Openstack Keystone和Swift的集成操作

zuopaide 2012-05-28

因为机器有限,此次此时仅仅使用swift的ALLINONE安装模式.Keystone的安装和swift安装都在同一机器上运行。

此次的记录并未记录swiftALLINONE的安装方法,仅仅记录keystone如何与swiftallinONe方式进行集成完成鉴权

系统:Ubuntu10.04

/**拷贝项目到本地**/--需要安装gitsudoapt-getinstallgit

gitclonehttps://github.com/openstack/keystone.git

gitclonehttps://github.com/openstack/python-keystoneclient.git

/**下载所需工具包**/

sudoapt-getinstallpython-devlibxml2-devlibxslt1-devlibsasl2-devlibsqlite3-devlibssl-devlibldap2-dev[同时下载镜像慢会报错,最好分开下载]

sudoapt-getinstallsqlitebrowser

/**创建用户或者使用root用户进行操作/

sudosu

/**进入keystone文件夹下**/

cdkeystone

/**安装VirtualEnv**/

sudopythontools/install_venv.py[无异常就生成成功,操作最好以root]

(这步操作也同时下载了pip-requires和test-requires所需的包)

/**切换到新创建的虚拟环境中**/

source.vent/bin/activate

[停用虚拟环境]deactivate

/**安装KeyStone**/

如需在虚拟环境外也可使用keystone命令行

sudopiptools/pip-requires

sudopiptools/test-requires

sudopythonsetup.pydevelop

/**测试keystone引用**/

sudopython

>>>importkeystone

>>>

/**将示例用来启动keystone的配置文件还原**/[当前还在keystone文件目录下,目录下有etc]

cpetc/keystone.conf.sampleetc/keystone.conf

*******************这里我选择的是SQLite存储方式,可以更换为其他数据库或者是基于文件的存储。记住更改内面引用的user**********

/**测试以前的swift是否能够跑通(鉴权方式并非keystone的时候)**/

swift-initmainstart

curl-v-H'X-Storage-User:test:tester'-H'X-Storage-Pass:testing'http://127.0.0.1:8080/auth/v1.0

(能够返回200或者204的话,说明运行通畅,可以先暂时停掉swift了,因为后续要修改proxy-server.conf)

/**开启keystone**/

cd~/keystone

bin/keystone-all

/**运行数据库初始化**/

sudobin/keystone-managedb_sync

/**根据配置文件的token的来创建租户,用户,角色**/

(使用的是python-keystoneclient.git项目)

exportSERVICE_TOKEN="在keystone安装目录下etc/keystone.conf中的Token值"

exportSERVICE_ENDPOINT="http://localhost:35357/v2.0"

/**创建租户**/[ROOT]

keystonetenant-create--name=service

信息:id=d871847839fa4fbabd08950221917028

/**创建用户**/[ROOT]

keystoneuser-create--name=admin--pass=admin--email=si.li@boventech.com

信息:id=1071f434270e4f7aa36f433be788d17b

/**创建ROLE**/

keystonerole-create--name=admin

信息:id=07c69b2da1e041c1800238f0120db2a9

keystonerole-create--name=Member

信息:id=460e5db0aeb54d9e9c6c446f778e64f6

/**AddRolestoUsersINTenants**/

keystoneuser-role-add--user[这里放用户ID]--role[这里放角色ID]--tenant_id[这里放tenantID]

/**配置KeyStone的Service**/

keystoneservice-create--name=keystone--type=identity--description="KeystoneIdentityService"

+-------------+----------------------------------+

|Property|Value|

+-------------+----------------------------------+

|description|KeystoneIdentityService|

|id|b6b28e55990f428bacd2ca45f64799ce|

|name|keystone|

|type|identity|

//+-------------+----------------------------------+

//配置KeystoneService的endpoint

keystoneendpoint-create--regionRegionOne

--service_idb6b28e55990f428bacd2ca45f64799ce

--publicurl'http://localhost:5000/v2.0'

--adminurl'http://localhost:35357/v2.0'

--internalurl'http://localhost:5000/v2.0'

/**配置Swift的Service**/

keystoneservice-create--name=swift--type="object-store"--description="SwiftService"

+-------------+----------------------------------+

|Property|Value|

+-------------+----------------------------------+

|description|SwiftService|

|id|004608f103714d81aa3e01b79913789b|

|name|swift|

|type|object-store|

+-------------+----------------------------------+

//创建管理Swift的User

keystoneuser-create--name=swift--pass=admin--tenant_idd871847839fa4fbabd08950221917028--email=si.li@boventech.com

信息:id=8651d459557c474389bca64a9346f70a

//将名称为"admin"的角色权限配置给用户名为"swift"的用户到"service"的租户管理中

keystoneuser-role-add--tenant_id{tenant_id}--user{user_id}--role{rule_id}

//为SwiftService配置endpoint

keystoneendpoint-create--regionRegionOne

--service_id004608f103714d81aa3e01b79913789b

--publicurl'http://localhost:8080/v1/AUTH_{tenantID}'

--adminurl'http://localhost:8080/'

--internalurl'http://localhost:8080/v1/AUTH_{tenantID}'

/**创建完毕后检查Sqlite3内存储的信息是否已经加进去了**/

sqlite3keystone.db

SQLiteversion3.6.22

Enter".help"forinstructions

EnterSQLstatementsterminatedwitha";"

sqlite>.tables

sqlite>select*fromservice;

sqlite>select*fromuser;

sqlite>select*from....;

或者打开图形界面

sudosqlitebrowser

*************************************配置swift/proxy-server.conf*********************

[DEFAULT]

bind_port=8080

user=sili

[pipeline:main]

pipeline=catch_errorshealthcheckcacheauthtokenkeystoneproxy-server

[app:proxy-server]

use=egg:swift#proxy

account_autocreate=true

[filter:keystone]

paste.filter_factory=keystone.middleware.swift_auth:filter_factory

operator_roles=admin,Member

[filter:authtoken]

paste.filter_factory=keystone.middleware.auth_token:filter_factory

#Delayingtheauthdecisionisrequiredtosupporttoken-less

#usageforanonymousreferrers('.r:*').

delay_auth_decision=0

service_port=5000

service_host=127.0.0.1

auth_port=35357

auth_host=127.0.0.1

auth_uri=http://127.0.0.1:5000/

auth_token=ADMIN

admin_token=ADMIN

auth_protocol=http

[filter:cache]

use=egg:swift#memcache

setlog_name=cache

[filter:catch_errors]

use=egg:swift#catch_errors

[filter:healthcheck]

use=egg:swift#healthcheck

**************************************************************************************

//开启swift

swift-initproxystart

swift-initallstart

//测试

/**测试keystone在节点上是否完好**/

curl-d'{"auth":{"tenantName":"service","passwordCredentials":{"username":"swift","password":"admin"}}}'-H"Content-type:application/json"http://localhost:5000/v2.0/tokens|python-mjson.tool

/**测试swift集成**/

swift-Ahttp://localhost:5000/v2.0-Uservice:swift-Kadminstat-V2

相关推荐