7.3. Networking Prerequisite Configuration

⁠7.3. Networking Prerequisite Configuration

⁠7.3.1. Configure OpenStack Networking Authentication

This section outlines the steps for creating and configuring Identity service records required by the Networking service.

Create the neutron user, who has the admin role in the services tenant.
Create the neutron service entry and assign it an endpoint.

These entries will assist other OpenStack services attempting to locate and access the networking functionality provided by the OpenStack Networking service. In order to proceed, you should have already performed the following (through the Identity service):

Created an Administrator role named admin (refer to Section 3.8, “Create an Administrator Account” for instructions)
Created the services tenant (refer to Section 3.10, “Create the Services Tenant” for instructions)

Note

The Deploying OpenStack: Learning Environments guide uses one tenant for all service users. For more information, refer to Section 3.10, “Create the Services Tenant”.

You can perform the following procedure from your Identity service host or on any machine where you've copied the keystonerc_admin file (which contains administrator credentials) and the keystone command-line utility is installed.

⁠

Procedure 7.2. Configuring OpenStack Networking to authenticate through the Identity Service

Authenticate as the administrator of the Identity service by running the source command on the keystonerc_admin file containing the required credentials:
```
# source ~/keystonerc_admin
```

Create a user named neutron for the OpenStack Networking service to use:

# keystone user-create --name neutron --pass PASSWORD
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |                                  |
| enabled  |               True               |
|    id    | 1df18bcd14404fa9ad954f9d5eb163bc |
|   name   |              neutron             |
| tenantId |                                  |
+----------+----------------------------------+

Replace PASSWORD with a secure password that will be used by the OpenStack Networking service when authenticating with the Identity service.

Use the keystone user-role-add command to link the neutron user, admin role, and services tenant together:
```
# keystone user-role-add --user neutron --role admin --tenant services
```

Create the neutron service entry:

# keystone service-create --name neutron \
        --type network \
        --description "OpenStack Networking Service"
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |   OpenStack Networking Service   |
|      id     | 134e815915f442f89c39d2769e278f9b |
|     name    |              neutron             |
|     type    |              network             |
+-------------+----------------------------------+

Create the network endpoint entry:

# keystone endpoint-create --service-id SERVICE_ID \
        --service neutron \
        --publicurl "http://IP:9696" \
        --adminurl "http://IP:9696" \
        --internalurl "http://IP:9696"

Replace SERVICE_ID with the service identifier from the previous step, and replace IP with the IP address or host name of the system that will be acting as the network node.

All supporting Identity service entries required by the OpenStack Networking service have been created.