certbot-dns-openstack/doc/source/install/common_prerequisites.rst

Prerequisites

Before you install and configure the certbot-dns-openstack service, you must create a database, service credentials, and API endpoints.

1. To create the database, complete these steps:

   • Use the database access client to connect to the database server as the root user:

     $ mysql -u root -p

   • Create the certbot_dns_openstack database:

     CREATE DATABASE certbot_dns_openstack;

   • Grant proper access to the certbot_dns_openstack database:

     GRANT ALL PRIVILEGES ON certbot_dns_openstack.* TO 'certbot_dns_openstack'@'localhost' \
       IDENTIFIED BY 'CERTBOT_DNS_OPENSTACK_DBPASS';
     GRANT ALL PRIVILEGES ON certbot_dns_openstack.* TO 'certbot_dns_openstack'@'%' \
       IDENTIFIED BY 'CERTBOT_DNS_OPENSTACK_DBPASS';

     Replace CERTBOT_DNS_OPENSTACK_DBPASS with a suitable password.

   • Exit the database access client.

     exit;

2. Source the admin credentials to gain access to admin-only CLI commands:

   $ . admin-openrc

3. To create the service credentials, complete these steps:

   • Create the certbot_dns_openstack user:

     $ openstack user create --domain default --password-prompt certbot_dns_openstack

   • Add the admin role to the certbot_dns_openstack user:

     $ openstack role add --project service --user certbot_dns_openstack admin

   • Create the certbot_dns_openstack service entities:

     $ openstack service create --name certbot_dns_openstack --description "certbot-dns-openstack" certbot-dns-openstack

4. Create the certbot-dns-openstack service API endpoints:

   $ openstack endpoint create --region RegionOne \
     certbot-dns-openstack public http://controller:XXXX/vY/%\(tenant_id\)s
   $ openstack endpoint create --region RegionOne \
     certbot-dns-openstack internal http://controller:XXXX/vY/%\(tenant_id\)s
   $ openstack endpoint create --region RegionOne \
     certbot-dns-openstack admin http://controller:XXXX/vY/%\(tenant_id\)s