endpoints running in a particular OpenStack cloud, which acts as a service directory for other OpenStack systems. OpenStack services use the following endpoints:
adminURL, the URL for the administrative endpoint for the service. Only the Identity service might use a value here that is different from publicURL; all other services will use the same value.internalURL, the URL of an internal-facing endpoint for the service (typically the same as thepublicURL).publicURL, the URL of the public-facing endpoint for the service.region, in which the service is located. By default, if a region is not specified, the 'RegionOne' location is used.
The Identity service uses the following concepts:
- Users, which have associated information (such as a name and password). In addition to custom users, a user must be defined for each cataloged service (for example, the 'glance' user for the Image service).
- Tenants, which are generally the user's group, project, or organization.
- Roles, which determine a user's permissions.
Table 3.1. Identity Service components
| Component | Description |
|---|---|
|
keystone
|
Provides the administrative and public APIs.
|
|
Databases
|
For each of the internal services.
|