Identity Service

# defines the endpoints for services

Service catalog template (default_catalog.templates)

# When the Identity Service is online, you must add the services to the catalog.

A SQL backend for the catalog service. (MySQL)

# List the available services:

keystone service-list

+----------------------------------+------------+-----------+------------------------------+
|                id                |    name    |    type   |         description          |
+----------------------------------+------------+-----------+------------------------------+
| 6a0cc2a93d5844bd9c8dbc47bd9d3c16 | ceilometer |  metering |  Openstack Metering Service  |
| 4fde301949a24862a3d6754059d44513 |   cinder   |   volume  |        Cinder Service        |
| 844afc222e49478aa3b476fb41752b43 | cinder_v2  |  volumev2 |      Cinder Service v2       |
| ac304d4c115442f3abd4336dfadee960 |  cinderv2  |  volumev2 |      Cinder Service v2       |
| bad42aa49d0c41dc9b5a098b249f78c7 |   glance   |   image   |   Openstack Image Service    |
| 57a125f1298f40a3bea767030175f285 |  keystone  |  identity |  OpenStack Identity Service  |
| c03e92b137814ae0aaabee8c8dee2f74 |    nova    |  compute  |  Openstack Compute Service   |
| 3c2dc01254484cc5a52df3ff4d0b0f4d |  nova_ec2  |    ec2    |         EC2 Service          |
| cf4e0489b94149639f35cf926f3de5bb |   novav3   | computev3 | Openstack Compute Service v3 |
+----------------------------------+------------+-----------+------------------------------+

# To create a service

keystone service-create --name service_name --type service_type --description service_description

service_type

    identity,
    compute,
    network,
    image,
    object-store

* delete

keystone service-delete SERVICE_ID

# To get details for a service

keystone service-get service_ID

+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |        Cinder Service v2         |
|   enabled   |               True               |
|      id     | 844afc222e49478aa3b476fb41752b43 |
|     name    |            cinder_v2             |
|     type    |             volumev2             |
+-------------+----------------------------------+

# Create service users
# Create a project for the service users.

keystone tenant-create --name service

* delete a project

keystone tenant-delete PROJECT_ID

keystone role-list

+----------------------------------+---------------+
|                id                |      name     |
+----------------------------------+---------------+
| 9609109e0a6a4aa0b7b4604bb6d0a954 | ResellerAdmin |
| 9fe2ff9ee4384b1894a90878d3e92bab |    _member_   |
| 548c9c07684c4ad1994a9a2e45438e53 |     admin     |
+----------------------------------+---------------+

# To assign the admin role to the service user-project pairs

keystone user-role-add --user SERVICE_USER_ID --role ADMIN_ROLE_ID --tenant SERVICE_PROJECT_ID

Manage Compute services
=================

nova service-list

# Disable a nova service:
nova service-disable localhost.localdomain nova-compute --reason 'trial log'

# Enable the service:
nova service-enable localhost.localdomain nova-compute

UM
==

keystone user-list

keystone user-create --name new-user --tenant_id 1a4a0618b306462c9830f876b0bd6af2 --pass PASSWORD

# disable a user account
keystone user-update USER_ID --enabled false
# enable a disabled user account
keystone user-update USER_ID --enabled true

* Delete

keystone user-delete USER_ID

keystone tenant-list
keystone role-list
keystone role-create --name new-role
keystone user-list

keystone user-role-add --user USER_ID --role ROLE_ID --tenant TENANT_ID

keystone user-role-list --user USER_ID --tenant TENANT_ID

* remove

keystone user-role-remove --user USER_ID --role ROLE_ID --tenant TENANT_ID

security group
=========

# Create group

nova secgroup-create Group Name Description

# Add rule

nova secgroup-add-rule secGroupName ip-protocol from-port to-port CIDR

i.e.
        nova secgroup-add-rule global_http tcp 80 80 0.0.0.0/0

# List

nova secgroup-list

+----+-----------+-----------------------+
| Id | Name      | Description           |
+----+-----------+-----------------------+
| 4  | allow_all | allow all tcp traffic |
| 1  | default   | default               |
+----+-----------+-----------------------+

nova secgroup-list-rules default

+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | 8         | 0       | 0.0.0.0/0 |              |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

* Delete

nova secgroup-delete <GroupName>

nova secgroup-delete-group-rule <secgroup> <source-group> <ip-proto>  <from-port> <to-port>

nova secgroup-delete-rule <secgroup> <ip-proto> <from-port> <to-port> <cidr>