Openstack Queens 环境搭建(三)Keystone服务

ljwsvip 2019-07-01

Controller节点:
1、创建keystone数据库,授予权限:

$ mysql -u root -p
密码:123456
MariaDB [(none)]> CREATE DATABASE keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY '123456';
MariaDB [(none)]> exit;

2、安装及配置组件

# yum install openstack-keystone httpd mod_wsgi

# vi /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:123456@controller/keystone
[token]
provider = fernet

# su -s /bin/sh -c "keystone-manage db_sync" keystone
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
# keystone-manage bootstrap --bootstrap-password 123456 \
  --bootstrap-admin-url http://controller:5000/v3/ \
  --bootstrap-internal-url http://controller:5000/v3/ \
  --bootstrap-public-url http://controller:5000/v3/ \
  --bootstrap-region-id RegionOne

3、配置Apache HTTP Server

# vi /etc/httpd/conf/httpd.conf
ServerName controller

# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

4、完成安装:

# systemctl enable httpd.service
# systemctl start httpd.service

5、配置管理帐户

$ export OS_USERNAME=admin
$ export OS_PASSWORD=123456
$ export OS_PROJECT_NAME=admin
$ export OS_USER_DOMAIN_NAME=Default
$ export OS_PROJECT_DOMAIN_NAME=Default
$ export OS_AUTH_URL=http://controller:35357/v3
$ export OS_IDENTITY_API_VERSION=3

6、创建域、项目、用户和角色:

$ openstack domain create --description "An Example Domain" example
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | An Example Domain                |
| enabled     | True                             |
| id          | 2f338489f6c64472a0b2b6db54ecc2df |
| name        | example                          |
| tags        | []                               |
+-------------+----------------------------------+
$ openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 84218999229845e2ad7f4e88208b3bee |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+
$ openstack project create --domain default --description "Demo Project" demo
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Demo Project                     |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 5c4692ce6659454eb830e7e9633a09f1 |
| is_domain   | False                            |
| name        | demo                             |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+
$ openstack user create --domain default --password-prompt demo
User Password:123456
Repeat User Password:123456
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 803e7ad2e94b4af39f9be9e0742b45fd |
| name                | demo                             |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
$ openstack role create user
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | cbe4799bac204eacbf0012a77dc349c4 |
| name      | user                             |
+-----------+----------------------------------+

$ openstack role add --project demo --user demo user

7、验证操作:

$ unset OS_AUTH_URL OS_PASSWORD

$ openstack --os-auth-url http://controller:35357/v3 \
  --os-project-domain-name Default --os-user-domain-name Default \
  --os-project-name admin --os-username admin token issue
Password: 123456
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                                                   |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2018-09-12T09:43:34+0000                                                                                                                                                                |
| id         | gAAAAABbmNG25wIya-0xFYb3zCW3ljtDTWnr8ZCpB4iAZPMfQnP-62EGiIr6aKEjO847h6jH5nNONRqeLXO2BC_bJ0O-b5Fwj2GZpYGWRSSucAU4Mh6MqLQzetbOsRCv9-ZGO6VQYkmr0cPTEm7kzuzUL2bwTcUCbAVCpuFvCnRUZ7Hu4FE5bAI |
| project_id | 4a5e42dd8cbf410f85a5f145039d69a6                                                                                                                                                        |
| user_id    | 2ffffa1e6cbe4d239bdacc9760a54dd5                                                                                                                                                        |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

$ openstack --os-auth-url http://controller:5000/v3 \
  --os-project-domain-name Default --os-user-domain-name Default \
  --os-project-name demo --os-username demo token issue
Password: 123456
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                                                   |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2018-09-12T09:45:20+0000                                                                                                                                                                |
| id         | gAAAAABbmNIgtMBObdQXwOlGu-HMLvKNTBZuYvVizTCn3aDJLMvqzQRTyjhfm5RjEkAgIWcYfal9TrjZan2VWL_AZ8cASpkBwoa0TQn_rWlZw1wh8xcDeb5XNES3jMNxhtZA87peDCnMkGJoMaJVhvkR4gsDQiIUmCImzjYv6ZvJjLgGEotBszY |
| project_id | 5c4692ce6659454eb830e7e9633a09f1                                                                                                                                                        |
| user_id    | 803e7ad2e94b4af39f9be9e0742b45fd                                                                                                                                                        |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

8、创建OpenStack客户端环境脚本:

# vi /root/admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

# vi /root/demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=123456
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

9、使用脚本验证:

$ . admin-openrc

$ openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                                                   |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2018-09-12T09:55:59+0000                                                                                                                                                                |
| id         | gAAAAABbmNSfM00gw3qvJi-U8ytTcBxfuVhgNkETRa-gh3PqLp6Md9cW_5FfbkUL1nyQGW4Bg_XvvdIhSBv7fXRnbfyqGxTxOUloe7BmnWgM9LqLn8Fm2FLQp8qcuFamyW-9_FZA5SPqxbYS1Ozk6fO7TRDWAIWdzy5i0-qqB4Ypt6vQOyW-pqk |
| project_id | 4a5e42dd8cbf410f85a5f145039d69a6                                                                                                                                                        |
| user_id    | 2ffffa1e6cbe4d239bdacc9760a54dd5                                                                                                                                                        |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

相关推荐