No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

OceanStor BCManager 6.5.0 eReplication User Guide 02

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Connecting to the IAM Service

Connecting to the IAM Service

To interconnect the eReplication Server with IAM, create an IAM internal account and an IAM role.The Nova, Neutron, Cinder, DrExtend, Nova-Ext, and Ceilometer services need to be registered with IAM so that they can be invoked by interfaces through OpenStack Client.

Prerequisites

  • A cross-platform remote access tool, such as PuTTY, is available.
  • The reverse proxy IP address and fsp account's password of FusionSphere OpenStack have been obtained.
  • The production and DR regions have been added to the eReplication Server and IAM. For details about how to add a region to the eReplication Server, see Adding Information of Regions. For details about how to add a region to IAM, see Creating a Region in the CloudSOP_x.x_ Administrator Guide.

Procedure

  1. Create an IAM internal account.

    If IAM is selected, contact IAM maintenance engineers to create an internal account. Domain needs to be set to op_service.

    1. Configure the preset role based on the following template:

      {
             "user" : 
             {
             "name" : "csha_service",
             "mobile" : "123456789",
             "email" : "123@huawei.com",
             "password" : "Changeme_123",
             "domain_name" : "op_service",
             "bind_group" : "services", 
             "access" : "AXXXXAXXXXAXXXXAXXX1", 
             "secret" : "AXXXXAXXXXAXXXXAXXXXAXXXXAXXXXAXXXXaXXX1" 
             }
      }

    2. Name the filled file as creatUser.json and save it to <Installation directory>/<Product name>/apps/IAMToolService/tools. (If there is a file named creatUser.json under this directory, you can directory modify this file or fill in one to replace it.) Then, run chown -R ossuser:ossgroup Folder path to change the owning group of the file to ossuser:ossgroup.
    3. Run the following command to switch to the save directory of the tool.

      cd<Installation directory>/<Product name>/apps/IAMToolService/tools

    4. Run the following command to switch to user ossuser:

      suossuser

    5. Run the following command to create an account:

      bash ServiceUserHandler.sh createUser user.json

    6. Enter user preset_user's password as prompted.

      Please enter preset_user's password: the password of preset_user
      If Success is displayed, roles have been imported successfully. If Fail is displayed, roles have failed to be imported.

  2. Creates an IAM role.
    1. Configure preset roles for each service based on the following template. Creation of csha_admin is used as an example.

      [
          {
              "name": "csha_adm",
              "display_name": "CSHA Administrator",
              "description": " CSHA Administrator",
              "catalog": " CSHA",
              "policy": {
                  "Version": "1.0",
                  "Statement": [
                      {
                          "Effect": "Allow",
                          "Action": [
                              " CSHA: CSHA:*"
                          ]
                      }
                  ],
                  "Depends": [
      				 {
                  "catalog" : "BASE",
                  "display_name" : "Server Administrator"
                },
                {
                  "catalog" : "BASE",
                  "display_name" : "Tenant Guest"
                }
      ]
              }
          }
      ]
      

    2. Name the filled file as roles.json and save it to <Installation directory>/<Product name>/apps/IAMCoreService/tools/import_custom_files. (If there is a file named roles.json under this directory, you can directory modify this file or fill in one to replace it.) Then, run chown -R ossuser:ossgroup Path to the folder to change the owning group of the file to ossuser:ossgroup.
    3. Run the following command to switch to directory IAMCoreService/tools/import_custom_files:cd<Installation directory>/<Product name>/apps/IAMCoreService/tools/import_custom_files
    4. Run the following commands to switch to user ossuser and import roles:

      • su ossuser
      • sh ./role.sh --cmd import --dir <path>
      NOTE:

      <path> indicates the path to file roles.json. Its default value is <Installation directory>/<Product name>/apps/IAMCoreService/tools/import_custom_files.

    5. Enter user preset_user's password as prompted. If Success is displayed, roles have been imported successfully. If Fail is displayed, roles have failed to be imported.
  3. On IAM, register the endpoint.

    The Nova, Neutron, Cinder, DrExtend, Nova-Ext, Ceilometer, and Image services need to be registered with IAM so that they can be invoked by interfaces through OpenStack Client.

    1. Obtain the token.

      1. Obtain the token of service user iam_authui created by tenant op_service.
        curl -i -k -H 'Accept:application/json' -H 'Content-Type:application/json;charset=utf8' -X POST -
        d'{"auth": {"identity": {"methods": ["password"],"password": {"user": {"name":
        "iam_authui","password": "*****","domain": {"name": "op_service"}}}},"scope": {"domain": {"name":
        "op_service"}}}}' https://172.30.48.86:31943/v3/auth/tokens
        NOTE:
        • This command must be run by user root.
        • The password of user iam_authui can be changed based on requirements. The default password is Changeme_123.
      2. Record the token value (value of X-Subjext-Token in the output) obtained in 3.a.i.



