ljwsvip 2019-07-01
Controller节点:
1、创建keystone数据库,授予权限:
$ mysql -u root -p 密码:123456 MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \ IDENTIFIED BY '123456'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \ IDENTIFIED BY '123456'; MariaDB [(none)]> exit;
2、安装及配置组件
# yum install openstack-keystone httpd mod_wsgi # vi /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:123456@controller/keystone [token] provider = fernet # su -s /bin/sh -c "keystone-manage db_sync" keystone # keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone # keystone-manage credential_setup --keystone-user keystone --keystone-group keystone # keystone-manage bootstrap --bootstrap-password 123456 \ --bootstrap-admin-url http://controller:5000/v3/ \ --bootstrap-internal-url http://controller:5000/v3/ \ --bootstrap-public-url http://controller:5000/v3/ \ --bootstrap-region-id RegionOne
3、配置Apache HTTP Server
# vi /etc/httpd/conf/httpd.conf ServerName controller # ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
4、完成安装:
# systemctl enable httpd.service # systemctl start httpd.service
5、配置管理帐户
$ export OS_USERNAME=admin $ export OS_PASSWORD=123456 $ export OS_PROJECT_NAME=admin $ export OS_USER_DOMAIN_NAME=Default $ export OS_PROJECT_DOMAIN_NAME=Default $ export OS_AUTH_URL=http://controller:35357/v3 $ export OS_IDENTITY_API_VERSION=3
6、创建域、项目、用户和角色:
$ openstack domain create --description "An Example Domain" example +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | An Example Domain | | enabled | True | | id | 2f338489f6c64472a0b2b6db54ecc2df | | name | example | | tags | [] | +-------------+----------------------------------+
$ openstack project create --domain default --description "Service Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | default | | enabled | True | | id | 84218999229845e2ad7f4e88208b3bee | | is_domain | False | | name | service | | parent_id | default | | tags | [] | +-------------+----------------------------------+
$ openstack project create --domain default --description "Demo Project" demo +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Demo Project | | domain_id | default | | enabled | True | | id | 5c4692ce6659454eb830e7e9633a09f1 | | is_domain | False | | name | demo | | parent_id | default | | tags | [] | +-------------+----------------------------------+
$ openstack user create --domain default --password-prompt demo User Password:123456 Repeat User Password:123456 +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | default | | enabled | True | | id | 803e7ad2e94b4af39f9be9e0742b45fd | | name | demo | | options | {} | | password_expires_at | None | +---------------------+----------------------------------+
$ openstack role create user +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | cbe4799bac204eacbf0012a77dc349c4 | | name | user | +-----------+----------------------------------+ $ openstack role add --project demo --user demo user
7、验证操作:
$ unset OS_AUTH_URL OS_PASSWORD $ openstack --os-auth-url http://controller:35357/v3 \ --os-project-domain-name Default --os-user-domain-name Default \ --os-project-name admin --os-username admin token issue Password: 123456 +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2018-09-12T09:43:34+0000 | | id | gAAAAABbmNG25wIya-0xFYb3zCW3ljtDTWnr8ZCpB4iAZPMfQnP-62EGiIr6aKEjO847h6jH5nNONRqeLXO2BC_bJ0O-b5Fwj2GZpYGWRSSucAU4Mh6MqLQzetbOsRCv9-ZGO6VQYkmr0cPTEm7kzuzUL2bwTcUCbAVCpuFvCnRUZ7Hu4FE5bAI | | project_id | 4a5e42dd8cbf410f85a5f145039d69a6 | | user_id | 2ffffa1e6cbe4d239bdacc9760a54dd5 | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ $ openstack --os-auth-url http://controller:5000/v3 \ --os-project-domain-name Default --os-user-domain-name Default \ --os-project-name demo --os-username demo token issue Password: 123456 +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2018-09-12T09:45:20+0000 | | id | gAAAAABbmNIgtMBObdQXwOlGu-HMLvKNTBZuYvVizTCn3aDJLMvqzQRTyjhfm5RjEkAgIWcYfal9TrjZan2VWL_AZ8cASpkBwoa0TQn_rWlZw1wh8xcDeb5XNES3jMNxhtZA87peDCnMkGJoMaJVhvkR4gsDQiIUmCImzjYv6ZvJjLgGEotBszY | | project_id | 5c4692ce6659454eb830e7e9633a09f1 | | user_id | 803e7ad2e94b4af39f9be9e0742b45fd | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
8、创建OpenStack客户端环境脚本:
# vi /root/admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=123456 export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 # vi /root/demo-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=123456 export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
9、使用脚本验证:
$ . admin-openrc $ openstack token issue +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2018-09-12T09:55:59+0000 | | id | gAAAAABbmNSfM00gw3qvJi-U8ytTcBxfuVhgNkETRa-gh3PqLp6Md9cW_5FfbkUL1nyQGW4Bg_XvvdIhSBv7fXRnbfyqGxTxOUloe7BmnWgM9LqLn8Fm2FLQp8qcuFamyW-9_FZA5SPqxbYS1Ozk6fO7TRDWAIWdzy5i0-qqB4Ypt6vQOyW-pqk | | project_id | 4a5e42dd8cbf410f85a5f145039d69a6 | | user_id | 2ffffa1e6cbe4d239bdacc9760a54dd5 | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+