fyggzb 2020-06-12
1. 创建keystone数据库并授权
mysql -uroot CREATE DATABASE keystone; GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone‘@‘localhost‘ IDENTIFIED BY ‘KEYSTONE_DBPASS‘; GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone‘@‘%‘ IDENTIFIED BY ‘KEYSTONE_DBPASS‘;
2. 安装keystone软件包
1 [ ~]# yum install openstack-keystone httpd mod_wsgi
3. 修改配置文件
cp -a /etc/keystone/keystone.conf{,.bak} grep -Ev "^$|#" /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf [ ~]# yum install -y openstack-utils [ ~]# openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:/keystone [ ~]# openstack-config --set /etc/keystone/keystone.conf token provider fernet
4. 填充数据库
1 [ ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化Fernet密钥存储库
这是新版本的OpenStack的新功能,在Train版本下,keystone不再使用简单的字符串作为临时token,而是使用下面创建的fernet的用户来运行keystone。同时,keystone也不再对管理员用户和普通用户的服务端点区分使用不同的端口5000和35357,而是只使用5000端口不再使用35357端口。
[ ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone [ ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone [ ~]# keystone-manage bootstrap --bootstrap-password ADMIN_PASS 5 --bootstrap-admin-url http://controller:5000/v3/ \ --bootstrap-internal-url http://controller:5000/v3/ \ --bootstrap-public-url http://controller:5000/v3/ \ --bootstrap-region-id RegionOne
5. 修改apache配置
1 [ ~]# echo "ServerName controller" >> /etc/httpd/conf/httpd.conf
创建wsgi配置文件软链接
1 [ ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
启动和开机自启动apache
1 [ ~]# systemctl enable httpd.service 2 [ ~]# systemctl start httpd.service
6. 初始化环境变量
[ ~]# cat >> ~/.bashrc << EOF export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 EOF [ ~]# source ~/.bashrc [ ~]# openstack token issue +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2020-01-09T14:53:57+0000 | | id | gAAAAABeFzB1bgQlTdO7E2x2UNvHWbtsd7KRipn0v-RhHaGwZzcnvE8bPsMwnh06CXVrwMkzGEV-VFLXZBICd3cJt5NZqLB_x-tZLmr8qiKZiK9yyiCCCZG3xncQUUQ8zTKcv02Nyz6CHA99AzRxWgetZFG1bAiHdfr1LxxsfR6ZuSsNYl0fLvU | | project_id | 8dd2972e6c0b4d99b100d087e35ad439 | | user_id | 656ea39f6bac482d8a0d0e49fc74e8a5 | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
7. 创建服务所使用的项目
[ ~]# openstack project create --domain default --description "Service Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | default | | enabled | True | | id | 7bc35b309acd46de99edbbefaf012de6 | | is_domain | False | | name | service | | options | {} | | parent_id | default | | tags | [] | +-------------+----------------------------------+
8. 创建user角色
[ ~]# openstack role create user +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | None | | domain_id | None | | id | 56b5ef9b944b4ecaa65b0313ab194f21 | | name | user | | options | {} | +-------------+----------------------------------+ [ ~]# openstack role list +----------------------------------+--------+ | ID | Name | +----------------------------------+--------+ | 19f4b5f6a4e74a72bd47acf56d918fdf | admin | | 22339e09b9864c58b33ec9f3ab8d0882 | member | | 56b5ef9b944b4ecaa65b0313ab194f21 | user | | ff4eb910bb184190a270b1813d028c4a | reader | +----------------------------------+--------+