Openstack+Ceph 安装及配置-02-Openstack-Yoga Keystone安装及配置

Openstack Yoga版本Keystone安装

配置数据库

mysql -u root -p
MariaDB [(none)]> CREATE DATABASE keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'Keystone123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'Keystone123';

安装及配置

注意多节点安装时要保证admin_token一致,不然其他节点无法启动

# yum install openstack-keystone httpd python3-mod_wsgi -y
# 生成token
# openssl rand -hex 10
749cc11656fc488b3c16
# vim /etc/keystone/keystone.conf
[DEFAULT]
admin_token = 749cc11656fc488b3c16
[database]
connection = mysql+pymysql://keystone:Keystone123@node-1/keystone
[token]
provider = fernet

#初始化Keystone数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone

#初始化Fernet密钥存储库
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

  

配置引导身份服务配置Apache HTTP 服务

keystone-manage bootstrap --bootstrap-password KeystoneAdmin123 --bootstrap-admin-url http://node-1:5000/v3/ --bootstrap-internal-url http://node-1:5000/v3/ --bootstrap-public-url http://node-1:5000/v3/ --bootstrap-region-id RegionOne

修改hosts文件加入controller81

vim /etc/httpd/conf/httpd.conf
ServerName controller81
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

启动服务

systemctl enable httpd.service
systemctl start httpd.service

配置环境变量

vim /root/admin-openrc
export OS_USERNAME=admin
export OS_PASSWORD=Keystone123
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller81:5000/v3
export OS_IDENTITY_API_VERSION=3

创建domain,project,users,和roles 实例,可以跳过

[root@node-1 ~]# openstack domain create --description "An Example Domain" example
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | An Example Domain |
| enabled | True |
| id | 19e5688b78014b9dbb979c4561eaab50 |
| name | example |
| options | {} |
| tags | [] |
+-------------+----------------------------------+
[root@node-1 ~]# openstack project create --domain default --description "Demo Project" myproject
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | d0ea57078430449a89f0c0bec28db64b |
| is_domain | False |
| name | myproject |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
[root@node-1 ~]# openstack user create --domain default --password-prompt myuser
User Password: 123456
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | abc4bdb737a949f7bca1e56c10c380fa |
| name | myuser |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@node-1 ~]# openstack role create myrole
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| domain_id | None |
| id | 4cb8936167534b898261b40e247c62ac |
| name | myrole |
| options | {} |
+-------------+----------------------------------+

添加role到project,可以跳过

[root@node-1 ~]# openstack role add --project myproject --user myuser myrole

验证

unset OS_AUTH_URL OS_PASSWORD
[root@node-1 ~]# openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue
Password: 123456
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2022-02-28T09:48:12+0000 |
| id | gAAAAABiHIxMDRrdaSdoo6QNNUQfGNR4ZePOsmgu0MBgIb2hBEz9L9rGR4gBH5axmqt2iJA1WE6ymCfl20H3pGhm3giPnplMFiaUSB6WnWLhEMbrUKTKbknqk8TInuQy-aZsFvIdt-dNWlNUOwo6tMiV3fFaNcqhkFeggbLCny9vzooXzCG5l4Q |
| project_id | d0ea57078430449a89f0c0bec28db64b |
| user_id | abc4bdb737a949f7bca1e56c10c380fa |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@node-1 ~]# source admin-openrc
[root@node-1 ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2022-02-28T09:51:27+0000 |
| id | gAAAAABiHI0POcDsH5glgb-hrBi0o7m2DcVtA_zwCMWTjkCVd7_40hZqEhIfrlB5ZQOcTWu8oMbR6UtzK4lIyTrW8FQYIME9wFM6c4Xj74cqTZ2nwbuKqxDmvHbzAreGr5b7AbAQKgHJhTETPH-cMu5s4grIdedj_qhQsWeJ4bp5ab8-YCDQpu0 |
| project_id | 9ddd4836df1c45f9bb41d78b97e27a24 |
| user_id | 37f983da79d844fa84857f59a8efdbdf |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

  

 

posted @ 2023-02-09 16:49  苦逼挨踢男  阅读(93)  评论(0)    收藏  举报