      3. Run the following command to import the token as the environment variable.
        export token=XXX
        NOTE:
        XXX is the token value obtain in 3.a.ii.

    2. Register a service.

      Run the following command to register a service: curl -i -k -H 'Accept:application/json' -H 'Content-Type:application/json;charset=utf8' -H "X-Auth-Token:$token" -d'{"service":{"type":"service_type", "name": "service_name"}}' -X POST https://iam_ip:31943/v3/services

      In this command, service_type indicates the service type, service_name indicates the service name, and iam_ip indicates the IAM service IP address. See them based on the actual conditions.

      The following command uses Nova as an example: curl -i -k -H 'Accept:application/json' -H 'Content-Type:application/json;charset=utf8' -H "X-Auth-Token:$token" -d'{"service":{"type":"bcm-compute", "name": "nova"}}' -X POST https://172.30.48.86:31943/v3/services

      The command output is as follows:

      {
      "service": {
         "name": "nova",
         "links": {
            "self": "None/v3/services/aff607dc6dec4a9ebaab1b5dd14b1526"
      },
         "enabled": true,
         "type": "bcm-compute",
         "id": " aff607dc6dec4a9ebaab1b5dd14b1526",
         "description": "service of nova"
         }
      }
      NOTE:
      • The service type field varies with the registered service (the bcm-compute field in this example). The bcm- prefix is necessary.
        • Nova: bcm-compute
        • Neutron: bcm-network
        • Cinder: bcm-volume
        • DrExtend: bcm-agent
        • Nova-Ext: bcm-compute-ext
        • Ceilometer: bcm-metering
        • Glance: bcm-image
      • Based on the preceding information, register the Nova. Neutron, Cinder, DrExtend, Nova-Ext, Ceilometer, Glance services in sequence and record their service IDs which will be used during endpoint registration.
      • After Nova, Neutron, Cinder, DrExtend, Nova-Ext, Ceilometer, and Glance are all registered, you can use curl -i -k -H 'Accept:application/json' -H 'Content-Type:application/json;charset=utf8' -H "X-Auth-Token:$token" -X GET https://172.30.48.86:31943/v3/services to query whether all services are successfully registered.

    3. Register the endpoint.

      NOTE:

      In multi-region scenarios, endpoint information must be registered in both the production and DR regions.

      Run the following command to register a service: curl -i -k -H 'Accept:application/json' -H 'Content-Type:application/json;charset=utf8' -H "X-Auth-Token:$token" -X POST -d'{"endpoint":{"url":"endpoint_url","service_id":"service_id","interface":"public","region_id":"region_id"}}' https://iam_ip:31943/v3/endpoints

      In this command, endpoint_url indicates the endpoint URL, service_id indicates the service ID recorded during the service registration, region_id indicates the region ID added to IAM, and iam_ip indicates the IAM service IP address. See them based on the actual conditions.

      The following command uses Nova as an example: curl -i -k -H 'Accept:application/json' -H 'Content-Type:application/json;charset=utf8' -H "X-Auth-Token:$token" -X POST -d'{"endpoint":{"url":"https://compute.az1.dc1.domainname.com:443/v2/$ (tenant_id)s","service_id":"51dc4f8cfa4a479ab5092c93c337a8ad","interface":"public","region_id":"region"}}' https://172.30.48.86:31943/v3/endpoints

      The command output is as follows:

      {
         "endpoint": {
         "links": {
             "self": "compute.az1.dc1.domainname.com:443/v2/$(tenant_id)s"
         },
         "region": "region",
         "region_id": "region",
         "enabled": true,
         "interface": "public",
         "service_id": "51dc4f8cfa4a479ab5092c93c337a8ad",
         "id": "59df71b351ae41f59f5a7dc73264964b"
         }
      }
      NOTE:
      • The compute.az1.dc1.domainname.com:443/v2/$(tenant_id)s field in the request body is the endpoint URL. The endpoint URL varies with the registered service. URL can be obtained by running openstack endpoint list on the OpenStack node.
      • Based on the preceding information, register the endpoint information for the Nova, Neutron, Cinder, DrExtend, Nova-Ext, Ceilometer, Glance services in sequence and record their endpoint IDs which can be used to query or delete incorrect records.

Translation
Download
Updated: 2019-05-21

Document ID: EDOC1100075861

Views: 14706

Downloads: 70

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next