OpenStack-T版Keystone服务

keystone 服务

连接数据库

#mysql ‐u root ‐p000000

创建keystone数据库:

#CREATE DATABASE keystone;

授予对keystone数据库的适当访问权限:

#GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '000000';
#GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'IDENTIFIED BY '000000';

退出数据库

img

安装软件包

#yum install openstack-keystone httpd mod_wsgi -y

编辑配置文件

#vim  /etc/keystone/keystone.conf

[database]

connection = mysql+pymysql://keystone:000000@controller/keystone

[token]

provider = fernet

img

img

填充身份服务并查看数据库:

#su -s /bin/sh -c "keystone-manage db_sync" keystone

img

初始化Fernet密钥存储库:

#keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
#keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

img

引导身份服务:

# keystone-manage bootstrap --bootstrap-password 000000 \
   --bootstrap-admin-url http://controller:5000/v3/ \
   --bootstrap-internal-url http://controller:5000/v3/ \
   --bootstrap-public-url http://controller:5000/v3/ \
   --bootstrap-region-id RegionOne

img

配置 Apache HTTP 服务器

#vim  /etc/httpd/conf/httpd.conf

添加:ServerName controller

img

创建到/usr/share/keystone/wsgi-keystone.conf文件的链接:

#ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

启动 Apache http 服务

#systemctl restart httpd.service
#systemctl enable httpd.service
#systemctl status httpd.service

img

通过设置适当的环境变量来配置管理帐户:

#export OS_USERNAME=admin
#export OS_PASSWORD=000000
#export OS_PROJECT_NAME=admin
#export OS_USER_DOMAIN_NAME=Default
#export OS_PROJECT_DOMAIN_NAME=Default
#export OS_AUTH_URL=http://controller:5000/v3
#export OS_IDENTITY_API_VERSION=3

img

创建域,项目,用户和角色

创建An Example Domain域

#openstack domain create --description "An Example Domain" example

img

添加到环境的每个服务的唯一用户。创建项目:service

#openstack project create --domain default  --description "Service Project" service

img

创建项目:myproject

#openstack project create --domain default --description "Demo Project" myproject

img

创建用户:myuser

#openstack user create --domain default --password-prompt myuser

img

创建角色:myrole

#openstack role create myrole

img

将角色添加到项目和用户:myrole myproject myuser

#openstack role add --project myproject --user myuser myrole

img

验证

取消设置临时OS_AUTH_URL和OS_PASSWORD环境变量:

#unset OS_AUTH_URL OS_PASSWORD

作为用户,请求身份验证令牌:admin

#openstack --os-auth-url http://controller:5000/v3 \

--os-project-domain-name Default --os-user-domain-name Default \

--os-project-name admin --os-username admin token issue

img

请求身份验证令牌:myuser

#openstack --os-auth-url http://controller:5000/v3 \

--os-project-domain-name Default --os-user-domain-name Default \

--os-project-name myproject --os-username myuser token issue

img

创建 OpenStack 客户端环境脚本

admin-openrc 环境变量

#vim  admin-openrc

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=000000

export OS_AUTH_URL=http://controller:5000/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

img

demo-openrc 环境变量

#vim  demo-openrc

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=myproject

export OS_USERNAME=myuser

export OS_PASSWORD=000000

export OS_AUTH_URL=http://controller:5000/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

img

填充环境变量

#. admin-openrc

请求身份验证令牌:

#openstack token issue

img

posted @ 2022-08-08 12:12  栩生  阅读(164)  评论(0)    收藏  举报